Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2

Overview

General Information

Sample URL:https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37Ek
Analysis ID:1658531
Infos:

Detection

Score:1
Range:0 - 100
Confidence:100%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,13868009940542906112,16249976357657697629,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 1532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2mBbRd6peHWPVTQ5AH8lqO5WK%2FvxR%2F%2ByjOoOg8gqKhIulzxv0xGfuiuzMK6w%3D" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://encrypt.barracudanetworks.com/userHTTP Parser: Title: Account Settings for carrie.meek@vcf.com does not match URL
Source: https://encrypt.barracudanetworks.com/userHTTP Parser: <input type="password" .../> found
Source: https://encrypt.barracudanetworks.com/userHTTP Parser: No <meta name="author".. found
Source: https://encrypt.barracudanetworks.com/userHTTP Parser: No <meta name="author".. found
Source: https://encrypt.barracudanetworks.com/userHTTP Parser: No <meta name="copyright".. found
Source: https://encrypt.barracudanetworks.com/userHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.39:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 12MB later: 37MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
Source: global trafficHTTP traffic detected: GET /login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2mBbRd6peHWPVTQ5AH8lqO5WK%2FvxR%2F%2ByjOoOg8gqKhIulzxv0xGfuiuzMK6w%3D HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /user HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /css/pattern.css HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /css/global.css HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /js/newrelic.js HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /js/jquery-1.8.0.min.js HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /js/tdf.js HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /js/global.js HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /js/lml.js HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /js/stats.js HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /images/help_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/css/global.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /js/stats.js?screen=1280x1024&win=1280x897&cdi=24&java=false&shk=n&svg=y&fla=n&rp=n&mov=n&wma=n&pdf=y&uid=awsuser_id1744041325306r1250&sid=awssession_id1744041325306r1250 HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /include/images/cloud/top_gradient.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/css/global.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /include/images/cloud/logo.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/css/global.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /images/home_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/css/global.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /images/settings_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/css/global.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /images/log_off_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/css/global.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A
Source: global trafficHTTP traffic detected: GET /images/help_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /include/images/cloud/logo.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /images/home_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /include/images/cloud/top_gradient.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /images/settings_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /images/log_off_white.png HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://encrypt.barracudanetworks.com/userAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /nr-spa-1118.min.js HTTP/1.1Host: js-agent.newrelic.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://encrypt.barracudanetworks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: encrypt.barracudanetworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sid=gTR6rOxhGng%2F1lyGY8AA3V2Tn1EzAMAcGVgV%2Fji5dzI; eek=GVGn7KGev7z8HftMBuKqLZDoqTU6TzHGgnwXoGPQYBg%3D%0A; AWSUSER_ID=awsuser_id1744041325306r1250; AWSSESSION_ID=awssession_id1744041325306r1250
Source: global trafficHTTP traffic detected: GET /1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=5087&ref=https://encrypt.barracudanetworks.com/user&be=3040&fe=4434&dc=3546&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1744041321764,%22n%22:0,%22r%22:12,%22re%22:1927,%22f%22:1927,%22dn%22:1929,%22dne%22:1929,%22c%22:1929,%22s%22:1930,%22ce%22:2175,%22rq%22:2175,%22rp%22:2420,%22rpe%22:2421,%22dl%22:2426,%22di%22:3546,%22ds%22:3546,%22de%22:3551,%22dc%22:4433,%22l%22:4433,%22le%22:4435%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&jsonp=NREUM.setToken HTTP/1.1Host: bam.nr-data.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://encrypt.barracudanetworks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /events/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=5634&ref=https://encrypt.barracudanetworks.com/user HTTP/1.1Host: bam.nr-data.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=1398c7e133eb6b80
Source: global trafficDNS traffic detected: DNS query: encrypt.barracudanetworks.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: js-agent.newrelic.com
Source: global trafficDNS traffic detected: DNS query: bam.nr-data.net
Source: unknownHTTP traffic detected: POST /events/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=5634&ref=https://encrypt.barracudanetworks.com/user HTTP/1.1Host: bam.nr-data.netConnection: keep-aliveContent-Length: 171sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: text/plainsec-ch-ua-mobile: ?0Accept: */*Origin: https://encrypt.barracudanetworks.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://encrypt.barracudanetworks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=1398c7e133eb6b80
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.140.234.202:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.39:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6872_1769025488
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6872_1769025488
Source: classification engineClassification label: clean1.win@22/0@12/133
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,13868009940542906112,16249976357657697629,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2mBbRd6peHWPVTQ5AH8lqO5WK%2FvxR%2F%2ByjOoOg8gqKhIulzxv0xGfuiuzMK6w%3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,13868009940542906112,16249976357657697629,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2mBbRd6peHWPVTQ5AH8lqO5WK%2FvxR%2F%2ByjOoOg8gqKhIulzxv0xGfuiuzMK6w%3D0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://encrypt.barracudanetworks.com/include/images/cloud/top_gradient.png0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/js/stats.js0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/images/home_white.png0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/js/lml.js0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/js/global.js0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/include/images/cloud/logo.png0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/js/tdf.js0%Avira URL Cloudsafe
https://bam.nr-data.net/events/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=5634&ref=https://encrypt.barracudanetworks.com/user0%Avira URL Cloudsafe
https://bam.nr-data.net/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=5087&ref=https://encrypt.barracudanetworks.com/user&be=3040&fe=4434&dc=3546&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1744041321764,%22n%22:0,%22r%22:12,%22re%22:1927,%22f%22:1927,%22dn%22:1929,%22dne%22:1929,%22c%22:1929,%22s%22:1930,%22ce%22:2175,%22rq%22:2175,%22rp%22:2420,%22rpe%22:2421,%22dl%22:2426,%22di%22:3546,%22ds%22:3546,%22de%22:3551,%22dc%22:4433,%22l%22:4433,%22le%22:4435%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&jsonp=NREUM.setToken0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/favicon.ico0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/images/log_off_white.png0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/css/global.css0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/js/jquery-1.8.0.min.js0%Avira URL Cloudsafe
https://js-agent.newrelic.com/nr-spa-1118.min.js0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/images/settings_white.png0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/css/pattern.css0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/js/stats.js?screen=1280x1024&win=1280x897&cdi=24&java=false&shk=n&svg=y&fla=n&rp=n&mov=n&wma=n&pdf=y&uid=awsuser_id1744041325306r1250&sid=awssession_id1744041325306r12500%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/js/newrelic.js0%Avira URL Cloudsafe
https://encrypt.barracudanetworks.com/images/help_white.png0%Avira URL Cloudsafe
https://bam.nr-data.net/jserrors/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=65093&ref=https://encrypt.barracudanetworks.com/user&xhr=%5B%7B%22params%22:%7B%22method%22:%22POST%22,%22host%22:%22bam.nr-data.net:443%22,%22pathname%22:%22/events/1/9583f6425f%22,%22status%22:200%7D,%22metrics%22:%7B%22count%22:1,%22txSize%22:%7B%22t%22:171%7D,%22duration%22:%7B%22t%22:435%7D,%22rxSize%22:%7B%22t%22:24%7D,%22cbTime%22:%7B%22t%22:0%7D,%22time%22:%7B%22t%22:5636%7D%7D%7D%5D0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fastly-tls12-bam.nr-data.net
162.247.243.29
truefalse
    		high
    encrypt.barracudanetworks.com
    		3.140.234.202
    		truefalse
      		high
      js-agent.newrelic.com
      		162.247.243.39
      		truefalse
        		high
        www.google.com
        		142.251.40.132
        		truefalse
          		high
          bam.nr-data.net
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://encrypt.barracudanetworks.com/js/stats.jsfalse
            • Avira URL Cloud: safe
            		unknown
            https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2mBbRd6peHWPVTQ5AH8lqO5WK%2FvxR%2F%2ByjOoOg8gqKhIulzxv0xGfuiuzMK6w%3Dfalse
              		unknown
              https://encrypt.barracudanetworks.com/images/home_white.pngfalse
              • Avira URL Cloud: safe
              		unknown
              https://bam.nr-data.net/jserrors/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=65093&ref=https://encrypt.barracudanetworks.com/user&xhr=%5B%7B%22params%22:%7B%22method%22:%22POST%22,%22host%22:%22bam.nr-data.net:443%22,%22pathname%22:%22/events/1/9583f6425f%22,%22status%22:200%7D,%22metrics%22:%7B%22count%22:1,%22txSize%22:%7B%22t%22:171%7D,%22duration%22:%7B%22t%22:435%7D,%22rxSize%22:%7B%22t%22:24%7D,%22cbTime%22:%7B%22t%22:0%7D,%22time%22:%7B%22t%22:5636%7D%7D%7D%5Dfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/include/images/cloud/top_gradient.pngfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/include/images/cloud/logo.pngfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/favicon.icofalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/js/global.jsfalse
              • Avira URL Cloud: safe
              		unknown
              https://bam.nr-data.net/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=5087&ref=https://encrypt.barracudanetworks.com/user&be=3040&fe=4434&dc=3546&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1744041321764,%22n%22:0,%22r%22:12,%22re%22:1927,%22f%22:1927,%22dn%22:1929,%22dne%22:1929,%22c%22:1929,%22s%22:1930,%22ce%22:2175,%22rq%22:2175,%22rp%22:2420,%22rpe%22:2421,%22dl%22:2426,%22di%22:3546,%22ds%22:3546,%22de%22:3551,%22dc%22:4433,%22l%22:4433,%22le%22:4435%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&jsonp=NREUM.setTokenfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/js/tdf.jsfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/js/lml.jsfalse
              • Avira URL Cloud: safe
              		unknown
              https://bam.nr-data.net/events/1/9583f6425f?a=152029436&sa=1&v=1118.0c07c19&t=Unnamed%20Transaction&rst=5634&ref=https://encrypt.barracudanetworks.com/userfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/js/jquery-1.8.0.min.jsfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/images/log_off_white.pngfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/css/global.cssfalse
              • Avira URL Cloud: safe
              		unknown
              https://js-agent.newrelic.com/nr-spa-1118.min.jsfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/css/pattern.cssfalse
              • Avira URL Cloud: safe
              		unknown
              https://encrypt.barracudanetworks.com/userfalse
                		unknown
                https://encrypt.barracudanetworks.com/images/settings_white.pngfalse
                • Avira URL Cloud: safe
                		unknown
                https://encrypt.barracudanetworks.com/js/newrelic.jsfalse
                • Avira URL Cloud: safe
                		unknown
                https://encrypt.barracudanetworks.com/js/stats.js?screen=1280x1024&win=1280x897&cdi=24&java=false&shk=n&svg=y&fla=n&rp=n&mov=n&wma=n&pdf=y&uid=awsuser_id1744041325306r1250&sid=awssession_id1744041325306r1250false
                • Avira URL Cloud: safe
                		unknown
                https://encrypt.barracudanetworks.com/images/help_white.pngfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.65.170
                		unknownUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                142.250.65.174
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.251.40.227
                		unknownUnited States
                		15169GOOGLEUSfalse
                172.253.62.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                3.140.234.202
                		encrypt.barracudanetworks.comUnited States
                		16509AMAZON-02USfalse
                142.250.81.227
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.80.78
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.251.40.132
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                162.247.243.29
                		fastly-tls12-bam.nr-data.netUnited States
                		13335CLOUDFLARENETUSfalse
                162.247.243.39
                		js-agent.newrelic.comUnited States
                		13335CLOUDFLARENETUSfalse
                142.250.176.195
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.251.35.174
                		unknownUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.16

                General Information

                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1658531
                Start date and time:2025-04-07 17:54:52 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2mBbRd6peHWPVTQ5AH8lqO5WK%2FvxR%2F%2ByjOoOg8gqKhIulzxv0xGfuiuzMK6w%3D
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean1.win@22/0@12/133
                • Exclude process from analysis (whitelisted): svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.251.40.227, 142.251.35.174, 172.253.62.84, 142.250.65.174, 142.250.80.110, 142.250.80.78, 142.250.65.238, 142.250.65.170, 142.250.80.10, 142.251.40.170, 142.251.40.106, 142.250.64.106, 172.217.165.138, 142.251.41.10, 142.250.80.106, 142.250.80.74, 142.251.40.234, 142.251.40.202, 142.250.72.106, 142.251.40.138, 142.250.176.202, 142.251.35.170, 142.250.80.42
                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, clientservices.googleapis.com, clients.l.google.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenFile calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: https://encrypt.barracudanetworks.com/login?nid=U2FsdGVkX1%2B7UX9NQcoGqqSwlzeys4BZyuo%2BnxWTRMFab2ju7HW39zgy%2BNf8P3Y5oli24DoZwsemaylbImRm%2FXF3FAry3BcK22wa%2BfL0Q9stKD%2FcnhCmrFSIh9cn5Tojxv6PNqcg37EkXuocwDzHxMNxrUuI3R4ns45TQ2yKw5zt6w52z0RilYvGPBCdYvwAwuacIpHCi1DwjaCEgxhWQmtj4cl2gCEwoXjB9skWT4olJxy2mBbRd6peHWPVTQ5AH8lqO5WK%2FvxR%2F%2ByjOoOg8gqKhIulzxv0xGfuiuzMK6w%3D

                Created / dropped Files

                No created / dropped files found

                Static File Info

                No static file info