C45-2019-10-19-7

Indicator of Compromise (IOC)	Date Published	IOC Type
HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY 26 HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY\PENDINGGPOS 26 HKCU\SOFTWARE\APPDATALOW Value Name	19/10/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 14 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\LAYERS 14 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\AUTHORIZEDAPPLICATIONS\LIST 14 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name	19/10/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PROFILELIST\S-1-5-21-2580483871-590521980-3826313501-500 Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\LAYERS Value Name	19/10/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Value Name	19/10/2019	Win_Registry
HKCU\SOFTWARE\REMCOS-8N5JSJ 25 HKCU\SOFTWARE\REMCOS-8N5JSJ Value Name	19/10/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY\PENDINGGPOS Value Name	19/10/2019	Win_Registry
HKCU\SOFTWARE\APPDATALOW Value Name	19/10/2019	Win_Registry
HKCU\SOFTWARE\REMCOS-8N5JSJ Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND 25 Mutexes Occurrences MutexPolesskayaGlush	19/10/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\88-22-E5-B6-57-EE Value Name	19/10/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\IEAK 26 HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY\PENDINGGPOS Value Name	19/10/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\4A-80-98-B4-22-0C Value Name	19/10/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES Value Name	19/10/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\MINIMUMPIXEL 24 HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD	19/10/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\MINIMUMPIXEL Value Name	19/10/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD	19/10/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY Value Name	19/10/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVWSC.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FACT.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDGUI.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVSCANAVSHADOW.EXE Value Name	19/10/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVUPGSVC.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVWEBLOADER.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVNOTIFY.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NETSCAPE.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFARI.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UPDATER.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CRASHREPORTER.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OPERA.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HELPER.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FILEMON.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PORTMON.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCMON.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRCKILLER.EXE Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GPEDIT.EXE Value Name	19/10/2019	Win_Registry
e46c7b72ff1458e2a0937c445029063a88e2af9833e034f5ff539a3efc26e44b	19/10/2019	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	19/10/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	19/10/2019	Win_Registry

HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY 26 HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY\PENDINGGPOS 26 HKCU\SOFTWARE\APPDATALOW Value Name

19/10/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 14 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\LAYERS 14 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\AUTHORIZEDAPPLICATIONS\LIST 14 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name

19/10/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PROFILELIST\S-1-5-21-2580483871-590521980-3826313501-500 Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\LAYERS Value Name

19/10/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Value Name

19/10/2019

Win_Registry

HKCU\SOFTWARE\REMCOS-8N5JSJ 25 HKCU\SOFTWARE\REMCOS-8N5JSJ Value Name

19/10/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY\PENDINGGPOS Value Name

19/10/2019

Win_Registry

HKCU\SOFTWARE\APPDATALOW Value Name

19/10/2019

Win_Registry

HKCU\SOFTWARE\REMCOS-8N5JSJ Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND 25 Mutexes Occurrences MutexPolesskayaGlush

19/10/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\88-22-E5-B6-57-EE Value Name

19/10/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\IEAK 26 HKCU\SOFTWARE\MICROSOFT\IEAK\GROUPPOLICY\PENDINGGPOS Value Name

19/10/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\4A-80-98-B4-22-0C Value Name

19/10/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\COOKIES Value Name

19/10/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\MINIMUMPIXEL 24 HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD

19/10/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\MINIMUMPIXEL Value Name

19/10/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD

19/10/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\HISTORY Value Name

19/10/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\CACHE\CONTENT Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVWSC.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FACT.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDGUI.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVSCANAVSHADOW.EXE Value Name

19/10/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVUPGSVC.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVWEBLOADER.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVNOTIFY.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NETSCAPE.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFARI.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UPDATER.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CRASHREPORTER.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OPERA.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HELPER.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FILEMON.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PORTMON.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCMON.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRCKILLER.EXE Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GPEDIT.EXE Value Name

19/10/2019

Win_Registry

e46c7b72ff1458e2a0937c445029063a88e2af9833e034f5ff539a3efc26e44b

19/10/2019

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

19/10/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

19/10/2019

Win_Registry

CYBER45

Threat Roundup for October 11 to October 18

C45-2019-10-19-7

Indicators of Compromise (IOC) List