C45-2021-10-30-4

Indicator of Compromise (IOC)	Date Published	IOC Type
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION Value Name	30/10/2021	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name	30/10/2021	Win_Registry
16f3f4c7541732748f5214a2e1ce407c3c1247798a5b52522a1bf7af14b52b0d	30/10/2021	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS Value Name	30/10/2021	Win_Registry
0f15312f220172db0f3ef31761843e13bd4af33cbafc2b7eb5355a19508bf8ef	30/10/2021	SHA-256
04e07fc62178b960fef2d52ed86e25e8aa5bca82bb5e296241ec29aad06567b1	30/10/2021	SHA-256
0d8c3a4d4f8e9dcc88f36a3ec05e7ab45925667a04dfbdd57ba1d183e6d55721	30/10/2021	SHA-256
040e4773a91e0d4cd51d47a0422f0708adb5257fd77e8c31875792530639c2a3	30/10/2021	SHA-256
1072b5519eee89e6698d0722bbfb0c80e51a709216bd13c3bb16b1ea79ba9a00	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\ALG Value Name	30/10/2021	Win_Registry
0c9b88939ee497c0f1e063a8d04438a94c7e6d1afdc150204ecbedae95c846bc	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\SPECSYSTEM Value Name	30/10/2021	Win_Registry
0930e298a07704f7fddeae602013a450b7e3f79c618e63024e758346dee4fe65	30/10/2021	SHA-256
11924275f353655dd5b3aaeca3bf896bd59874076e9c058e724eac358b8598da	30/10/2021	SHA-256
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 Value Name	30/10/2021	Win_Registry
HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name	30/10/2021	Win_Registry
4d86aee89cfc9a7af96da45ba63e47bcc7b2250432465a95df95c603bddeb668	30/10/2021	SHA-256
5c429e7242da19c2858e3caff12ac8cbba02fdd03f62f086fe6873b96c452d4f	30/10/2021	SHA-256
025490a8ac47b544c4d2030f1ceb0a369cd5b6161ecde537b5ae03d6558cf75d	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name	30/10/2021	Win_Registry
010a4ad9a04ce4dd86a11c93a48f635d2545f0753946122707c8b0e9b8464262	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\random	30/10/2021	Win_Registry
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 19 HKLM\SYSTEM\CONTROLSET001\SERVICES\SPECSYSTEM Value Name	30/10/2021	Win_Registry
0b27ef126716eb2b5de2befcca3dc912bd0bf26ac4b2a34e019989da54dbb355	30/10/2021	SHA-256
HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name	30/10/2021	Win_Registry
78b7546003ea617ee9d8461f337e1f985db1fd9e739f2423fbaf6b02a2c015ba	30/10/2021	SHA-256
87c7c23ff999c80b081423d40721ee44b8bf037d26d3452030b8a0f19837f27f	30/10/2021	SHA-256
9fb632669e5aec181bec9ac1f77faf867ee9c95765d5cd3d9f834006c6d12b11	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name	30/10/2021	Win_Registry
525018dba30e535b6231ac8ebec4a7407077edb29ec78071cdfa07b201dcdb64	30/10/2021	SHA-256
bc8b359f3ace8ee826709f03a5966823e34e4dc6e8558aefcc7a36d67eed75a8	30/10/2021	SHA-256
CVE-2020-1472	30/10/2021	CVE
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name	30/10/2021	Win_Registry
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 13 Mutexes Occurrences LhYsQRVA 13 IP Addresses contacted by malware. Does not indicate maliciousness Occurrences 194.5.98.126 12 37.0.11.206 1 45.144.225.219 1 Domain Names contacted by malware. Does not indicate maliciousness Occurrences akconsult.linkpc.net 13 Files and or directories created Occurrences	30/10/2021	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\EHRECVR Value Name	30/10/2021	Win_Registry
078b693ee78435fa7984119c3ecd13d27abc0a677b1e7d03897a86d28a296b69	30/10/2021	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS Value Name	30/10/2021	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name	30/10/2021	Win_Registry
HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name	30/10/2021	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name	30/10/2021	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name	30/10/2021	Win_Registry
HKCU\SOFTWARE\REMCOS-M9RNM0 Value Name	30/10/2021	Win_Registry
0f1f97f073debb3e0ddf328ec9130f420be182e9b482d0c11f1dcc3186f9110a	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name	30/10/2021	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name	30/10/2021	Win_Registry
0fbb44a0c7ec8486c560b3159091d716a826bfecf8f6c2b361384e3dfd3e768b	30/10/2021	SHA-256
0e14ed78f1b2323a7fddd7297256870f9ab897086cdf80f495ae34e883f7c273	30/10/2021	SHA-256
11045cab7fff44d58d71b788c797dafda423cd72e4d1741154601ae9ffcdd579	30/10/2021	SHA-256
0f17aca648bc7dd690443ea4b2cd4ffbcadb18dce34d38899c865c3996d3dc4c	30/10/2021	SHA-256
67f11aaaeb2c012cd89d9513b74b6fd8afd0e35b8306f1b781c5655245135742	30/10/2021	SHA-256

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION Value Name

30/10/2021

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name

30/10/2021

Win_Registry

16f3f4c7541732748f5214a2e1ce407c3c1247798a5b52522a1bf7af14b52b0d

30/10/2021

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS Value Name

30/10/2021

Win_Registry

0f15312f220172db0f3ef31761843e13bd4af33cbafc2b7eb5355a19508bf8ef

30/10/2021

SHA-256

04e07fc62178b960fef2d52ed86e25e8aa5bca82bb5e296241ec29aad06567b1

30/10/2021

SHA-256

0d8c3a4d4f8e9dcc88f36a3ec05e7ab45925667a04dfbdd57ba1d183e6d55721

30/10/2021

SHA-256

040e4773a91e0d4cd51d47a0422f0708adb5257fd77e8c31875792530639c2a3

30/10/2021

SHA-256

1072b5519eee89e6698d0722bbfb0c80e51a709216bd13c3bb16b1ea79ba9a00

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\ALG Value Name

30/10/2021

Win_Registry

0c9b88939ee497c0f1e063a8d04438a94c7e6d1afdc150204ecbedae95c846bc

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\SPECSYSTEM Value Name

30/10/2021

Win_Registry

0930e298a07704f7fddeae602013a450b7e3f79c618e63024e758346dee4fe65

30/10/2021

SHA-256

11924275f353655dd5b3aaeca3bf896bd59874076e9c058e724eac358b8598da

30/10/2021

SHA-256

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 Value Name

30/10/2021

Win_Registry

HKU\.DEFAULT\CONTROL PANEL\BUSES Value Name

30/10/2021

Win_Registry

4d86aee89cfc9a7af96da45ba63e47bcc7b2250432465a95df95c603bddeb668

30/10/2021

SHA-256

5c429e7242da19c2858e3caff12ac8cbba02fdd03f62f086fe6873b96c452d4f

30/10/2021

SHA-256

025490a8ac47b544c4d2030f1ceb0a369cd5b6161ecde537b5ae03d6558cf75d

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name

30/10/2021

Win_Registry

010a4ad9a04ce4dd86a11c93a48f635d2545f0753946122707c8b0e9b8464262

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\random

30/10/2021

Win_Registry

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 19 HKLM\SYSTEM\CONTROLSET001\SERVICES\SPECSYSTEM Value Name

30/10/2021

Win_Registry

0b27ef126716eb2b5de2befcca3dc912bd0bf26ac4b2a34e019989da54dbb355

30/10/2021

SHA-256

HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS Value Name

30/10/2021

Win_Registry

78b7546003ea617ee9d8461f337e1f985db1fd9e739f2423fbaf6b02a2c015ba

30/10/2021

SHA-256

87c7c23ff999c80b081423d40721ee44b8bf037d26d3452030b8a0f19837f27f

30/10/2021

SHA-256

9fb632669e5aec181bec9ac1f77faf867ee9c95765d5cd3d9f834006c6d12b11

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name

30/10/2021

Win_Registry

525018dba30e535b6231ac8ebec4a7407077edb29ec78071cdfa07b201dcdb64

30/10/2021

SHA-256

bc8b359f3ace8ee826709f03a5966823e34e4dc6e8558aefcc7a36d67eed75a8

30/10/2021

SHA-256

CVE-2020-1472

30/10/2021

CVE

HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name

30/10/2021

Win_Registry

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 13 Mutexes Occurrences LhYsQRVA 13 IP Addresses contacted by malware. Does not indicate maliciousness Occurrences 194.5.98.126 12 37.0.11.206 1 45.144.225.219 1 Domain Names contacted by malware. Does not indicate maliciousness Occurrences akconsult.linkpc.net 13 Files and or directories created Occurrences

30/10/2021

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\EHRECVR Value Name

30/10/2021

Win_Registry

078b693ee78435fa7984119c3ecd13d27abc0a677b1e7d03897a86d28a296b69

30/10/2021

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS Value Name

30/10/2021

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON Value Name

30/10/2021

Win_Registry

HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name

30/10/2021

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name

30/10/2021

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name

30/10/2021

Win_Registry

HKCU\SOFTWARE\REMCOS-M9RNM0 Value Name

30/10/2021

Win_Registry

0f1f97f073debb3e0ddf328ec9130f420be182e9b482d0c11f1dcc3186f9110a

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC Value Name

30/10/2021

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name

30/10/2021

Win_Registry

0fbb44a0c7ec8486c560b3159091d716a826bfecf8f6c2b361384e3dfd3e768b

30/10/2021

SHA-256

0e14ed78f1b2323a7fddd7297256870f9ab897086cdf80f495ae34e883f7c273

30/10/2021

SHA-256

11045cab7fff44d58d71b788c797dafda423cd72e4d1741154601ae9ffcdd579

30/10/2021

SHA-256

0f17aca648bc7dd690443ea4b2cd4ffbcadb18dce34d38899c865c3996d3dc4c

30/10/2021

SHA-256

67f11aaaeb2c012cd89d9513b74b6fd8afd0e35b8306f1b781c5655245135742

30/10/2021

SHA-256

CYBER45

Threat Roundup for October 22 to October 29

C45-2021-10-30-4

Indicators of Compromise (IOC) List