C45-2022-09-03-2

Indicator of Compromise (IOC)	Date Published	IOC Type
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION Value Name	03/09/2022	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT\DB-LIB 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT\SUPERSOCKETNETLIB 45 HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT Value Name	03/09/2022	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\VSS Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name	03/09/2022	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\OQBAZG7TYHTA203\ATJMVRXU7DWVTQMOVW75 Value Name	03/09/2022	Win_Registry
9a70b72fa75e9f9c3e2497457d332c26	03/09/2022	MD5
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\WNHJWQZHBIRVRA224 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\TNNOKQEOKS91GA2LCMWPH6IIE51\WZHY5EK0J8ED51 Value Name	03/09/2022	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT\SUPERSOCKETNETLIB Value Name	03/09/2022	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name	03/09/2022	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name	03/09/2022	Win_Registry
894f56e5131f56d3248c4e688de24b70	03/09/2022	MD5
ea05f6895900370af4c4072c97ed86a2	03/09/2022	MD5
1bb52c4380360c6c5ede0e9633f41905	03/09/2022	MD5
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 18 HKCR\LOCAL SETTINGS\MUICACHE\82\52C64B7E Value Name	03/09/2022	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\OQBAZG7TYHTA203 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\OQBAZG7TYHTA203\ATJMVRXU7DWVTQMOVW75 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\YAPCUBB9WTPSKYCICPURQGTTVZSSZFZV9XZMYAD173 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\YAPCUBB9WTPSKYCICPURQGTTVZSSZFZV9XZMYAD173\ZMD1ZDDSRHXRHJRA7YJEA5BX8K4IU8VF0XR178 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\TNNOKQEOKS91GA2LCMWPH6IIE51 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\TNNOKQEOKS91GA2LCMWPH6IIE51\WZHY5EK0J8ED51 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\YAPCUBB9WTPSKYCICPURQGTTVZSSZFZV9XZMYAD173\ZMD1ZDDSRHXRHJRA7YJEA5BX8K4IU8VF0XR178 Value Name	03/09/2022	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name	03/09/2022	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM 2 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SYSTEMRESTORE Value Name	03/09/2022	Win_Registry
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\WNHJWQZHBIRVRA224\B753 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\WNHJWQZHBIRVRA224\B753 Value Name	03/09/2022	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\	03/09/2022	Win_Registry
HKCR\LOCAL SETTINGS\MUICACHE\82\52C64B7E Value Name	03/09/2022	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\OSE Value Name	03/09/2022	Win_Registry
911dfc525e2ca360ae05fdde5aa84df4	03/09/2022	MD5
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name	03/09/2022	Win_Registry
HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name	03/09/2022	Win_Registry
9aa8ef433012e7b4662a4e36dd41df76b5be268f7cc2073a7361467509d5256a	03/09/2022	SHA-256
2f6fa4f49fb85c80342285a08bd5fc0b9e3f3198f4854973824567fb131b07e0	03/09/2022	SHA-256
1abb5ce77ce286aac491f9363161554eb0894dfb425e4457aee3cd3fc22982e9	03/09/2022	SHA-256
02876781ecf3b9c9dfa90f74ef4fb7d6bb60a35a2c09d3895dff3b6d5a1ebb8b	03/09/2022	SHA-256
2ba447c32a9cfa066bbc502772d11c9fb62404c090a9de7c83d9aa4151dbf35c	03/09/2022	SHA-256
35a047096848277ecedf71875652c55466a6d1a167bb82e810591951d991c0ff	03/09/2022	SHA-256
234eb8f2d2c1a731eb5672006b5c449761e8536b2f6d4b40d20f54e74d631807	03/09/2022	SHA-256
2bc2fc0088f069fb5bb5e448b106a6dc91e5177e00c443571baecac8b8afd8f9	03/09/2022	SHA-256
1bcb487b3582e158e38e1d76365254022f18a3033c9ca23b5da0c964ead1147a	03/09/2022	SHA-256
44317a91b1c813dc8423423cc5a1130e34264f5ab8cc4b35e05da3b7eaacc3f2	03/09/2022	SHA-256
1a85cf3317d5a030ab87d02649769a6a0bfb1b342ecc46f1bc26e1f651fbb1ed	03/09/2022	SHA-256
01dc08a7611de9ed95addbdc484f028da8c4cc4f2f04bf007955e8e7771af2ad	03/09/2022	SHA-256
2b6326b6b21207fd649683ac43062c06eace7074bbd3f726f200a8717b02c75f	03/09/2022	SHA-256
b91c165d0aa38b11ab8dd8d8d00a460b78302c331478cc04b60f98eddecb1356	03/09/2022	SHA-256
1dc5ac655a745dc442a017eb4fe0d86a0877726d4c84a026e8eb3dbe528953f9	03/09/2022	SHA-256
32c9b04c79b44e5c331c6497b9c11ce942b53e9fe6d6b57211e2dac442bb4d8b	03/09/2022	SHA-256
0b8d380e9ff7c2cdd17b4e95d6663d1b21db1c955b0c933d68bd66c9c8b1b74b	03/09/2022	SHA-256
01d99de8be5d399beb94238ded93f68cecce9b05010ec2095fb88dfea30be905	03/09/2022	SHA-256
433bedd8a7ee7e1585a93cc9076941d3d31c33c602f116e407da8bddd9db9ea6	03/09/2022	SHA-256

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION Value Name

03/09/2022

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER\SVC\S-1-5-21-2580483871-590521980-3826313501-500 Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT\DB-LIB 45 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT\SUPERSOCKETNETLIB 45 HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT Value Name

03/09/2022

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\VSS Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\STATE Value Name

03/09/2022

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\OQBAZG7TYHTA203\ATJMVRXU7DWVTQMOVW75 Value Name

03/09/2022

Win_Registry

9a70b72fa75e9f9c3e2497457d332c26

03/09/2022

MD5

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\WNHJWQZHBIRVRA224 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\TNNOKQEOKS91GA2LCMWPH6IIE51\WZHY5EK0J8ED51 Value Name

03/09/2022

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MSSQLSERVER\CLIENT\SUPERSOCKETNETLIB Value Name

03/09/2022

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name

03/09/2022

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name

03/09/2022

Win_Registry

894f56e5131f56d3248c4e688de24b70

03/09/2022

MD5

ea05f6895900370af4c4072c97ed86a2

03/09/2022

MD5

1bb52c4380360c6c5ede0e9633f41905

03/09/2022

MD5

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST 18 HKCR\LOCAL SETTINGS\MUICACHE\82\52C64B7E Value Name

03/09/2022

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\OQBAZG7TYHTA203 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\OQBAZG7TYHTA203\ATJMVRXU7DWVTQMOVW75 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\YAPCUBB9WTPSKYCICPURQGTTVZSSZFZV9XZMYAD173 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\YAPCUBB9WTPSKYCICPURQGTTVZSSZFZV9XZMYAD173\ZMD1ZDDSRHXRHJRA7YJEA5BX8K4IU8VF0XR178 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\TNNOKQEOKS91GA2LCMWPH6IIE51 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\TNNOKQEOKS91GA2LCMWPH6IIE51\WZHY5EK0J8ED51 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\YAPCUBB9WTPSKYCICPURQGTTVZSSZFZV9XZMYAD173\ZMD1ZDDSRHXRHJRA7YJEA5BX8K4IU8VF0XR178 Value Name

03/09/2022

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE Value Name

03/09/2022

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM 2 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SYSTEMRESTORE Value Name

03/09/2022

Win_Registry

HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\WNHJWQZHBIRVRA224\B753 11 HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\WNHJWQZHBIRVRA224\B753 Value Name

03/09/2022

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\

03/09/2022

Win_Registry

HKCR\LOCAL SETTINGS\MUICACHE\82\52C64B7E Value Name

03/09/2022

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\OSE Value Name

03/09/2022

Win_Registry

911dfc525e2ca360ae05fdde5aa84df4

03/09/2022

MD5

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name

03/09/2022

Win_Registry

HKLM\SOFTWARE\MICROSOFT\.NETFRAMEWORK\V2.0.50727\NGENSERVICE\LISTENEDSTATE Value Name

03/09/2022

Win_Registry

9aa8ef433012e7b4662a4e36dd41df76b5be268f7cc2073a7361467509d5256a

03/09/2022

SHA-256

2f6fa4f49fb85c80342285a08bd5fc0b9e3f3198f4854973824567fb131b07e0

03/09/2022

SHA-256

1abb5ce77ce286aac491f9363161554eb0894dfb425e4457aee3cd3fc22982e9

03/09/2022

SHA-256

02876781ecf3b9c9dfa90f74ef4fb7d6bb60a35a2c09d3895dff3b6d5a1ebb8b

03/09/2022

SHA-256

2ba447c32a9cfa066bbc502772d11c9fb62404c090a9de7c83d9aa4151dbf35c

03/09/2022

SHA-256

35a047096848277ecedf71875652c55466a6d1a167bb82e810591951d991c0ff

03/09/2022

SHA-256

234eb8f2d2c1a731eb5672006b5c449761e8536b2f6d4b40d20f54e74d631807

03/09/2022

SHA-256

2bc2fc0088f069fb5bb5e448b106a6dc91e5177e00c443571baecac8b8afd8f9

03/09/2022

SHA-256

1bcb487b3582e158e38e1d76365254022f18a3033c9ca23b5da0c964ead1147a

03/09/2022

SHA-256

44317a91b1c813dc8423423cc5a1130e34264f5ab8cc4b35e05da3b7eaacc3f2

03/09/2022

SHA-256

1a85cf3317d5a030ab87d02649769a6a0bfb1b342ecc46f1bc26e1f651fbb1ed

03/09/2022

SHA-256

01dc08a7611de9ed95addbdc484f028da8c4cc4f2f04bf007955e8e7771af2ad

03/09/2022

SHA-256

2b6326b6b21207fd649683ac43062c06eace7074bbd3f726f200a8717b02c75f

03/09/2022

SHA-256

b91c165d0aa38b11ab8dd8d8d00a460b78302c331478cc04b60f98eddecb1356

03/09/2022

SHA-256

1dc5ac655a745dc442a017eb4fe0d86a0877726d4c84a026e8eb3dbe528953f9

03/09/2022

SHA-256

32c9b04c79b44e5c331c6497b9c11ce942b53e9fe6d6b57211e2dac442bb4d8b

03/09/2022

SHA-256

0b8d380e9ff7c2cdd17b4e95d6663d1b21db1c955b0c933d68bd66c9c8b1b74b

03/09/2022

SHA-256

01d99de8be5d399beb94238ded93f68cecce9b05010ec2095fb88dfea30be905

03/09/2022

SHA-256

433bedd8a7ee7e1585a93cc9076941d3d31c33c602f116e407da8bddd9db9ea6

03/09/2022

SHA-256

CYBER45

Threat Roundup for August 26 to September 2

C45-2022-09-03-2

Indicators of Compromise (IOC) List