C45-2021-10-09-6

Indicator of Compromise (IOC)	Date Published	IOC Type
9c50af11523c026073dde45f066424f0033caa6744b82118f3e038e6f4580557	09/10/2021	SHA-256
CVE-2020-1472	09/10/2021	CVE
26c5976cfda1b589508991c8febbe981ebe3d9e468fb22bd716299999c70bc3c	09/10/2021	SHA-256
2a22904a27225a19e27079cb195f17877ece1b3e920004ad6105dfd0638f94cb	09/10/2021	SHA-256
6dc77546c2242b37c67fc3107086ec18458b18fd44f8ee61146630b526e999b5	09/10/2021	SHA-256
HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name	09/10/2021	Win_Registry
HKCU\SOFTWARE\	09/10/2021	Win_Registry
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 21 HKCU\SOFTWARE\	09/10/2021	Win_Registry
16683e93ed9139d70d60b644c2e468183313492a9aa79f97941bee45301ca724	09/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\random	09/10/2021	Win_Registry
HKCU\SOFTWARE\ZZZSYS 11 HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 11 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS	09/10/2021	Win_Registry
babe7415db87aed772a0abd04c60ded59ca6afa9fa0de095ebdfd409cead622d	09/10/2021	SHA-256
087b0c3dd4df197b7b82c7d8cbff0afd226d2f49757525c98ceb20795db758c9	09/10/2021	SHA-256
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 25 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name	09/10/2021	Win_Registry
3a3c7379c43a11854f05211ad0756f33937596cda183fe21aa162b32b35664a1	09/10/2021	SHA-256
383965cd89e55e729aa8a4c72357135a78bd71939781f3c8f685998dba0996b7	09/10/2021	SHA-256
5d35cded7c61504c44430048ae0f8061c2a7a6cfe6f618177fcbcf713596a878	09/10/2021	SHA-256
0f171772ee0fd5fb3c249785b07bbc7a5f1e489a6fc48a3e7000d6566dcc56e5	09/10/2021	SHA-256
08828d3ef5c0b4b58fc7367d5afbbe44038b309af020d885b228ac74cc249676	09/10/2021	SHA-256
393b43b9e3d7ab32ad278ea4c9ea7f59a5eff215b1c95f7b9ab165c16a678e08	09/10/2021	SHA-256
9d78e1b888cffd2245ba502ba3703c3a2a6b3e7d896f9b4bb8113364ad570865	09/10/2021	SHA-256
2e1c10ab8e4e40a26a33980a4c5675fd09fd9c7ecfad293e48dfad8bd3920d6f	09/10/2021	SHA-256
54231653fed288990289da541317a03ece89cbe74beaf553c81b22fed7ca1f6d	09/10/2021	SHA-256
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 16 Mutexes Occurrences 3749282D282E1E80C56CAE5A 16 9DAA44F7C7955D46445DC99B 14 79693E888AE71054CE29AEB2 1 IP Addresses contacted by malware. Does not indicate maliciousness Occurrences 103.207.39.31 2 208.89.132.27 1 65.254.254.55 1 45.33.83.75 1 78.128.92.142 1 213.91.128.133 1 Domain Names contacted by malware. Does not indicate maliciousness Occurrences www.zoicstudios.info 10 www.uzojesse.tk 2 jesicastreetdesign.com 1 freakybros.ml 1 zoicstudios.info 1 Files and or directories created Occurrences	09/10/2021	Win_Registry
011c36161dab3e0df978397c2ef7e47194dae0e81c720d40a730050486be8f93	09/10/2021	SHA-256
28318fc422c34a5f04976c36b20220b9528ea9da0217fe8fd0235c0565592e87	09/10/2021	SHA-256
2099d033be215d0e357ce4a28c294964010ed8cabaf5fa5b3371a43f89a5aa0b	09/10/2021	SHA-256
c4a587a8ac33adc711775771be5a2902593c25bb1503071cb6324c9789e06f05	09/10/2021	SHA-256
f6eb973e121c175889753d884782fc63faeab2b47d91de6ac14720c97fe98dfe	09/10/2021	SHA-256
c14a372fdc3a4818a712bc9d8171f9fd85eabbee8a9816d56ef4279e7b065951	09/10/2021	SHA-256
11295933c58c8f9e3ba70a5947ceffa40fc7a906bc0e6c7450ed1ca6ec6276dd	09/10/2021	SHA-256
HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\02BAB7FD-7931-84AC-1356-BDF8F7EA41AC 2 HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\02BAB7FD-7931-84AC-1356-BDF8F7EA41AC Value Name	09/10/2021	Win_Registry
20db0fa7c949b9fc79caee4f7138f293654d42cd33cef33859595b7756ff6a61	09/10/2021	SHA-256
7078056cae3950d01ead3c3a37bd720aafad90317e8d1fdc5d3ca4563840f5a3	09/10/2021	SHA-256
12d8595e51e44b9d18812e57c9101d91c7cc5211102f952f36ba667bae8c6521	09/10/2021	SHA-256
HKCU\Software\random	09/10/2021	Win_Registry
78.128.92.142	09/10/2021	IPv4
af4eb8fb340cc741dc6b0268c6913cf66e2e326027d3d1aa7d35c18c80498bb8	09/10/2021	SHA-256
9b6a5d46f0d8683a7498e88a3e61fb510bf381ee620fdf32fdc434747e9be880	09/10/2021	SHA-256
2a1f5fccc95cd0fc14a720a884458516799496b5dc0344578101dbe3a3126e24	09/10/2021	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	09/10/2021	Win_Registry
89.252.182.3	09/10/2021	IPv4
690fa6a7b9914d9fcacc46a19e0c11ca0737e47ef32b1e47109008124c502b99	09/10/2021	SHA-256
11f7c52c6803238333cca54f72a698ff35007885717453c8eae7677efd0f38ac	09/10/2021	SHA-256
27bf62865dd8a2f727d5ca49f1422bdcb8d34bfddfa91375722f60d1820dc93c	09/10/2021	SHA-256
42b19a6fc331945b6c4ce785a844d4654a1c54d817a80c26e7c80c662e59bbcb	09/10/2021	SHA-256
bc4b5884283bfee1c83d614fb3327d84553aa22c548ceb84315504bc4b6c15a6	09/10/2021	SHA-256
9d99788db3e3f5603f171726a9cdac0ffdbef3fe25707804ec1c5f029b4e82e1	09/10/2021	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CLSID	09/10/2021	Win_Registry
a2277ccbce73460705a3365a8152c2308b663a2877b5710d2a4a150dea9f7f45	09/10/2021	SHA-256

9c50af11523c026073dde45f066424f0033caa6744b82118f3e038e6f4580557

09/10/2021

SHA-256

CVE-2020-1472

09/10/2021

CVE

26c5976cfda1b589508991c8febbe981ebe3d9e468fb22bd716299999c70bc3c

09/10/2021

SHA-256

2a22904a27225a19e27079cb195f17877ece1b3e920004ad6105dfd0638f94cb

09/10/2021

SHA-256

6dc77546c2242b37c67fc3107086ec18458b18fd44f8ee61146630b526e999b5

09/10/2021

SHA-256

HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name

09/10/2021

Win_Registry

HKCU\SOFTWARE\

09/10/2021

Win_Registry

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 21 HKCU\SOFTWARE\

09/10/2021

Win_Registry

16683e93ed9139d70d60b644c2e468183313492a9aa79f97941bee45301ca724

09/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\random

09/10/2021

Win_Registry

HKCU\SOFTWARE\ZZZSYS 11 HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 11 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS

09/10/2021

Win_Registry

babe7415db87aed772a0abd04c60ded59ca6afa9fa0de095ebdfd409cead622d

09/10/2021

SHA-256

087b0c3dd4df197b7b82c7d8cbff0afd226d2f49757525c98ceb20795db758c9

09/10/2021

SHA-256

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 25 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name

09/10/2021

Win_Registry

3a3c7379c43a11854f05211ad0756f33937596cda183fe21aa162b32b35664a1

09/10/2021

SHA-256

383965cd89e55e729aa8a4c72357135a78bd71939781f3c8f685998dba0996b7

09/10/2021

SHA-256

5d35cded7c61504c44430048ae0f8061c2a7a6cfe6f618177fcbcf713596a878

09/10/2021

SHA-256

0f171772ee0fd5fb3c249785b07bbc7a5f1e489a6fc48a3e7000d6566dcc56e5

09/10/2021

SHA-256

08828d3ef5c0b4b58fc7367d5afbbe44038b309af020d885b228ac74cc249676

09/10/2021

SHA-256

393b43b9e3d7ab32ad278ea4c9ea7f59a5eff215b1c95f7b9ab165c16a678e08

09/10/2021

SHA-256

9d78e1b888cffd2245ba502ba3703c3a2a6b3e7d896f9b4bb8113364ad570865

09/10/2021

SHA-256

2e1c10ab8e4e40a26a33980a4c5675fd09fd9c7ecfad293e48dfad8bd3920d6f

09/10/2021

SHA-256

54231653fed288990289da541317a03ece89cbe74beaf553c81b22fed7ca1f6d

09/10/2021

SHA-256

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 16 Mutexes Occurrences 3749282D282E1E80C56CAE5A 16 9DAA44F7C7955D46445DC99B 14 79693E888AE71054CE29AEB2 1 IP Addresses contacted by malware. Does not indicate maliciousness Occurrences 103.207.39.31 2 208.89.132.27 1 65.254.254.55 1 45.33.83.75 1 78.128.92.142 1 213.91.128.133 1 Domain Names contacted by malware. Does not indicate maliciousness Occurrences www.zoicstudios.info 10 www.uzojesse.tk 2 jesicastreetdesign.com 1 freakybros.ml 1 zoicstudios.info 1 Files and or directories created Occurrences

09/10/2021

Win_Registry

011c36161dab3e0df978397c2ef7e47194dae0e81c720d40a730050486be8f93

09/10/2021

SHA-256

28318fc422c34a5f04976c36b20220b9528ea9da0217fe8fd0235c0565592e87

09/10/2021

SHA-256

2099d033be215d0e357ce4a28c294964010ed8cabaf5fa5b3371a43f89a5aa0b

09/10/2021

SHA-256

c4a587a8ac33adc711775771be5a2902593c25bb1503071cb6324c9789e06f05

09/10/2021

SHA-256

f6eb973e121c175889753d884782fc63faeab2b47d91de6ac14720c97fe98dfe

09/10/2021

SHA-256

c14a372fdc3a4818a712bc9d8171f9fd85eabbee8a9816d56ef4279e7b065951

09/10/2021

SHA-256

11295933c58c8f9e3ba70a5947ceffa40fc7a906bc0e6c7450ed1ca6ec6276dd

09/10/2021

SHA-256

HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\02BAB7FD-7931-84AC-1356-BDF8F7EA41AC 2 HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\02BAB7FD-7931-84AC-1356-BDF8F7EA41AC Value Name

09/10/2021

Win_Registry

20db0fa7c949b9fc79caee4f7138f293654d42cd33cef33859595b7756ff6a61

09/10/2021

SHA-256

7078056cae3950d01ead3c3a37bd720aafad90317e8d1fdc5d3ca4563840f5a3

09/10/2021

SHA-256

12d8595e51e44b9d18812e57c9101d91c7cc5211102f952f36ba667bae8c6521

09/10/2021

SHA-256

HKCU\Software\random

09/10/2021

Win_Registry

78.128.92.142

09/10/2021

IPv4

af4eb8fb340cc741dc6b0268c6913cf66e2e326027d3d1aa7d35c18c80498bb8

09/10/2021

SHA-256

9b6a5d46f0d8683a7498e88a3e61fb510bf381ee620fdf32fdc434747e9be880

09/10/2021

SHA-256

2a1f5fccc95cd0fc14a720a884458516799496b5dc0344578101dbe3a3126e24

09/10/2021

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

09/10/2021

Win_Registry

89.252.182.3

09/10/2021

IPv4

690fa6a7b9914d9fcacc46a19e0c11ca0737e47ef32b1e47109008124c502b99

09/10/2021

SHA-256

11f7c52c6803238333cca54f72a698ff35007885717453c8eae7677efd0f38ac

09/10/2021

SHA-256

27bf62865dd8a2f727d5ca49f1422bdcb8d34bfddfa91375722f60d1820dc93c

09/10/2021

SHA-256

42b19a6fc331945b6c4ce785a844d4654a1c54d817a80c26e7c80c662e59bbcb

09/10/2021

SHA-256

bc4b5884283bfee1c83d614fb3327d84553aa22c548ceb84315504bc4b6c15a6

09/10/2021

SHA-256

9d99788db3e3f5603f171726a9cdac0ffdbef3fe25707804ec1c5f029b4e82e1

09/10/2021

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CLSID

09/10/2021

Win_Registry

a2277ccbce73460705a3365a8152c2308b663a2877b5710d2a4a150dea9f7f45

09/10/2021

SHA-256

CYBER45

Threat Roundup for October 1 to October 8

C45-2021-10-09-6

Indicators of Compromise (IOC) List