C45-2019-12-14-3 2/3

Indicator of Compromise (IOC)	Date Published	IOC Type
5928dd708f5190db002c2ac530f61b994ef6667e59894ae7f085296e451cb06d	14/12/2019	SHA-256
147eace098585f42a45f6a1cabeb4885f47038f1da2e8dbf700795b7f5176165	14/12/2019	SHA-256
deb94515bf4c10daa7c26a3c0fa8ed837ee3ad54176a9d4d3d1b5c6230a2447c	14/12/2019	SHA-256
59ef7cbae939ff16e921afa54d76b2ed960a7c982fd1b41b318e2e840fa67690	14/12/2019	SHA-256
472334c6964fa75128a812e1f819693c4a3b19d43466fb01e88d16a04366487b	14/12/2019	SHA-256
HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5 1 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE Value Name	14/12/2019	Win_Registry
c865ae6939ddc9a42481a4f2d410a928f11837e807dbd8d6dad867c13b58019e	14/12/2019	SHA-256
HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES 33 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER 32 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER Value Name	14/12/2019	Win_Registry
02deef08e12b0ca6d311bd47d984587fc2eacee659bccd5b03f470d04baf7fda	14/12/2019	SHA-256
HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000001F5 Value Name	14/12/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORKLIST\NLA\CACHE\INTRANET Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\BROWSER Value Name	14/12/2019	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name	14/12/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	14/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES Value Name	14/12/2019	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\	14/12/2019	Win_Registry
HKLM\SOFTWARE\CLASSES\CLSID	14/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name	14/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name	14/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\DIRECT3D Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name	14/12/2019	Win_Registry
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\PIWCBJPE 1 Mutexes Occurrences Global\	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name	14/12/2019	Win_Registry
HKCU\	14/12/2019	Win_Registry
HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5 Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\KDRXWEKZ Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\PIWCBJPE Value Name	14/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\IAM Value Name	14/12/2019	Win_Registry
HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003E9 Value Name	14/12/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name	14/12/2019	Win_Registry
HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003EC Value Name	14/12/2019	Win_Registry
HKCR\CLSID	14/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 6 HKCU\SOFTWARE\	14/12/2019	Win_Registry
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE	14/12/2019	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES 2 HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name	14/12/2019	Win_Registry
HKCU\SOFTWARE\WINRAR Value Name	14/12/2019	Win_Registry
HKCU\SOFTWARE\WINRAR 10 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	14/12/2019	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS Value Name	14/12/2019	Win_Registry
3852da85c0d4541fea5bb3812eaec3b7247aae76c57c6a4ad7271b76d50acb8d	14/12/2019	SHA-256
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name	14/12/2019	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name	14/12/2019	Win_Registry
245aa365f4df9a087650d523cfb5685f5e0a22faf3948de28e4516ff7574daec	14/12/2019	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name	14/12/2019	Win_Registry
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ACTIVE SETUP 2 HKCU\	14/12/2019	Win_Registry
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT 2 HKCU\	14/12/2019	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name	14/12/2019	Win_Registry

5928dd708f5190db002c2ac530f61b994ef6667e59894ae7f085296e451cb06d

14/12/2019

SHA-256

147eace098585f42a45f6a1cabeb4885f47038f1da2e8dbf700795b7f5176165

14/12/2019

SHA-256

deb94515bf4c10daa7c26a3c0fa8ed837ee3ad54176a9d4d3d1b5c6230a2447c

14/12/2019

SHA-256

59ef7cbae939ff16e921afa54d76b2ed960a7c982fd1b41b318e2e840fa67690

14/12/2019

SHA-256

472334c6964fa75128a812e1f819693c4a3b19d43466fb01e88d16a04366487b

14/12/2019

SHA-256

HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5 1 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE Value Name

14/12/2019

Win_Registry

c865ae6939ddc9a42481a4f2d410a928f11837e807dbd8d6dad867c13b58019e

14/12/2019

SHA-256

HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES 33 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER 32 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER Value Name

14/12/2019

Win_Registry

02deef08e12b0ca6d311bd47d984587fc2eacee659bccd5b03f470d04baf7fda

14/12/2019

SHA-256

HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000001F5 Value Name

14/12/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORKLIST\NLA\CACHE\INTRANET Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\BROWSER Value Name

14/12/2019

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name

14/12/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

14/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES Value Name

14/12/2019

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\

14/12/2019

Win_Registry

HKLM\SOFTWARE\CLASSES\CLSID

14/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name

14/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name

14/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\DIRECT3D Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name

14/12/2019

Win_Registry

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\PIWCBJPE 1 Mutexes Occurrences Global\

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name

14/12/2019

Win_Registry

HKCU\

14/12/2019

Win_Registry

HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5 Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\KDRXWEKZ Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\PIWCBJPE Value Name

14/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\IAM Value Name

14/12/2019

Win_Registry

HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003E9 Value Name

14/12/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name

14/12/2019

Win_Registry

HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003EC Value Name

14/12/2019

Win_Registry

HKCR\CLSID

14/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 6 HKCU\SOFTWARE\

14/12/2019

Win_Registry

HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE

14/12/2019

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES 2 HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name

14/12/2019

Win_Registry

HKCU\SOFTWARE\WINRAR Value Name

14/12/2019

Win_Registry

HKCU\SOFTWARE\WINRAR 10 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

14/12/2019

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS Value Name

14/12/2019

Win_Registry

3852da85c0d4541fea5bb3812eaec3b7247aae76c57c6a4ad7271b76d50acb8d

14/12/2019

SHA-256

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name

14/12/2019

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name

14/12/2019

Win_Registry

245aa365f4df9a087650d523cfb5685f5e0a22faf3948de28e4516ff7574daec

14/12/2019

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name

14/12/2019

Win_Registry

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ACTIVE SETUP 2 HKCU\

14/12/2019

Win_Registry

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT 2 HKCU\

14/12/2019

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name

14/12/2019

Win_Registry

CYBER45

Threat Roundup for December 6 to December 13

C45-2019-12-14-3

Indicators of Compromise (IOC) List