Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

Details

Is windows:	true
Is dropped:	false
PID:	4700
Target ID:	0
Parent PID:	4276
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:28:01
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d31b0000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1816,i,5022074370972464970,18203705050085276685,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2960
Target ID:	1
Parent PID:	4700
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1816,i,5022074370972464970,18203705050085276685,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:28:02
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d31b0000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition

Details

Is windows:	true
Is dropped:	false
PID:	6048
Target ID:	2
Parent PID:	4276
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:28:03
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d31b0000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6676 --field-trial-handle=1816,i,5022074370972464970,18203705050085276685,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5620
Target ID:	7
Parent PID:	4700
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6676 --field-trial-handle=1816,i,5022074370972464970,18203705050085276685,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:29:05
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7d31b0000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 --field-trial-handle=1816,i,5022074370972464970,18203705050085276685,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5632
Target ID:	8
Parent PID:	4700
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 --field-trial-handle=1816,i,5022074370972464970,18203705050085276685,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:29:05
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d31b0000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition

https://www.fumo-solutions.com/fumo/javax.faces.resource/css/carrier-profile.css.xhtml?ln=default&v=7_7

82.165.77.29

https://app.fumo-solutions.com/fumo/javax.faces.resource/core.js.xhtml?ln=primefaces&v=11.0.7

82.165.145.122

https://app.fumo-solutions.com/fumo/javax.faces.resource/images/pdf.png.xhtml?ln=default&v=7_7

82.165.145.122

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/icon-iso-50001.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/fumo-compliant-shipper_220.png.xhtml?ln=default&v=7_7

82.165.77.29

https://app.fumo-solutions.com/fumo/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=11.0.7

82.165.145.122

https://www.fumo-solutions.com/de/software/fumo-profile/

82.165.77.29

https://www.youtube.com/s/player/4248d311/player_ias.vflset/en_US/embed.js

172.217.168.14

https://app.fumo-solutions.com/fumo/javax.faces.resource/filedownload/filedownload.js.xhtml?ln=primefaces&v=11.0.7

82.165.145.122

https://www.youtube.com/embed/-NuaZvsQkdg?autohide=1&controls=2&enablejsapi=1&origin=https%3A%2F%2Fwww.fumo-solutions.com&showinfo=0

172.217.168.14

https://www.fumo-solutions.com/typo3temp/assets/compressed/merged-27875068a04e6b8a0a1f2f4d3c6bbb93-e3d18021f2004985ea1010275b1c7717.js.1663177734.gzip

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/icon-trusted-carrier.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition

82.165.77.29

https://schunck-group.de/wp-content/cache/autoptimize/css/autoptimize_single_ad3b01da35d997c344678abc53b1e28a.css?ver=6.1.1

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/css/theme.css.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Vendor/jquery/3.6.0/jquery.min.js

82.165.77.29

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Images/dist/favicon.ico

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/icon-location.svg.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/

82.165.77.29

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Vendor/klaro/klaro.min.1613405160.css

82.165.77.29

https://schunck-group.de/wp-content/cache/autoptimize/js/autoptimize_53582f0ab388ada329fbbd231a360207.js

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/icon-phone.svg.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/css/bootstrap.min.css.xhtml?ln=default&v=7_7

82.165.77.29

https://app.fumo-solutions.com/fumo/javax.faces.resource/images/icon-location.svg.xhtml?ln=default&v=7_7

82.165.145.122

https://app.fumo-solutions.com/fumo/javax.faces.resource/images/logo-fumo.svg.xhtml?ln=default&v=7_7

82.165.145.122

https://schunck-group.de/wp-content/plugins/jquery-manager/assets/js/jquery-3.5.1.min.js

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/pdf-big.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/fumo-compliant-4pl_220.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

172.217.168.14

https://app.fumo-solutions.com/fumo/view/register/

82.165.145.122

https://app.fumo-solutions.com/fumo/javax.faces.resource/primeicons/primeicons.css.xhtml?ln=primefaces&v=11.0.7

82.165.145.122

https://schunck-group.de/wp-content/themes/schunck/bootstrap/css/bootstrap.min.css?ver=4.3.1

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/jquery/jquery-plugins.js.xhtml?ln=primefaces&v=11.0.7

82.165.77.29

https://www.fumo-solutions.com/fileadmin/user_upload/images/header/web-plattform.png

82.165.77.29

https://app.fumo-solutions.com/fumo/javax.faces.resource/images/ajax-loader.gif.xhtml?ln=default&v=7_7

82.165.145.122

https://www.fumo-solutions.com/de/software/fumo-auditor/

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

172.217.168.34

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/palette.png.xhtml?ln=default&v=7_7

82.165.77.29

https://app.fumo-solutions.com/fumo/javax.faces.resource/css/bootstrap.min.css.xhtml?ln=default&v=7_7

82.165.145.122

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/sponsored-by.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.youtube.com/s/player/4248d311/www-embed-player.vflset/www-embed-player.js

172.217.168.14

https://www.fumo-solutions.com/de/software/fumo-compliant-carrier/

https://schunck-group.de/wp-content/uploads/maxmegamenu/style_en_gb.css?ver=2275c9

188.40.3.217

https://www.fumo-solutions.com/en/

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Images/dist/logo-fumo.svg

82.165.77.29

https://yt3.ggpht.com/ytc/AMLnZu97YhywblkRCY2PFQekuYogW5H5ap49N5Ca0gb_=s68-c-k-c0x00ffffff-no-rj

142.250.203.97

https://schunck-group.de/wp-content/themes/schunck/assets/src/img/arrow-top.svg

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/fumo-compliant-carrier_220.png.xhtml?ln=default&v=7_7

82.165.77.29

https://static.doubleclick.net/instream/ad_status.js

172.217.168.38

https://www.fumo-solutions.com/fileadmin/_processed_/3/c/csm_schunck_approved_402608e30d.png

82.165.77.29

https://schunck-group.de/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.10.0

188.40.3.217

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Vendor/klaro/config.1668156416.js

82.165.77.29

https://schunck-group.de/wp-content/cache/borlabs-cookie/borlabs-cookie_1_en.css?ver=2.2.61-21

188.40.3.217

https://schunck-group.de/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

188.40.3.217

https://googleads.g.doubleclick.net/pagead/id

172.217.168.34

https://schunck-group.de/wp-content/themes/schunck/assets/src/fonts/Montserrat-SemiBold.ttf

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/theme.css.xhtml?ln=primefaces-metroui&v=11.0.7

82.165.77.29

https://schunck-group.de/en/home/

188.40.3.217

https://www.fumo-solutions.com/en/

82.165.77.29

https://schunck-group.de/wp-content/uploads/2019/04/addon.png.pagespeed.ce.iQMuLiHEUI.png

188.40.3.217

https://app.fumo-solutions.com/fumo/javax.faces.resource/images/icon-phone.svg.xhtml?ln=default&v=7_7

82.165.145.122

https://www.youtube.com/s/player/4248d311/fetch-polyfill.vflset/fetch-polyfill.js

172.217.168.14

https://schunck-group.de/wp-content/themes/schunck/assets/src/fonts/Montserrat-Regular.ttf

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/logo-fumo.svg.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/fumo_auditor_220.png.xhtml?ln=default&v=7_7

82.165.77.29

https://schunck-group.de/wp-content/themes/schunck/assets/src/img/arrow-bottom.svg

188.40.3.217

https://app.fumo-solutions.com/fumo/javax.faces.resource/images/profilegb.png.xhtml?ln=default

82.165.145.122

https://www.fumo-solutions.com/typo3temp/assets/compressed/merged-27875068a04e6b8a0a1f2f4d3c6bbb93-e3d18021f2004985ea1010275b1c7717.1663177734.js

82.165.77.29

https://schunck-group.de/wp-includes/css/dashicons.min.css?ver=6.1.1

188.40.3.217

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Scripts/dist/main.js

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/profile-standard-220.png.xhtml?ln=default&v=7_7

82.165.77.29

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

216.58.215.238

https://schunck-group.de/wp-content/uploads/ecclesia-group.jpg

188.40.3.217

https://schunck-group.de/wp-content/themes/schunck/assets/css/fonts/slick.woff

188.40.3.217

https://app.fumo-solutions.com/fumo/javax.faces.resource/css/theme.css.xhtml?ln=default&v=7_7

82.165.145.122

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Vendor/modernizr.min.js

82.165.77.29

https://schunck-group.de/wp-includes/css/classic-themes.min.css?ver=1

188.40.3.217

https://www.fumo-solutions.com/fumo/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=11.0.7

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/core.js.xhtml?ln=primefaces&v=11.0.7

82.165.77.29

https://schunck-group.de/wp-content/uploads/bergsteiger-1.jpg

188.40.3.217

https://www.fumo-solutions.com/fileadmin/user_upload/images/header/home.png

82.165.77.29

https://www.youtube.com/embed/5qnE0J2QF_Q?autohide=1&controls=2&enablejsapi=1&origin=https%3A%2F%2Fwww.fumo-solutions.com&showinfo=0

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/pdf.png.xhtml?ln=default&v=7_7

82.165.77.29

https://schunck-group.de/wp-content/themes/schunck/assets/src/img/arrow-green.svg

188.40.3.217

https://app.fumo-solutions.com/fumo/view/register/

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/lkw.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/typo3conf/ext/fumo_theme/Resources/Public/Scripts/dist/jquery.matchHeight.js

82.165.77.29

https://www.youtube.com/s/player/4248d311/player_ias.vflset/en_US/remote.js

172.217.168.14

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/icon-lean-and-green.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/home.png.xhtml?ln=default

82.165.77.29

https://schunck-group.de/wp-content/uploads/2019/08/Schunck_MySCHUNCK_A19-365_RZ_web.jpg

188.40.3.217

https://www.fumo-solutions.com/de/software/fumo-compliant-carrier/

82.165.77.29

https://schunck-group.de/wp-content/themes/schunck/assets/src/img/arrow-white.svg

188.40.3.217

https://schunck-group.de/wp-content/themes/schunck/assets/css/ajax-loader.gif

188.40.3.217

https://www.fumo-solutions.com/fileadmin/_processed_/9/2/csm_compliantprofile_ab41f023ec.png

82.165.77.29

https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/profilegb.png.xhtml?ln=default

82.165.77.29

https://www.fumo-solutions.com/de/software/fumo-profile/

https://www.fumo-solutions.com/fumo/javax.faces.resource/images/icon-emas.png.xhtml?ln=default&v=7_7

82.165.77.29

https://www.fumo-solutions.com/fumo/javax.faces.resource/primeicons/primeicons.css.xhtml?ln=primefaces&v=11.0.7

82.165.77.29

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

www.fumo-solutions.com

82.165.77.29

hcaptcha.com

104.16.168.131

youtube-ui.l.google.com

172.217.168.14

accounts.google.com

142.250.203.109

googleads.g.doubleclick.net

172.217.168.34

i.ytimg.com

172.217.168.54

photos-ugc.l.googleusercontent.com

142.250.203.97

www.google.com

142.250.203.100

clients.l.google.com

216.58.215.238

static.doubleclick.net

172.217.168.38

app.fumo-solutions.com

82.165.145.122

schunck-group.de

188.40.3.217

yt3.ggpht.com

unknown

clients2.google.com

unknown

www.youtube.com

unknown

There are 5 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

192.168.2.1

unknown

216.58.215.238

clients.l.google.com

United States

142.250.203.100

www.google.com

United States

188.40.3.217

schunck-group.de

Germany

172.217.168.34

googleads.g.doubleclick.net

United States

172.217.168.14

youtube-ui.l.google.com

United States

142.250.203.97

photos-ugc.l.googleusercontent.com

United States

239.255.255.250

unknown

Reserved

172.217.168.54

i.ytimg.com

United States

82.165.145.122

app.fumo-solutions.com

Germany

172.217.168.38

static.doubleclick.net

United States

127.0.0.1

unknown

142.250.203.109

accounts.google.com

United States

82.165.77.29

www.fumo-solutions.com

Germany

There are 4 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

module_blocklist_cache_md5_digest

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry

TraceTimeLast

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit

Version

There are 45 hidden registries, click here to show them.

DOM / HTML

URL

Malicious

https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition

https://app.fumo-solutions.com/fumo/view/register/

https://schunck-group.de/en/home/

https://www.fumo-solutions.com/de/software/fumo-compliant-carrier/

https://www.fumo-solutions.com/en/

https://www.fumo-solutions.com/de/software/fumo-auditor/

https://www.youtube.com/embed/-NuaZvsQkdg?autohide=1&controls=2&enablejsapi=1&origin=https%3A%2F%2Fwww.fumo-solutions.com&showinfo=0

https://www.fumo-solutions.com/de/software/fumo-profile/

https://www.youtube.com/embed/5qnE0J2QF_Q?autohide=1&controls=2&enablejsapi=1&origin=https%3A%2F%2Fwww.fumo-solutions.com&showinfo=0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition

Processes

URLs

Domains

IPs

Registry

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition

Processes

URLs

Domains

IPs

Registry

DOM / HTML

IOC Report
https://www.fumo-solutions.com/fumo/profile/Paul_Will_GmbH_und_Co_KG_Spedition