C45-2021-10-30-4 2/3

Indicator of Compromise (IOC)	Date Published	IOC Type
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 23 Mutexes Occurrences shell	30/10/2021	Win_Registry
0353a3c48402e081e7d896b4b34313d71a54d3abb82a90aa49e670290d10a3c3	30/10/2021	SHA-256
00982dc7c97f4158cba1fb20d95a8b97826139266cd2d1895d54e4648069e7b4	30/10/2021	SHA-256
a4f7d53656770506f416edb8c4255ab1efbb95562393f6cfd7d058684d390846	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\	30/10/2021	Win_Registry
HKCU\SOFTWARE\	30/10/2021	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\COMSYSAPP Value Name	30/10/2021	Win_Registry
117f71ce609fb833f6353c5acaf88c9ecada93f685ba5855bac7ff8ed2c320df	30/10/2021	SHA-256
d384670a94bbd5ab329ffdcef1100850fd164b0cbf930e0828e18e84f7d2543b	30/10/2021	SHA-256
de94a6c904d7e95a75f1bf47a81cc20ddfb2615a609c72614cc9d11db9b8ed98	30/10/2021	SHA-256
HKU\.DEFAULT\CONTROL PANEL\BUSES 30 HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 30 HKLM\SYSTEM\CONTROLSET001\SERVICES\random	30/10/2021	Win_Registry
aed5bd1569dcb361962a0c81ee3a970c379851b1e5e235e44c1df16241bd7457	30/10/2021	SHA-256
110dfe45bb084f5413cf0d955095742640a8824484d68a4c0e5336e5b3487ea3	30/10/2021	SHA-256
HKCU\SOFTWARE\REMCOS-M9RNM0 1 HKCU\SOFTWARE\REMCOS-M9RNM0 Value Name	30/10/2021	Win_Registry
54b94c1826b36e24d4936095eca687f9dc1f3f881cbddccea722187f88ac4132	30/10/2021	SHA-256
0a424cb5af252c086a152acd983550457bfe0a18cb839419023281ff0022cb20	30/10/2021	SHA-256
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name	30/10/2021	Win_Registry
048f73724cfa93d233d2bf72c0b565099a4232daf892e2d07b61853683a9c0a4	30/10/2021	SHA-256
8a385de0e050fd0baadf553cef6954b1bfa3a3c0c2c626db5cf083ba2c7a56ba	30/10/2021	SHA-256
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 21 Mutexes Occurrences Global\	30/10/2021	Win_Registry
HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 25 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name	30/10/2021	Win_Registry
HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name	30/10/2021	Win_Registry
068db1e257b566428c46010f19a42dcd23ae6194c1d3c24a148868e0e0695e97	30/10/2021	SHA-256
HKLM\SYSTEM\CONTROLSET001\SERVICES\SPECSYSTEM 11 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name	30/10/2021	Win_Registry
0820080d9f8346315bfe9a958b577862678558a683bd2c4724b04448f955955c	30/10/2021	SHA-256
00dddb6b092764a7775019faf174697467fead76e5db83834d524195197eaa1a	30/10/2021	SHA-256
0d1ece96794477cea3f688cb4c7fdf4124579e15b20954452056f38b6346a80b	30/10/2021	SHA-256
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 301 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM Value Name	30/10/2021	Win_Registry
f0fa6bd0560a7377384ae7f80e9607097618f93a66a5286f4637a859e1ac9dce	30/10/2021	SHA-256
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	30/10/2021	Win_Registry
06c350a661c1d72399371845d8e48c29f347d2bc37546664df8134f1a06bd181	30/10/2021	SHA-256
0c9a60dec3d6b10477ac4240d50c5570282a2d89041b757f33a1da9e37869dc9	30/10/2021	SHA-256
62.141.42.208	30/10/2021	IPv4
192.0.47.59	30/10/2021	IPv4
02c5c3722753f5199e764a1a7401ef2169e4a04b120adfb3fcfa8fa8e573479c	30/10/2021	SHA-256
0d0e5dc20240ceceb5a0b05eacf1b8b487740e6c5c90d9c8934ae7183048b783	30/10/2021	SHA-256
216.146.35.35	30/10/2021	IPv4
23.199.63.11	30/10/2021	IPv4
78931ad33a7493e34933aaa923e34a45f5fcff131196c9d1a974ccadac86f755	30/10/2021	SHA-256
2baae7257378a9f85d570bc41e5064cb2764c5f26be880dbf31e827b8ddb4162	30/10/2021	SHA-256
194.25.134.8	30/10/2021	IPv4
208.100.26.245	30/10/2021	IPv4
6391c49f4379c8c9a33d2d0deb17d270b729d22a638be7c89654f87032aebe53	30/10/2021	SHA-256
01fc1c8f3f7cb6015374861b028ae73178396d940953f3ab5afa2242abc95df0	30/10/2021	SHA-256
144.160.235.143	30/10/2021	IPv4
64.98.36.4	30/10/2021	IPv4
434eb217715b04f1583e261ae1023d0d6c3cb24114b5fef2a3dc748f825c3d92	30/10/2021	SHA-256
79c24d9f1403edaec393dbd02779720b28f77be3dde30ee5bfd5e676b3bea9dd	30/10/2021	SHA-256
67.195.204.72	30/10/2021	IPv4
46.165.254.206	30/10/2021	IPv4

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 23 Mutexes Occurrences shell

30/10/2021

Win_Registry

0353a3c48402e081e7d896b4b34313d71a54d3abb82a90aa49e670290d10a3c3

30/10/2021

SHA-256

00982dc7c97f4158cba1fb20d95a8b97826139266cd2d1895d54e4648069e7b4

30/10/2021

SHA-256

a4f7d53656770506f416edb8c4255ab1efbb95562393f6cfd7d058684d390846

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\

30/10/2021

Win_Registry

HKCU\SOFTWARE\

30/10/2021

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\COMSYSAPP Value Name

30/10/2021

Win_Registry

117f71ce609fb833f6353c5acaf88c9ecada93f685ba5855bac7ff8ed2c320df

30/10/2021

SHA-256

d384670a94bbd5ab329ffdcef1100850fd164b0cbf930e0828e18e84f7d2543b

30/10/2021

SHA-256

de94a6c904d7e95a75f1bf47a81cc20ddfb2615a609c72614cc9d11db9b8ed98

30/10/2021

SHA-256

HKU\.DEFAULT\CONTROL PANEL\BUSES 30 HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 30 HKLM\SYSTEM\CONTROLSET001\SERVICES\random

30/10/2021

Win_Registry

aed5bd1569dcb361962a0c81ee3a970c379851b1e5e235e44c1df16241bd7457

30/10/2021

SHA-256

110dfe45bb084f5413cf0d955095742640a8824484d68a4c0e5336e5b3487ea3

30/10/2021

SHA-256

HKCU\SOFTWARE\REMCOS-M9RNM0 1 HKCU\SOFTWARE\REMCOS-M9RNM0 Value Name

30/10/2021

Win_Registry

54b94c1826b36e24d4936095eca687f9dc1f3f881cbddccea722187f88ac4132

30/10/2021

SHA-256

0a424cb5af252c086a152acd983550457bfe0a18cb839419023281ff0022cb20

30/10/2021

SHA-256

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name

30/10/2021

Win_Registry

048f73724cfa93d233d2bf72c0b565099a4232daf892e2d07b61853683a9c0a4

30/10/2021

SHA-256

8a385de0e050fd0baadf553cef6954b1bfa3a3c0c2c626db5cf083ba2c7a56ba

30/10/2021

SHA-256

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 21 Mutexes Occurrences Global\

30/10/2021

Win_Registry

HKCR\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\159 25 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name

30/10/2021

Win_Registry

HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name

30/10/2021

Win_Registry

068db1e257b566428c46010f19a42dcd23ae6194c1d3c24a148868e0e0695e97

30/10/2021

SHA-256

HKLM\SYSTEM\CONTROLSET001\SERVICES\SPECSYSTEM 11 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER Value Name

30/10/2021

Win_Registry

0820080d9f8346315bfe9a958b577862678558a683bd2c4724b04448f955955c

30/10/2021

SHA-256

00dddb6b092764a7775019faf174697467fead76e5db83834d524195197eaa1a

30/10/2021

SHA-256

0d1ece96794477cea3f688cb4c7fdf4124579e15b20954452056f38b6346a80b

30/10/2021

SHA-256

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 301 HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM Value Name

30/10/2021

Win_Registry

f0fa6bd0560a7377384ae7f80e9607097618f93a66a5286f4637a859e1ac9dce

30/10/2021

SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

30/10/2021

Win_Registry

06c350a661c1d72399371845d8e48c29f347d2bc37546664df8134f1a06bd181

30/10/2021

SHA-256

0c9a60dec3d6b10477ac4240d50c5570282a2d89041b757f33a1da9e37869dc9

30/10/2021

SHA-256

62.141.42.208

30/10/2021

IPv4

192.0.47.59

30/10/2021

IPv4

02c5c3722753f5199e764a1a7401ef2169e4a04b120adfb3fcfa8fa8e573479c

30/10/2021

SHA-256

0d0e5dc20240ceceb5a0b05eacf1b8b487740e6c5c90d9c8934ae7183048b783

30/10/2021

SHA-256

216.146.35.35

30/10/2021

IPv4

23.199.63.11

30/10/2021

IPv4

78931ad33a7493e34933aaa923e34a45f5fcff131196c9d1a974ccadac86f755

30/10/2021

SHA-256

2baae7257378a9f85d570bc41e5064cb2764c5f26be880dbf31e827b8ddb4162

30/10/2021

SHA-256

194.25.134.8

30/10/2021

IPv4

208.100.26.245

30/10/2021

IPv4

6391c49f4379c8c9a33d2d0deb17d270b729d22a638be7c89654f87032aebe53

30/10/2021

SHA-256

01fc1c8f3f7cb6015374861b028ae73178396d940953f3ab5afa2242abc95df0

30/10/2021

SHA-256

144.160.235.143

30/10/2021

IPv4

64.98.36.4

30/10/2021

IPv4

434eb217715b04f1583e261ae1023d0d6c3cb24114b5fef2a3dc748f825c3d92

30/10/2021

SHA-256

79c24d9f1403edaec393dbd02779720b28f77be3dde30ee5bfd5e676b3bea9dd

30/10/2021

SHA-256

67.195.204.72

30/10/2021

IPv4

46.165.254.206

30/10/2021

IPv4

CYBER45

Threat Roundup for October 22 to October 29

C45-2021-10-30-4

Indicators of Compromise (IOC) List