C45-2019-12-07-9

Indicator of Compromise (IOC)	Date Published	IOC Type
HKLM\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\SCHANNEL\PROTOCOLS\PCT1.0 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\PAYMENT\OPTIONS 1 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\E329CA0B2964C410BA3C5D228A13B27D733D7F9999DEE5A6511F91EA891473A9.EXE Value Name	07/12/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\	07/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\CONTROL\LSA Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\2374D2482BFECB87307D036B7E9750A0C28738C8A0AFD4ABF60A9B9EA3B81E83\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\E329CA0B2964C410BA3C5D228A13B27D733D7F9999DEE5A6511F91EA891473A9\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\2374D2482BFECB87307D036B7E9750A0C28738C8A0AFD4ABF60A9B9EA3B81E83\OPTIONS Value Name	07/12/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ONDEMANDINTERFACECACHE 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\1\APPLICATIONVIEWMANAGEMENT\W32	07/12/2019	Win_Registry
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\1\APPLICATIONVIEWMANAGEMENT\W32	07/12/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674.EXE 1 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\E329CA0B2964C410BA3C5D228A13B27D733D7F9999DEE5A6511F91EA891473A9.EXE 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\PAYMENT 1 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674.EXE Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\QUOTATION 2 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\QUOTATION\OPTIONS 2 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\FILENAME 2 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\FILENAME\OPTIONS 2 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\46646D0F2E8E990ABE331586D98FE95A61DC40D7CB2C05144A09FD8B956F7526.EXE Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS 17 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\SETTINGS\LEAKDIAGNOSISATTEMPTED 12 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\QUOTATION.EXE 2 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\QUOTATION.EXE Value Name	07/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\SCHANNEL\PROTOCOLS\PCT1.0\SERVER 2 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\938456E91538B5F4267BEDB11D8CCA26229F3DBDB3C24FF3A1132F3970C0D24A\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\938456E91538B5F4267BEDB11D8CCA26229F3DBDB3C24FF3A1132F3970C0D24A\OPTIONS Value Name	07/12/2019	Win_Registry
HKCU\PRINTERS\DEFAULTS 12 HKLM\BCD00000000\OBJECTS	07/12/2019	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674\OPTIONS Value Name	07/12/2019	Win_Registry
12c7c57286a5c532800495f1b9c8c5415dbaf5539aec177009845e9ac3508be3	07/12/2019	SHA-256
HKLM\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\SCHANNEL\PROTOCOLS\PCT1.0\SERVER Value Name	07/12/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SYSTEMRESTORE Value Name	07/12/2019	Win_Registry
109ca5f094a4e98b6dac4191043bcbc4a9e849a456ca581226f42fdd7812966a	07/12/2019	SHA-256
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\PRIVACY Value Name	07/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WUAUSERV Value Name	07/12/2019	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS	07/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	07/12/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name	07/12/2019	Win_Registry
1564fc8499c21f5426c4f15aaab34acc8936b43df39464f88003209c0ae3ea17	07/12/2019	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\FUNCSITKA Value Name	07/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\random	07/12/2019	Win_Registry
e2ac54ca79debd49bbe0efc028d43f6793f23a903f4410003c0eba709cdff406	07/12/2019	SHA-256
HKU\.DEFAULT\CONTROL PANEL\BUSES 14 HKLM\SYSTEM\CONTROLSET001\SERVICES\random	07/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\TITLEHANT Value Name	07/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\TITLEHANT 2 HKLM\SYSTEM\CONTROLSET001\SERVICES\TITLEHANT Value Name	07/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\LANMANSERVER\PARAMETERS Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\PAYMENT\OPTIONS Value Name	07/12/2019	Win_Registry
HKCU\SOFTWARE\NETWIRE 14 HKCU\SOFTWARE\NETWIRE Value Name	07/12/2019	Win_Registry
HKCU\CONTROL PANEL\DESKTOP Value Name	07/12/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	07/12/2019	Win_Registry
e3ced6661c4f5fd339cba232c6693c79d30dd5bc8db5882e7a86e959537af18d	07/12/2019	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\FUNCSITKA 13 HKLM\SYSTEM\CONTROLSET001\SERVICES\FUNCSITKA Value Name	07/12/2019	Win_Registry
2c9b1c7443421bc46987ae098dd00fa013b9722dfe6b6b518c3ab474d888d984	07/12/2019	SHA-256
cfc2091a57f78ac04de77c5dd72aae7be27d5633d87b0d104430f50ade7b6a73	07/12/2019	SHA-256
63eb4701bed59eeeeb937dcae9d28631c98c886cf4a72e38e851a0725641922f	07/12/2019	SHA-256
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS	07/12/2019	Win_Registry
64a3e41af01cf5443314c0d49d7a83f081c99dbadda2dfe2af5d93ff49464f4b	07/12/2019	SHA-256
HKLM\BCD00000000\OBJECTS	07/12/2019	Win_Registry
c0c1e55d87fc372bba9454d65f4f99b64ee2002743f4195cba72bae642beb7f9	07/12/2019	SHA-256
9c88188624210f684d7aab8447c2fb50882139cca5d1bdac72838c4e76650251	07/12/2019	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS Value Name	07/12/2019	Win_Registry
0dd6bc63d982e053c01753cb5819362827bde9338b3d28a0b17669c0523489e0	07/12/2019	SHA-256

HKLM\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\SCHANNEL\PROTOCOLS\PCT1.0 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\PAYMENT\OPTIONS 1 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\E329CA0B2964C410BA3C5D228A13B27D733D7F9999DEE5A6511F91EA891473A9.EXE Value Name

07/12/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\

07/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\CONTROL\LSA Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\2374D2482BFECB87307D036B7E9750A0C28738C8A0AFD4ABF60A9B9EA3B81E83\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\E329CA0B2964C410BA3C5D228A13B27D733D7F9999DEE5A6511F91EA891473A9\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\2374D2482BFECB87307D036B7E9750A0C28738C8A0AFD4ABF60A9B9EA3B81E83\OPTIONS Value Name

07/12/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ONDEMANDINTERFACECACHE 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\1\APPLICATIONVIEWMANAGEMENT\W32

07/12/2019

Win_Registry

HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\1\APPLICATIONVIEWMANAGEMENT\W32

07/12/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674.EXE 1 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\E329CA0B2964C410BA3C5D228A13B27D733D7F9999DEE5A6511F91EA891473A9.EXE 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\PAYMENT 1 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674.EXE Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\QUOTATION 2 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\QUOTATION\OPTIONS 2 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\FILENAME 2 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\FILENAME\OPTIONS 2 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\46646D0F2E8E990ABE331586D98FE95A61DC40D7CB2C05144A09FD8B956F7526.EXE Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS 17 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\SETTINGS\LEAKDIAGNOSISATTEMPTED 12 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\QUOTATION.EXE 2 HKLM\SOFTWARE\MICROSOFT\RADAR\HEAPLEAKDETECTION\DIAGNOSEDAPPLICATIONS\QUOTATION.EXE Value Name

07/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\SCHANNEL\PROTOCOLS\PCT1.0\SERVER 2 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\938456E91538B5F4267BEDB11D8CCA26229F3DBDB3C24FF3A1132F3970C0D24A\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\938456E91538B5F4267BEDB11D8CCA26229F3DBDB3C24FF3A1132F3970C0D24A\OPTIONS Value Name

07/12/2019

Win_Registry

HKCU\PRINTERS\DEFAULTS 12 HKLM\BCD00000000\OBJECTS

07/12/2019

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674\OPTIONS 1 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\02B5EF62978197B43A62D05DE25C67A67CB1B4A0F09111E79CC83688E7881674\OPTIONS Value Name

07/12/2019

Win_Registry

12c7c57286a5c532800495f1b9c8c5415dbaf5539aec177009845e9ac3508be3

07/12/2019

SHA-256

HKLM\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\SCHANNEL\PROTOCOLS\PCT1.0\SERVER Value Name

07/12/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SYSTEMRESTORE Value Name

07/12/2019

Win_Registry

109ca5f094a4e98b6dac4191043bcbc4a9e849a456ca581226f42fdd7812966a

07/12/2019

SHA-256

HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\PRIVACY Value Name

07/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WUAUSERV Value Name

07/12/2019

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS

07/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

07/12/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name

07/12/2019

Win_Registry

1564fc8499c21f5426c4f15aaab34acc8936b43df39464f88003209c0ae3ea17

07/12/2019

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\FUNCSITKA Value Name

07/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\random

07/12/2019

Win_Registry

e2ac54ca79debd49bbe0efc028d43f6793f23a903f4410003c0eba709cdff406

07/12/2019

SHA-256

HKU\.DEFAULT\CONTROL PANEL\BUSES 14 HKLM\SYSTEM\CONTROLSET001\SERVICES\random

07/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\TITLEHANT Value Name

07/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\TITLEHANT 2 HKLM\SYSTEM\CONTROLSET001\SERVICES\TITLEHANT Value Name

07/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\LANMANSERVER\PARAMETERS Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\PAYMENT\OPTIONS Value Name

07/12/2019

Win_Registry

HKCU\SOFTWARE\NETWIRE 14 HKCU\SOFTWARE\NETWIRE Value Name

07/12/2019

Win_Registry

HKCU\CONTROL PANEL\DESKTOP Value Name

07/12/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

07/12/2019

Win_Registry

e3ced6661c4f5fd339cba232c6693c79d30dd5bc8db5882e7a86e959537af18d

07/12/2019

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\FUNCSITKA 13 HKLM\SYSTEM\CONTROLSET001\SERVICES\FUNCSITKA Value Name

07/12/2019

Win_Registry

2c9b1c7443421bc46987ae098dd00fa013b9722dfe6b6b518c3ab474d888d984

07/12/2019

SHA-256

cfc2091a57f78ac04de77c5dd72aae7be27d5633d87b0d104430f50ade7b6a73

07/12/2019

SHA-256

63eb4701bed59eeeeb937dcae9d28631c98c886cf4a72e38e851a0725641922f

07/12/2019

SHA-256

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS

07/12/2019

Win_Registry

64a3e41af01cf5443314c0d49d7a83f081c99dbadda2dfe2af5d93ff49464f4b

07/12/2019

SHA-256

HKLM\BCD00000000\OBJECTS

07/12/2019

Win_Registry

c0c1e55d87fc372bba9454d65f4f99b64ee2002743f4195cba72bae642beb7f9

07/12/2019

SHA-256

9c88188624210f684d7aab8447c2fb50882139cca5d1bdac72838c4e76650251

07/12/2019

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS Value Name

07/12/2019

Win_Registry

0dd6bc63d982e053c01753cb5819362827bde9338b3d28a0b17669c0523489e0

07/12/2019

SHA-256

CYBER45

Threat Roundup for November 29 to December 6

C45-2019-12-07-9

Indicators of Compromise (IOC) List