19dccd0824c34d11ad2f2064a7550b26f2d74e87bfab69b3b3f1cc1cb499066a

Analysis

max time kernel
128s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 04:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dda8c3c1ade0e58106e04fcaf8460ed_JaffaCakes118.html
Size

23KB
MD5

3dda8c3c1ade0e58106e04fcaf8460ed
SHA1

425b30c54514591abb3737a888fd4a6de0b4f0fd
SHA256

19dccd0824c34d11ad2f2064a7550b26f2d74e87bfab69b3b3f1cc1cb499066a
SHA512

30723ba1dff2008783d6607c29ced416b527b3db055f61990e7d95620f876a33a41b9814a66c8ca5fd3bf8829d539271330f265b5df99ef93c9fa911b04735c4
SSDEEP

192:uwzMOH9ljDrtBb5nOrMOIgFejRhEnT7nQjxn5Q/EFnQiegkNnko1nQOkEnty5Jyx:DQ/zKTM

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3dda8c3c1ade0e58106e04fcaf8460ed_JaffaCakes118.html
1⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3788,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:1
1⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1736,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:1
1⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5236,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1
1⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5396,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
1⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5436,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:8
1⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5268,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:1
1⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5640,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
1⤵
PID:2352

Network

DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN A

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

IN A

94.245.104.56
DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN Unknown

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

2.18.121.10

a416.dscd.akamai.net

IN A

2.18.121.23
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

cdd.net.ua

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6
DNS

cdd.net.ua

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN Unknown

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right_left.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/arrow_right.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/table_background_specials.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/table_background_specials.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/stylesheet.css

Remote address:

89.184.88.6:80

Request

GET /apothecary/stylesheet.css HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_continue.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_continue.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/store_logo.png

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/store_logo.png HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/pixel_trans.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/pixel_trans.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/back.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/back.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_account.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_account.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_checkout.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_checkout.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_cart.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_cart.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com

prod-agic-us-3.uksouth.cloudapp.azure.com

IN A

172.165.61.93
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com
GET

http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_left.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_quick_find.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/carta%20cdd.JPG HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
GET

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/english/images/icon.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/icon.gif HTTP/1.1
Host: cdd.net.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Tue, 14 May 2024 04:17:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

159.113.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.113.53.23.in-addr.arpa

IN PTR

Response

159.113.53.23.in-addr.arpa

IN PTR

a23-53-113-159deploystaticakamaitechnologiescom
DNS

56.104.245.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.104.245.94.in-addr.arpa

IN PTR

Response
DNS

10.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.121.18.2.in-addr.arpa

IN PTR

Response

10.121.18.2.in-addr.arpa

IN PTR

a2-18-121-10deploystaticakamaitechnologiescom
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

181.97.55.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.97.55.23.in-addr.arpa

IN PTR

Response

181.97.55.23.in-addr.arpa

IN PTR

a23-55-97-181deploystaticakamaitechnologiescom
DNS

6.88.184.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.88.184.89.in-addr.arpa

IN PTR

Response

6.88.184.89.in-addr.arpa

IN PTR

svh16mirohostnet
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.53.113.225
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

93.61.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.61.165.172.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.97:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Tue, 14 May 2024 04:17:54 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1715660274.19ef0b7
DNS

97.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.61.62.23.in-addr.arpa

IN PTR

Response

97.61.62.23.in-addr.arpa

IN PTR

a23-62-61-97deploystaticakamaitechnologiescom
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

21.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.121.18.2.in-addr.arpa

IN PTR

Response

21.121.18.2.in-addr.arpa

IN PTR

a2-18-121-21deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

94.245.104.56:443

api.edgeoffer.microsoft.com

tls

3.6kB
7.4kB
13
13
13.107.6.158:443

business.bing.com

tls

3.4kB
9.8kB
19
23
2.18.121.10:443

bzib.nelreports.net

tls

3.7kB
6.1kB
13
16
89.184.88.6:80

http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

http

623 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

http

617 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/table_background_specials.gif

http

623 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/table_background_specials.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/stylesheet.css

http

555 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/stylesheet.css

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

http

618 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_continue.gif

http

648 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_continue.gif

HTTP Response

404
23.55.97.181:443

www.microsoft.com

tls

4.0kB
23.9kB
27
37
89.184.88.6:80

http://cdd.net.ua/apothecary/images/store_logo.png

http

608 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/store_logo.png

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/pixel_trans.gif

http

609 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/pixel_trans.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/back.gif

http

602 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/back.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/header_account.gif

http

612 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_account.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/header_checkout.gif

http

613 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_checkout.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/header_cart.gif

http

609 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_cart.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

http

617 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

http

650 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

http

609 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

http

629 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

http

629 B
536 B
5
4

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

HTTP Response

404
172.165.61.93:443

nav-edge.smartscreen.microsoft.com

tls

2.5kB
7.6kB
13
13
172.165.61.93:443

nav-edge.smartscreen.microsoft.com

tls

14.1kB
14.1kB
34
36
172.165.61.93:443

nav-edge.smartscreen.microsoft.com

tls

2.5kB
7.6kB
13
14
172.165.61.93:443

nav-edge.smartscreen.microsoft.com

98 B
52 B
2
1
13.107.246.64:443

edgestatic.azureedge.net

tls

2.8kB
4.7kB
11
8
13.107.246.64:443

edgestatic.azureedge.net

tls

2.8kB
6.2kB
11
10
13.107.246.64:443

edgestatic.azureedge.net

tls

118.7kB
6.0MB
2439
4307
13.107.246.64:443

edgestatic.azureedge.net

tls

9.5kB
274.8kB
128
214
13.107.246.64:443

wcpstatic.microsoft.com

tls

5.4kB
91.0kB
53
78
23.62.61.97:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.4kB
6.3kB
16
11

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
23.62.61.194:443

www.bing.com

tls

2.3kB
5.1kB
10
11
23.62.61.194:443

www.bing.com

tls

2.5kB
986 B
9
9

8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
226 B
1
1

DNS Request

api.edgeoffer.microsoft.com

DNS Response

94.245.104.56
8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
271 B
1
1

DNS Request

api.edgeoffer.microsoft.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

2.18.121.10

2.18.121.23
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

cdd.net.ua

dns

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6
8.8.8.8:53

cdd.net.ua

dns

56 B
128 B
1
1

DNS Request

cdd.net.ua
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.61.93
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
243 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

159.113.53.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

159.113.53.23.in-addr.arpa
8.8.8.8:53

56.104.245.94.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

56.104.245.94.in-addr.arpa
8.8.8.8:53

10.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

10.121.18.2.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

181.97.55.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

181.97.55.23.in-addr.arpa
8.8.8.8:53

6.88.184.89.in-addr.arpa

dns

70 B
102 B
1
1

DNS Request

6.88.184.89.in-addr.arpa
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.53.113.225
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

93.61.165.172.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

93.61.165.172.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

97.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

97.61.62.23.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

21.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

21.121.18.2.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request