C45-2020-02-15-2

Indicator of Compromise (IOC)	Date Published	IOC Type
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 11 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name	15/02/2020	Win_Registry
HKCR\C3B61 15 HKCR\C3B61\SHELL 15 HKCR\C3B61\SHELL\OPEN 15 HKCR\C3B61\SHELL\OPEN\COMMAND 15 HKCR\.8CA9D7 15 HKLM\SOFTWARE\WOW6432NODE\3A91C13AB1 Value Name	15/02/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER 6 HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES 6 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\WINRAR 1 HKCU\SOFTWARE\MICROSOFT\MODULES 1 HKCU\SOFTWARE\MICROSOFT\MODULES Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE 15 HKCU\SOFTWARE\3A91C13AB1 15 HKLM\SOFTWARE\WOW6432NODE\3A91C13AB1 15 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE 15 HKCR\.8CA9D7 15 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	15/02/2020	Win_Registry
HKCU\CONTROL PANEL\DESKTOP Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\7261D3F24AE2C8DCAF22FAF7FCF1CAFD Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\WINRAR 17 HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003E9 Value Name	15/02/2020	Win_Registry
HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000001F5 Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\7261D3F24AE2C8DCAF22FAF7FCF1CAFD 17 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	15/02/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WUAUSERV Value Name	15/02/2020	Win_Registry
HKCU\ENVIRONMENT Value Name	15/02/2020	Win_Registry
HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003EC Value Name	15/02/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\3A91C13AB1 Value Name	15/02/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\WINRAR Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\3A91C13AB1 Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\NOTEPAD Value Name	15/02/2020	Win_Registry
7baba02278378b0d739b212389d20c2c	15/02/2020	MD5
a073a92c82bdad2dbdcba4bd1b322bdc	15/02/2020	MD5
7d2e2395490ac37029cd98039afa8991f718c5121b1e6e326713e99c26aacb28	15/02/2020	SHA-256
2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23	15/02/2020	SHA-256
5a4373916b36d08a40753dbcdac9f5a4463ce04e34c9d91370ed3eb26d9e02ee	15/02/2020	SHA-256
5815f647ad348de649c3ebfb5f1987e305410855cc944d14b1284abaaa40d9e3	15/02/2020	SHA-256
3182728acec97bc151ebae0a6adfac92ab26acf0c5aa1ab5194926b5e36f4d43	15/02/2020	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name	15/02/2020	Win_Registry
66d6a4049df4e8bc2fd9c615af0bc3d0ae715ea5b17c5222980f67bd6d57d75e	15/02/2020	SHA-256
cef415b47d807cb26e0881d6d79ac1ab4cbb77e1671cdcb5804982309481a18d	15/02/2020	SHA-256
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name	15/02/2020	Win_Registry
7261d3f24ae2c8dcaf22faf7fcf1cafd	15/02/2020	MD5
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name	15/02/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\random	15/02/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name	15/02/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN Value Name	15/02/2020	Win_Registry
7261D3F24AE2C8DCAF22FAF7FCF1CAFD	15/02/2020	MD5
DAC9024F54D8F6DF94935FB1732638CA6AD77C13	15/02/2020	SHA-1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name	15/02/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE Value Name	15/02/2020	Win_Registry
7a2bd7d2423c2c83b3bc987c22da348c	15/02/2020	MD5
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Value Name	15/02/2020	Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 11 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name

15/02/2020

Win_Registry

HKCR\C3B61 15 HKCR\C3B61\SHELL 15 HKCR\C3B61\SHELL\OPEN 15 HKCR\C3B61\SHELL\OPEN\COMMAND 15 HKCR\.8CA9D7 15 HKLM\SOFTWARE\WOW6432NODE\3A91C13AB1 Value Name

15/02/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER 6 HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES 6 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\WINRAR 1 HKCU\SOFTWARE\MICROSOFT\MODULES 1 HKCU\SOFTWARE\MICROSOFT\MODULES Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE 15 HKCU\SOFTWARE\3A91C13AB1 15 HKLM\SOFTWARE\WOW6432NODE\3A91C13AB1 15 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE 15 HKCR\.8CA9D7 15 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

15/02/2020

Win_Registry

HKCU\CONTROL PANEL\DESKTOP Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\SPEECH\VOICES Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\7261D3F24AE2C8DCAF22FAF7FCF1CAFD Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\WINRAR 17 HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003E9 Value Name

15/02/2020

Win_Registry

HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000001F5 Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\7261D3F24AE2C8DCAF22FAF7FCF1CAFD 17 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

15/02/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WUAUSERV Value Name

15/02/2020

Win_Registry

HKCU\ENVIRONMENT Value Name

15/02/2020

Win_Registry

HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003EC Value Name

15/02/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\3A91C13AB1 Value Name

15/02/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\WINRAR Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\3A91C13AB1 Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\NOTEPAD Value Name

15/02/2020

Win_Registry

7baba02278378b0d739b212389d20c2c

15/02/2020

MD5

a073a92c82bdad2dbdcba4bd1b322bdc

15/02/2020

MD5

7d2e2395490ac37029cd98039afa8991f718c5121b1e6e326713e99c26aacb28

15/02/2020

SHA-256

2f5776b368011a76db2c690252846d0e3a90ccd27d9575e015663cebaf58db23

15/02/2020

SHA-256

5a4373916b36d08a40753dbcdac9f5a4463ce04e34c9d91370ed3eb26d9e02ee

15/02/2020

SHA-256

5815f647ad348de649c3ebfb5f1987e305410855cc944d14b1284abaaa40d9e3

15/02/2020

SHA-256

3182728acec97bc151ebae0a6adfac92ab26acf0c5aa1ab5194926b5e36f4d43

15/02/2020

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name

15/02/2020

Win_Registry

66d6a4049df4e8bc2fd9c615af0bc3d0ae715ea5b17c5222980f67bd6d57d75e

15/02/2020

SHA-256

cef415b47d807cb26e0881d6d79ac1ab4cbb77e1671cdcb5804982309481a18d

15/02/2020

SHA-256

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name

15/02/2020

Win_Registry

7261d3f24ae2c8dcaf22faf7fcf1cafd

15/02/2020

MD5

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name

15/02/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\random

15/02/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name

15/02/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN Value Name

15/02/2020

Win_Registry

7261D3F24AE2C8DCAF22FAF7FCF1CAFD

15/02/2020

MD5

DAC9024F54D8F6DF94935FB1732638CA6AD77C13

15/02/2020

SHA-1

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name

15/02/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE Value Name

15/02/2020

Win_Registry

7a2bd7d2423c2c83b3bc987c22da348c

15/02/2020

MD5

HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Value Name

15/02/2020

Win_Registry

CYBER45

Threat Roundup for February 7 to February 14

C45-2020-02-15-2

Indicators of Compromise (IOC) List