C45-2020-04-25-4

Indicator of Compromise (IOC)	Date Published	IOC Type
HKCU\SOFTWARE\CR 18 HKCU\SOFTWARE\CR Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\RTA 16 HKCU\SOFTWARE\RTA Value Name	25/04/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER 72 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\WINRAR 133 HKCU\SOFTWARE\WINRAR Value Name	25/04/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAM.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE 25 Mutexes Occurrences 27218346293184 13 random	25/04/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS SCRIPT HOST\SETTINGS Value Name	25/04/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SCHEDULE Value Name	25/04/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SYSTEMRESTORE Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS 26 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\MICROSOFT 26 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\MICROSOFT\SYSINTERNALS 26 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\MICROSOFT\SYSINTERNALS Value Name	25/04/2020	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\AU 10 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\AU Value Name	25/04/2020	Win_Registry
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE 10 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE Value Name	25/04/2020	Win_Registry
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components	25/04/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\VKTCOLHK Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\IDCHLFBL Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\VRMBTXGW Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\NUJDBOCM Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\TLFNKUIC Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\USJUGTUB Value Name	25/04/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORKLIST\NLA\CACHE\INTRANET Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\EOISRQJN Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\KFILJFNL Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\KNDVTBOW Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\XUGTDVIP Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\random	25/04/2020	Win_Registry
HKCU\SOFTWARE\JAHGNKVF Value Name	25/04/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	25/04/2020	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name	25/04/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\random	25/04/2020	Win_Registry
HKCU\SOFTWARE\EGKPADLS Value Name	25/04/2020	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES 10 HKLM\SYSTEM\CONTROLSET001\SERVICES\random	25/04/2020	Win_Registry
HKCR\LOCAL SETTINGS\MUICACHE\\52C64B7E Value Name	25/04/2020	Win_Registry
HKCU\SOFTWARE\0R1BCD6	25/04/2020	Win_Registry
5322c54194bb77566d138d7b7db977970b203533da251ebdc4678b877e61b37e	25/04/2020	SHA-256
66fc39ac5e60061aff71ef9ae06ed9a187ca155fe5c9b050ed097a045b474d93	25/04/2020	SHA-256
6430b69c9f649c239441f131c89cec73cd2493e62d24ceeea61ede974e7f85e4	25/04/2020	SHA-256
55a01091891519c8e24a2bc5b2931aabeaedcb9ee9a8b9c23d19689f13035301	25/04/2020	SHA-256
443760933009f216438ad4cc8405b4ed6ac3259fc2a36862bad1ce96720479ca	25/04/2020	SHA-256
54bc054c185bfbbd887aab190952ab6a0fc2672630ea698fdbc3444f5f9e351b	25/04/2020	SHA-256
51a43c646c53a61a89aa0d175c5a016f2de909260f82472ae07aaca59dfd1b1e	25/04/2020	SHA-256
4ef1ac7ef9edd26c4e46c4d9158741174f37b4a63c3715ce2d431416f18492ca	25/04/2020	SHA-256
3f8338e92e30097ceb4b213b47999603bffba43137bd8cd6067e7bb3815afef0	25/04/2020	SHA-256
453eae1e412738116137168bf3fb344ae80fbf8d5fa4bc1d9bcc5a104ab75f19	25/04/2020	SHA-256
37ddfc8cb80d2a83fcc1c05f6269e95aeb953863ddb600812e9a9c82f2ce728f	25/04/2020	SHA-256
40d4599fb71011c4677ba99ecea95c44017d757813fbcb027f36e24228044df1	25/04/2020	SHA-256
440a02be5ad833d339535c82918c4ba2bc5e600d4275957531c4a6d6bbfc0bbd	25/04/2020	SHA-256
3f9fa869cfae64f5c0185512165ffbb0127ba83a2de8e6b3c20341e7fa05b68a	25/04/2020	SHA-256
2352e63902d399f76afb7b9f11515251464e4cb0e9fb3ef8fc28323748f7483a	25/04/2020	SHA-256
2110cdf1179c5f6810f42cbadec64f42c15cb8cf0d471edcd6f157167db5440b	25/04/2020	SHA-256

HKCU\SOFTWARE\CR 18 HKCU\SOFTWARE\CR Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\RTA 16 HKCU\SOFTWARE\RTA Value Name

25/04/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER 72 HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\WINRAR 133 HKCU\SOFTWARE\WINRAR Value Name

25/04/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAM.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE 25 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE 25 Mutexes Occurrences 27218346293184 13 random

25/04/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS SCRIPT HOST\SETTINGS Value Name

25/04/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SCHEDULE Value Name

25/04/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SYSTEMRESTORE Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS 26 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\MICROSOFT 26 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\MICROSOFT\SYSINTERNALS 26 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\MICROSOFT\SYSINTERNALS Value Name

25/04/2020

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\AU 10 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\AU Value Name

25/04/2020

Win_Registry

HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE 10 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE Value Name

25/04/2020

Win_Registry

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components

25/04/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\VKTCOLHK Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\IDCHLFBL Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\VRMBTXGW Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\NUJDBOCM Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\TLFNKUIC Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\USJUGTUB Value Name

25/04/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORKLIST\NLA\CACHE\INTRANET Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\EOISRQJN Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\KFILJFNL Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\KNDVTBOW Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\XUGTDVIP Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\random

25/04/2020

Win_Registry

HKCU\SOFTWARE\JAHGNKVF Value Name

25/04/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

25/04/2020

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name

25/04/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\random

25/04/2020

Win_Registry

HKCU\SOFTWARE\EGKPADLS Value Name

25/04/2020

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES 10 HKLM\SYSTEM\CONTROLSET001\SERVICES\random

25/04/2020

Win_Registry

HKCR\LOCAL SETTINGS\MUICACHE\\52C64B7E Value Name

25/04/2020

Win_Registry

HKCU\SOFTWARE\0R1BCD6

25/04/2020

Win_Registry

5322c54194bb77566d138d7b7db977970b203533da251ebdc4678b877e61b37e

25/04/2020

SHA-256

66fc39ac5e60061aff71ef9ae06ed9a187ca155fe5c9b050ed097a045b474d93

25/04/2020

SHA-256

6430b69c9f649c239441f131c89cec73cd2493e62d24ceeea61ede974e7f85e4

25/04/2020

SHA-256

55a01091891519c8e24a2bc5b2931aabeaedcb9ee9a8b9c23d19689f13035301

25/04/2020

SHA-256

443760933009f216438ad4cc8405b4ed6ac3259fc2a36862bad1ce96720479ca

25/04/2020

SHA-256

54bc054c185bfbbd887aab190952ab6a0fc2672630ea698fdbc3444f5f9e351b

25/04/2020

SHA-256

51a43c646c53a61a89aa0d175c5a016f2de909260f82472ae07aaca59dfd1b1e

25/04/2020

SHA-256

4ef1ac7ef9edd26c4e46c4d9158741174f37b4a63c3715ce2d431416f18492ca

25/04/2020

SHA-256

3f8338e92e30097ceb4b213b47999603bffba43137bd8cd6067e7bb3815afef0

25/04/2020

SHA-256

453eae1e412738116137168bf3fb344ae80fbf8d5fa4bc1d9bcc5a104ab75f19

25/04/2020

SHA-256

37ddfc8cb80d2a83fcc1c05f6269e95aeb953863ddb600812e9a9c82f2ce728f

25/04/2020

SHA-256

40d4599fb71011c4677ba99ecea95c44017d757813fbcb027f36e24228044df1

25/04/2020

SHA-256

440a02be5ad833d339535c82918c4ba2bc5e600d4275957531c4a6d6bbfc0bbd

25/04/2020

SHA-256

3f9fa869cfae64f5c0185512165ffbb0127ba83a2de8e6b3c20341e7fa05b68a

25/04/2020

SHA-256

2352e63902d399f76afb7b9f11515251464e4cb0e9fb3ef8fc28323748f7483a

25/04/2020

SHA-256

2110cdf1179c5f6810f42cbadec64f42c15cb8cf0d471edcd6f157167db5440b

25/04/2020

SHA-256

CYBER45

Threat Roundup for April 17 to April 24

C45-2020-04-25-4

Indicators of Compromise (IOC) List