Edit tour

Windows Analysis Report
http://buzz.immobilien-friederich.de

Overview

General Information

Sample URL:http://buzz.immobilien-friederich.de
Analysis ID:1672292
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Confidence:60%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 6236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2132 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5004 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://buzz.immobilien-friederich.de" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: buzz.immobilien-friederich.de
Source: global trafficDNS traffic detected: DNS query: google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49675
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: classification engineClassification label: unknown0.win@23/0@16/2
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2132 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5004 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://buzz.immobilien-friederich.de"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2132 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5004 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1672292 URL: http://buzz.immobilien-frie... Startdate: 23/04/2025 Architecture: WINDOWS Score: 0 16 buzz.immobilien-friederich.de 2->16 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 18 192.168.2.5, 443, 49329, 49675 unknown unknown 6->18 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        process5 dnsIp6 20 www.google.com 192.178.49.196, 443, 49703 GOOGLEUS United States 11->20 22 google.com 11->22 24 buzz.immobilien-friederich.de 11->24

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://buzz.immobilien-friederich.de0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
192.178.49.206
truefalse
    high
    www.google.com
    192.178.49.196
    truefalse
      high
      buzz.immobilien-friederich.de
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        http://c.pki.goog/r/r4.crlfalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          192.178.49.196
          www.google.comUnited States
          15169GOOGLEUSfalse
          IP
          192.168.2.5
          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1672292
          Start date and time:2025-04-23 18:27:23 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 1m 59s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://buzz.immobilien-friederich.de
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:13
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:UNKNOWN
          Classification:unknown0.win@23/0@16/2
          Cookbook Comments:
          • URL browsing timeout or error
          • URL not reachable
          • Exclude process from analysis (whitelisted): audiodg.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 184.29.183.29, 23.220.73.19, 142.250.69.3, 192.178.49.174, 74.125.137.84, 142.250.69.14, 72.247.234.254, 4.175.87.197
          • Excluded domains from analysis (whitelisted): ev2-ring.msedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, c.pki.goog
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtOpenFile calls found.
          • VT rate limit hit for: http://buzz.immobilien-friederich.de
          No simulations
          No context
          No context
          No context
          No context
          No context
          No created / dropped files found
          No static file info

          Download Network PCAP: filteredfull

          • Total Packets: 46
          • 443 (HTTPS)
          • 80 (HTTP)
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Apr 23, 2025 18:28:12.729176998 CEST49676443192.168.2.520.189.173.14
          Apr 23, 2025 18:28:13.041392088 CEST49676443192.168.2.520.189.173.14
          Apr 23, 2025 18:28:13.650710106 CEST49676443192.168.2.520.189.173.14
          Apr 23, 2025 18:28:13.697627068 CEST49672443192.168.2.5204.79.197.203
          Apr 23, 2025 18:28:14.853869915 CEST49676443192.168.2.520.189.173.14
          Apr 23, 2025 18:28:17.291344881 CEST49676443192.168.2.520.189.173.14
          Apr 23, 2025 18:28:19.763602018 CEST4970080192.168.2.5192.178.49.195
          Apr 23, 2025 18:28:19.911644936 CEST8049700192.178.49.195192.168.2.5
          Apr 23, 2025 18:28:19.911719084 CEST4970080192.168.2.5192.178.49.195
          Apr 23, 2025 18:28:19.911838055 CEST4970080192.168.2.5192.178.49.195
          Apr 23, 2025 18:28:20.059742928 CEST8049700192.178.49.195192.168.2.5
          Apr 23, 2025 18:28:20.060168982 CEST8049700192.178.49.195192.168.2.5
          Apr 23, 2025 18:28:20.190143108 CEST4970080192.168.2.5192.178.49.195
          Apr 23, 2025 18:28:22.099986076 CEST49676443192.168.2.520.189.173.14
          Apr 23, 2025 18:28:23.307064056 CEST49672443192.168.2.5204.79.197.203
          Apr 23, 2025 18:28:23.917085886 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:23.917133093 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:23.917206049 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:23.917340994 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:23.917356014 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:24.238467932 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:24.238544941 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:24.239728928 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:24.239742041 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:24.240350008 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:24.290349960 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:31.713911057 CEST49676443192.168.2.520.189.173.14
          Apr 23, 2025 18:28:32.796086073 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:32.936192036 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:32.937274933 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:32.937313080 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:32.937325954 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:32.937336922 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:32.937341928 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:32.937350035 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:32.937370062 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:32.937397957 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:32.954875946 CEST4967980192.168.2.52.23.77.188
          Apr 23, 2025 18:28:33.260356903 CEST4967980192.168.2.52.23.77.188
          Apr 23, 2025 18:28:33.397862911 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.398166895 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.398196936 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.537818909 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.537910938 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.537923098 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.538995981 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.539017916 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.539091110 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.541613102 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.541629076 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.541661978 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.541687965 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.554939985 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.558552980 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.580143929 CEST49675443192.168.2.52.23.227.208
          Apr 23, 2025 18:28:33.580188036 CEST443496752.23.227.208192.168.2.5
          Apr 23, 2025 18:28:33.694730997 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.698472977 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.701339006 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.701358080 CEST44349684150.171.28.254192.168.2.5
          Apr 23, 2025 18:28:33.701396942 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.701443911 CEST49684443192.168.2.5150.171.28.254
          Apr 23, 2025 18:28:33.869672060 CEST4967980192.168.2.52.23.77.188
          Apr 23, 2025 18:28:34.221182108 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:34.221241951 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:34.223902941 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:34.684123993 CEST49703443192.168.2.5192.178.49.196
          Apr 23, 2025 18:28:34.684159040 CEST44349703192.178.49.196192.168.2.5
          Apr 23, 2025 18:28:35.072829008 CEST4967980192.168.2.52.23.77.188
          Apr 23, 2025 18:28:37.479958057 CEST4967980192.168.2.52.23.77.188
          Apr 23, 2025 18:28:42.292419910 CEST4967980192.168.2.52.23.77.188
          TimestampSource PortDest PortSource IPDest IP
          Apr 23, 2025 18:28:19.349256992 CEST53549191.1.1.1192.168.2.5
          Apr 23, 2025 18:28:19.448544025 CEST53609771.1.1.1192.168.2.5
          Apr 23, 2025 18:28:20.575642109 CEST53553431.1.1.1192.168.2.5
          Apr 23, 2025 18:28:23.774542093 CEST5793253192.168.2.51.1.1.1
          Apr 23, 2025 18:28:23.774800062 CEST5216653192.168.2.51.1.1.1
          Apr 23, 2025 18:28:23.915046930 CEST53521661.1.1.1192.168.2.5
          Apr 23, 2025 18:28:23.916014910 CEST53579321.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.014862061 CEST5137153192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.018917084 CEST5401153192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.023509979 CEST5898853192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.023660898 CEST5484153192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.208839893 CEST53548411.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.208975077 CEST53540111.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.225734949 CEST53589881.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.225928068 CEST53513711.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.226485014 CEST5389453192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.392836094 CEST53538941.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.396433115 CEST6099353192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.396584988 CEST6300753192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.538466930 CEST53630071.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.542160988 CEST53609931.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.579890013 CEST5424653192.168.2.58.8.8.8
          Apr 23, 2025 18:28:25.580157995 CEST5675753192.168.2.51.1.1.1
          Apr 23, 2025 18:28:25.720349073 CEST53567571.1.1.1192.168.2.5
          Apr 23, 2025 18:28:25.737221956 CEST53542468.8.8.8192.168.2.5
          Apr 23, 2025 18:28:26.817395926 CEST5300153192.168.2.51.1.1.1
          Apr 23, 2025 18:28:26.817713976 CEST5546053192.168.2.51.1.1.1
          Apr 23, 2025 18:28:26.958642006 CEST53530011.1.1.1192.168.2.5
          Apr 23, 2025 18:28:26.962250948 CEST53554601.1.1.1192.168.2.5
          Apr 23, 2025 18:28:31.992917061 CEST6083253192.168.2.51.1.1.1
          Apr 23, 2025 18:28:31.993217945 CEST4932953192.168.2.51.1.1.1
          Apr 23, 2025 18:28:32.134427071 CEST53493291.1.1.1192.168.2.5
          Apr 23, 2025 18:28:32.143724918 CEST53608321.1.1.1192.168.2.5
          Apr 23, 2025 18:28:32.144627094 CEST6469553192.168.2.51.1.1.1
          Apr 23, 2025 18:28:32.299067020 CEST53646951.1.1.1192.168.2.5
          Apr 23, 2025 18:28:37.512653112 CEST53619861.1.1.1192.168.2.5
          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Apr 23, 2025 18:28:23.774542093 CEST192.168.2.51.1.1.10x2a71Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:23.774800062 CEST192.168.2.51.1.1.10x9a14Standard query (0)www.google.com65IN (0x0001)false
          Apr 23, 2025 18:28:25.014862061 CEST192.168.2.51.1.1.10xa261Standard query (0)buzz.immobilien-friederich.deA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:25.018917084 CEST192.168.2.51.1.1.10x1165Standard query (0)buzz.immobilien-friederich.de65IN (0x0001)false
          Apr 23, 2025 18:28:25.023509979 CEST192.168.2.51.1.1.10xae15Standard query (0)buzz.immobilien-friederich.deA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:25.023660898 CEST192.168.2.51.1.1.10x5e0aStandard query (0)buzz.immobilien-friederich.de65IN (0x0001)false
          Apr 23, 2025 18:28:25.226485014 CEST192.168.2.51.1.1.10xac09Standard query (0)buzz.immobilien-friederich.deA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:25.396433115 CEST192.168.2.51.1.1.10x5ca2Standard query (0)buzz.immobilien-friederich.deA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:25.396584988 CEST192.168.2.51.1.1.10xf153Standard query (0)buzz.immobilien-friederich.de65IN (0x0001)false
          Apr 23, 2025 18:28:25.579890013 CEST192.168.2.58.8.8.80xa3f4Standard query (0)google.comA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:25.580157995 CEST192.168.2.51.1.1.10xc66dStandard query (0)google.comA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:26.817395926 CEST192.168.2.51.1.1.10x315eStandard query (0)buzz.immobilien-friederich.deA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:26.817713976 CEST192.168.2.51.1.1.10x4811Standard query (0)buzz.immobilien-friederich.de65IN (0x0001)false
          Apr 23, 2025 18:28:31.992917061 CEST192.168.2.51.1.1.10x3deeStandard query (0)buzz.immobilien-friederich.deA (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:31.993217945 CEST192.168.2.51.1.1.10xd6d7Standard query (0)buzz.immobilien-friederich.de65IN (0x0001)false
          Apr 23, 2025 18:28:32.144627094 CEST192.168.2.51.1.1.10xc7eaStandard query (0)buzz.immobilien-friederich.deA (IP address)IN (0x0001)false
          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Apr 23, 2025 18:28:23.915046930 CEST1.1.1.1192.168.2.50x9a14No error (0)www.google.com65IN (0x0001)false
          Apr 23, 2025 18:28:23.916014910 CEST1.1.1.1192.168.2.50x2a71No error (0)www.google.com192.178.49.196A (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:25.720349073 CEST1.1.1.1192.168.2.50xc66dNo error (0)google.com192.178.49.206A (IP address)IN (0x0001)false
          Apr 23, 2025 18:28:25.737221956 CEST8.8.8.8192.168.2.50xa3f4No error (0)google.com142.250.72.142A (IP address)IN (0x0001)false
          • c.pki.goog
          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.549700192.178.49.19580
          TimestampBytes transferredDirectionData
          Apr 23, 2025 18:28:19.911838055 CEST200OUTGET /r/r4.crl HTTP/1.1
          Cache-Control: max-age = 3000
          Connection: Keep-Alive
          Accept: */*
          If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
          User-Agent: Microsoft-CryptoAPI/10.0
          Host: c.pki.goog
          Apr 23, 2025 18:28:20.060168982 CEST1243INHTTP/1.1 200 OK
          Accept-Ranges: bytes
          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
          Cross-Origin-Resource-Policy: cross-origin
          Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
          Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
          Content-Length: 530
          X-Content-Type-Options: nosniff
          Server: sffe
          X-XSS-Protection: 0
          Date: Wed, 23 Apr 2025 15:50:42 GMT
          Expires: Wed, 23 Apr 2025 16:40:42 GMT
          Cache-Control: public, max-age=3000
          Age: 2257
          Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
          Content-Type: application/pkix-crl
          Vary: Accept-Encoding
          Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
          Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


          0510152025s020406080100

          Click to jump to process

          0510152025s0.0050100MB

          Click to jump to process

          Target ID:5
          Start time:12:28:13
          Start date:23/04/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff752ef0000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:6
          Start time:12:28:17
          Start date:23/04/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2132 /prefetch:3
          Imagebase:0x7ff752ef0000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:8
          Start time:12:28:20
          Start date:23/04/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,11824637956431572911,13485079937039191522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5004 /prefetch:8
          Imagebase:0x7ff752ef0000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:11
          Start time:12:28:23
          Start date:23/04/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://buzz.immobilien-friederich.de"
          Imagebase:0x7ff752ef0000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          No disassembly