C45-2020-06-13-3

Indicator of Compromise (IOC)	Date Published	IOC Type
HKLM\SYSTEM\CONTROLSET001\SERVICES\RKYEDLRG 10 HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name	13/06/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 15 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 12 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NETSTREAM 1.0 10 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NETSTREAM 1.0 Value Name	13/06/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 26 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 26 HKCU\SOFTWARE\REMOTE 26 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS	13/06/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126AAFA 2 HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126AA00 2 HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126AAFA Value Name	13/06/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126A262 1 HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126ABF3 Value Name	13/06/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY 2 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name	13/06/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\RICLICY 1 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\RICLICY Value Name	13/06/2020	Win_Registry
01f24045d18c966d195d0934ac6bc801652a5908a9ef50124c0557f6d03d42c3	13/06/2020	SHA-256
2760e4f5c5119988b6c83907da6a3cf60e62c2425456ebf1e06893a00c04b91b	13/06/2020	SHA-256
bdf44a59073f52b5b4bada6afbeccd9410ce8ca0a46441149b66d4b97b305572	13/06/2020	SHA-256
d90afab18a64702ce68aae194c7e73833ab8329e8e9f89013b0195b13123b2ec	13/06/2020	SHA-256
HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126A687 Value Name	13/06/2020	Win_Registry
4ea79444f67c2c5ef753e785887a9181ae17eb984c7f37a3113cad6a2b2e6ccd	13/06/2020	SHA-256
115dd57d8c7887820eba732e628879f34693791da1cc8f4b270ef954e8a56b2b	13/06/2020	SHA-256
0b9297a648aba6ee27b8a96cc95974be328547141e1b5a3e13e544f71bc045e0	13/06/2020	SHA-256
0649a007c9e7e7abc08fcfa53cfbc0a11c3119792b04d2ff6a47f8f53cdc5514	13/06/2020	SHA-256
058051ccc05ed076f17535e744f385290eda9c2e0912ed7c460e5b571b3e26dc	13/06/2020	SHA-256
2240fb081176a4811088f5818d0b5d6a60a2ffd64a8202fdd46b4e05f694ac2d	13/06/2020	SHA-256
4de13fa0580a6f7f315652cfe448493336db4cbcbcc31fa15caf5016ce11aa72	13/06/2020	SHA-256
29561a21de4d716de129ff67f4504feee5232e932dc7925d8acf2fd6220b7ba6	13/06/2020	SHA-256
476ce28be8b7576a3b0576e7dd8f90f2aa1cfc59ad90adb5abf14a9d5d866b84	13/06/2020	SHA-256
75E0ABB6138512271C04F85FDDDE38E4B7242EFE	13/06/2020	SHA-1
356b7cfcc87425f08c9ad492d272b5ac6e0476389193c20ebd37cf95e1215825	13/06/2020	SHA-256
3988dc9a3f05c928110f69bd750b6d6ac7fa233e6ef072463f82fea877a0ad7c	13/06/2020	SHA-256
07905ece0c4747aad1bf4b7f11693e319140a4e55f1b40308209f4ccf3c16dfb	13/06/2020	SHA-256
2e8882116694efbb6b57355f7f3e6b79b77cfbae42b5204b3d3172497f7e327d	13/06/2020	SHA-256
29114a3a6b05e119245d93373f8776a086a9018016238a3300ed93700d7f2f32	13/06/2020	SHA-256
498438a69aa744934cd33f6219709b3fb1531e3e89e95cef805f494ba8be938b	13/06/2020	SHA-256
258b78459aad9222ce31fd3c6a7fa2fe202c0a29e4299b7f0ff9be373ef72670	13/06/2020	SHA-256
67187b9ebc578ae12c06cddff756160d741eafd53440efd6756c646e4d9e7594	13/06/2020	SHA-256
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name	13/06/2020	Win_Registry
5d2659b94c16fc1db20e20a1110426bc3a5cf29904cfe49ac381de573c8d6135	13/06/2020	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\WMITOMI Value Name	13/06/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\NETBTUGC Value Name	13/06/2020	Win_Registry
60d3892006ae9dece5a967e4023c664437fff4d3662b47a01738cebda1b1446d	13/06/2020	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\WMITOMI 1 HKLM\SYSTEM\CONTROLSET001\SERVICES\KBDHE Value Name	13/06/2020	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES 99 HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name	13/06/2020	Win_Registry
4fbf3416adf96620028b3f92f661d24708aff0c83651868dddbbddae11110b9d	13/06/2020	SHA-256
5e15c7ef36f861bd967c4b7cf7b4476d37be287e3b1e18cc41168810b9e36f3f	13/06/2020	SHA-256
5c0c7d1e7e52685b82c1d170368db66fbfbe06ab3e05c7a8243d9bad5500a64c	13/06/2020	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\FXSXP32 Value Name	13/06/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\TRAFFIC Value Name	13/06/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\random	13/06/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN Value Name	13/06/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name	13/06/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\NETBTUGC 1 HKLM\SYSTEM\CONTROLSET001\SERVICES\NETBTUGC Value Name	13/06/2020	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name	13/06/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\MSFEEDSSYNC Value Name	13/06/2020	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS	13/06/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\TERMMGR Value Name	13/06/2020	Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\RKYEDLRG 10 HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name

13/06/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 15 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 12 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NETSTREAM 1.0 10 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NETSTREAM 1.0 Value Name

13/06/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 26 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 26 HKCU\SOFTWARE\REMOTE 26 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS

13/06/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126AAFA 2 HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126AA00 2 HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126AAFA Value Name

13/06/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126A262 1 HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126ABF3 Value Name

13/06/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY 2 HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST Value Name

13/06/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\RICLICY 1 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\RICLICY Value Name

13/06/2020

Win_Registry

01f24045d18c966d195d0934ac6bc801652a5908a9ef50124c0557f6d03d42c3

13/06/2020

SHA-256

2760e4f5c5119988b6c83907da6a3cf60e62c2425456ebf1e06893a00c04b91b

13/06/2020

SHA-256

bdf44a59073f52b5b4bada6afbeccd9410ce8ca0a46441149b66d4b97b305572

13/06/2020

SHA-256

d90afab18a64702ce68aae194c7e73833ab8329e8e9f89013b0195b13123b2ec

13/06/2020

SHA-256

HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\126A687 Value Name

13/06/2020

Win_Registry

4ea79444f67c2c5ef753e785887a9181ae17eb984c7f37a3113cad6a2b2e6ccd

13/06/2020

SHA-256

115dd57d8c7887820eba732e628879f34693791da1cc8f4b270ef954e8a56b2b

13/06/2020

SHA-256

0b9297a648aba6ee27b8a96cc95974be328547141e1b5a3e13e544f71bc045e0

13/06/2020

SHA-256

0649a007c9e7e7abc08fcfa53cfbc0a11c3119792b04d2ff6a47f8f53cdc5514

13/06/2020

SHA-256

058051ccc05ed076f17535e744f385290eda9c2e0912ed7c460e5b571b3e26dc

13/06/2020

SHA-256

2240fb081176a4811088f5818d0b5d6a60a2ffd64a8202fdd46b4e05f694ac2d

13/06/2020

SHA-256

4de13fa0580a6f7f315652cfe448493336db4cbcbcc31fa15caf5016ce11aa72

13/06/2020

SHA-256

29561a21de4d716de129ff67f4504feee5232e932dc7925d8acf2fd6220b7ba6

13/06/2020

SHA-256

476ce28be8b7576a3b0576e7dd8f90f2aa1cfc59ad90adb5abf14a9d5d866b84

13/06/2020

SHA-256

75E0ABB6138512271C04F85FDDDE38E4B7242EFE

13/06/2020

SHA-1

356b7cfcc87425f08c9ad492d272b5ac6e0476389193c20ebd37cf95e1215825

13/06/2020

SHA-256

3988dc9a3f05c928110f69bd750b6d6ac7fa233e6ef072463f82fea877a0ad7c

13/06/2020

SHA-256

07905ece0c4747aad1bf4b7f11693e319140a4e55f1b40308209f4ccf3c16dfb

13/06/2020

SHA-256

2e8882116694efbb6b57355f7f3e6b79b77cfbae42b5204b3d3172497f7e327d

13/06/2020

SHA-256

29114a3a6b05e119245d93373f8776a086a9018016238a3300ed93700d7f2f32

13/06/2020

SHA-256

498438a69aa744934cd33f6219709b3fb1531e3e89e95cef805f494ba8be938b

13/06/2020

SHA-256

258b78459aad9222ce31fd3c6a7fa2fe202c0a29e4299b7f0ff9be373ef72670

13/06/2020

SHA-256

67187b9ebc578ae12c06cddff756160d741eafd53440efd6756c646e4d9e7594

13/06/2020

SHA-256

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name

13/06/2020

Win_Registry

5d2659b94c16fc1db20e20a1110426bc3a5cf29904cfe49ac381de573c8d6135

13/06/2020

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\WMITOMI Value Name

13/06/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\NETBTUGC Value Name

13/06/2020

Win_Registry

60d3892006ae9dece5a967e4023c664437fff4d3662b47a01738cebda1b1446d

13/06/2020

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\WMITOMI 1 HKLM\SYSTEM\CONTROLSET001\SERVICES\KBDHE Value Name

13/06/2020

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES 99 HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name

13/06/2020

Win_Registry

4fbf3416adf96620028b3f92f661d24708aff0c83651868dddbbddae11110b9d

13/06/2020

SHA-256

5e15c7ef36f861bd967c4b7cf7b4476d37be287e3b1e18cc41168810b9e36f3f

13/06/2020

SHA-256

5c0c7d1e7e52685b82c1d170368db66fbfbe06ab3e05c7a8243d9bad5500a64c

13/06/2020

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\FXSXP32 Value Name

13/06/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\TRAFFIC Value Name

13/06/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\random

13/06/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN Value Name

13/06/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name

13/06/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\NETBTUGC 1 HKLM\SYSTEM\CONTROLSET001\SERVICES\NETBTUGC Value Name

13/06/2020

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name

13/06/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\MSFEEDSSYNC Value Name

13/06/2020

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS

13/06/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\TERMMGR Value Name

13/06/2020

Win_Registry

CYBER45

Threat Roundup for June 5 to June 12

C45-2020-06-13-3

Indicators of Compromise (IOC) List