C45-2019-11-09-1

Indicator of Compromise (IOC)	Date Published	IOC Type
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM 1 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION 1 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION\EXPLORERN 1 Mutexes Occurrences	09/11/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY 3 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\PIXEDFU 3 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\PIXEDFU Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER 26 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER\REAL-TIME PROTECTION 26 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER\REAL-TIME PROTECTION Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\CLASSES\CLSID	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\	09/11/2019	Win_Registry
HKCR\CLSID	09/11/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\BROWSER Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION\EXPLORERN Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\	09/11/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\PIXEDFU Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 13 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SPOOLERIPSPS Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER\REAL-TIME PROTECTION Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\YNRVKCYV3 Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name	09/11/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SPOOLERIPSPS 115 HKLM\SYSTEM\CONTROLSET001\SERVICES\SPOOLERIPSPS Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS	09/11/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\random	09/11/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\XVYG Value Name	09/11/2019	Win_Registry
HKCR\7B507\SHELL\OPEN\COMMAND 25 HKLM\SOFTWARE\WOW6432NODE\XVYG Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\XVYG Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\XVYG 25 HKLM\SOFTWARE\WOW6432NODE\XVYG 25 HKLM\SOFTWARE\WOW6432NODE\XVYG Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE Value Name	09/11/2019	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE Value Name	09/11/2019	Win_Registry
HKCR\.16A05D 25 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\XLR4615DFT-CRBSFT Value Name	09/11/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	09/11/2019	Win_Registry
CD5F520B00FF264246AA4685031109F6	09/11/2019	MD5
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	09/11/2019	Win_Registry
0f210b532df043a6b654d5b43088f74f	09/11/2019	MD5
ec683faba46071aa2c11667714ee9d1abbbc1b4a6d6d024b77fc97e497eb5673	09/11/2019	SHA-256
e8a06267aade079e638ab09d0ca9b2697079be1292c237846f93bf802d9c8746	09/11/2019	SHA-256
12EAEF0D255F4C3289F8C16727C42FE6	09/11/2019	MD5
20410F1A046679B6EE5BB84B050B5D6A	09/11/2019	MD5
DAC9024F54D8F6DF94935FB1732638CA6AD77C13	09/11/2019	SHA-1
a026a103b42e4fd2a1b1b21931983d477e53b94210900f2a464cf71dd4868f27	09/11/2019	SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM 1 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION 1 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION\EXPLORERN 1 Mutexes Occurrences

09/11/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY 3 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\PIXEDFU 3 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\PIXEDFU Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER 26 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER\REAL-TIME PROTECTION 26 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER\REAL-TIME PROTECTION Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\CLASSES\CLSID

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\

09/11/2019

Win_Registry

HKCR\CLSID

09/11/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\BROWSER Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION\EXPLORERN Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\

09/11/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\PIXEDFU Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 13 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SPOOLERIPSPS Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS DEFENDER\REAL-TIME PROTECTION Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\YNRVKCYV3 Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name

09/11/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SPOOLERIPSPS 115 HKLM\SYSTEM\CONTROLSET001\SERVICES\SPOOLERIPSPS Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS

09/11/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\random

09/11/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\XVYG Value Name

09/11/2019

Win_Registry

HKCR\7B507\SHELL\OPEN\COMMAND 25 HKLM\SOFTWARE\WOW6432NODE\XVYG Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\XVYG Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\XVYG 25 HKLM\SOFTWARE\WOW6432NODE\XVYG 25 HKLM\SOFTWARE\WOW6432NODE\XVYG Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE Value Name

09/11/2019

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE Value Name

09/11/2019

Win_Registry

HKCR\.16A05D 25 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\XLR4615DFT-CRBSFT Value Name

09/11/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

09/11/2019

Win_Registry

CD5F520B00FF264246AA4685031109F6

09/11/2019

MD5

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

09/11/2019

Win_Registry

0f210b532df043a6b654d5b43088f74f

09/11/2019

MD5

ec683faba46071aa2c11667714ee9d1abbbc1b4a6d6d024b77fc97e497eb5673

09/11/2019

SHA-256

e8a06267aade079e638ab09d0ca9b2697079be1292c237846f93bf802d9c8746

09/11/2019

SHA-256

12EAEF0D255F4C3289F8C16727C42FE6

09/11/2019

MD5

20410F1A046679B6EE5BB84B050B5D6A

09/11/2019

MD5

DAC9024F54D8F6DF94935FB1732638CA6AD77C13

09/11/2019

SHA-1

a026a103b42e4fd2a1b1b21931983d477e53b94210900f2a464cf71dd4868f27

09/11/2019

SHA-256

CYBER45

Threat Roundup for November 1 to November 8

C45-2019-11-09-1

Indicators of Compromise (IOC) List