hxxp://apps-mykasih20[.]my[.]id/rx9/

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 05:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://apps-mykasih20.my.id/rx9/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
2468	msedge.exe
2468	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2440	2468	msedge.exe	84
PID 2468 wrote to memory of 2440	2468	msedge.exe	84
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 1280	2468	msedge.exe	86
PID 2468 wrote to memory of 1280	2468	msedge.exe	86
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://apps-mykasih20.my.id/rx9/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3fb46f8,0x7ffba3fb4708,0x7ffba3fb4718
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

Network

DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

apps-mykasih20.my.id

msedge.exe

Remote address:

8.8.8.8:53

Request

apps-mykasih20.my.id

IN A

Response

apps-mykasih20.my.id

IN A

103.13.206.13
GET

http://apps-mykasih20.my.id/rx9/

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /rx9/ HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 05:59:53 GMT
Server: Apache
Content-Length: 596
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
GET

http://apps-mykasih20.my.id/favicon.ico

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /favicon.ico HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://apps-mykasih20.my.id/rx9/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Tue, 20 Feb 2024 05:59:54 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://apps-mykasih20.my.id/

msedge.exe

Remote address:

103.13.206.13:80

Request

GET / HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://apps-mykasih20.my.id/rx9/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:03 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://apps-mykasih20.my.id/img/programlogo-bm.png

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /img/programlogo-bm.png HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:04 GMT
Server: Apache
Last-Modified: Tue, 07 Nov 2023 06:06:30 GMT
Accept-Ranges: bytes
Content-Length: 40755
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
GET

http://apps-mykasih20.my.id/css/custom.css

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /css/custom.css HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:04 GMT
Server: Apache
Last-Modified: Tue, 07 Nov 2023 06:02:12 GMT
Accept-Ranges: bytes
Content-Length: 906
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
GET

http://apps-mykasih20.my.id/js/script.js

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /js/script.js HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:04 GMT
Server: Apache
Last-Modified: Tue, 07 Nov 2023 08:12:00 GMT
Accept-Ranges: bytes
Content-Length: 4698
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

67.242.123.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.242.123.52.in-addr.arpa

IN PTR

Response
DNS

13.206.13.103.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.206.13.103.in-addr.arpa

IN PTR

Response

13.206.13.103.in-addr.arpa

IN PTR

rulzprivateservergoddmyid
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

cdn.jsdelivr.net

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.193.229
GET

http://apps-mykasih20.my.id/img/hearder.png

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /img/hearder.png HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:04 GMT
Server: Apache
Last-Modified: Tue, 07 Nov 2023 06:05:18 GMT
Accept-Ranges: bytes
Content-Length: 35096
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
GET

http://apps-mykasih20.my.id/img/favicon.png

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /img/favicon.png HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:06 GMT
Server: Apache
Last-Modified: Tue, 07 Nov 2023 06:03:02 GMT
Accept-Ranges: bytes
Content-Length: 907
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
GET

https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

msedge.exe

Remote address:

151.101.1.229:443

Request

GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: http://apps-mykasih20.my.id
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: http://apps-mykasih20.my.id/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Tue, 20 Feb 2024 06:00:04 GMT
age: 6668380
x-served-by: cache-fra-eddf8230097-FRA, cache-lcy-eglc8600079-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
GET

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/fonts/bootstrap-icons.woff2?231ce25e89ab5804f9a6c427b8d325c9

msedge.exe

Remote address:

151.101.1.229:443

Request

GET /npm/bootstrap-icons@1.4.1/font/fonts/bootstrap-icons.woff2?231ce25e89ab5804f9a6c427b8d325c9 HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: http://apps-mykasih20.my.id
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 1.4.1
x-jsd-version-type: version
etag: W/"14c80-7RZ9M14uDLAKgvLXNn8Fy01lV88"
accept-ranges: bytes
date: Tue, 20 Feb 2024 06:00:04 GMT
age: 3531771
x-served-by: cache-fra-eddf8230135-FRA, cache-lcy-eglc8600079-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85120
GET

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css

msedge.exe

Remote address:

151.101.1.229:443

Request

GET /npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: http://apps-mykasih20.my.id/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.4.1
x-jsd-version-type: version
etag: W/"f8b2-v7ZMVELJO4O8jF4rcNGwrm8YAaE"
content-encoding: br
accept-ranges: bytes
date: Tue, 20 Feb 2024 06:00:04 GMT
age: 3038306
x-served-by: cache-fra-etou8220070-FRA, cache-lcy-eglc8600077-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8417
POST

http://apps-mykasih20.my.id/first.php

msedge.exe

Remote address:

103.13.206.13:80

Request

POST /first.php HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Content-Length: 23
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://apps-mykasih20.my.id
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:46 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://apps-mykasih20.my.id/img/no_records.png

msedge.exe

Remote address:

103.13.206.13:80

Request

GET /img/no_records.png HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:04 GMT
Server: Apache
Last-Modified: Tue, 07 Nov 2023 06:05:12 GMT
Accept-Ranges: bytes
Content-Length: 5620
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.187.202
DNS

226.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.20.18.104.in-addr.arpa

IN PTR

Response
DNS

229.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.1.101.151.in-addr.arpa

IN PTR

Response
GET

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

msedge.exe

Remote address:

142.250.187.202:443

Request

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: http://apps-mykasih20.my.id/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
POST

http://apps-mykasih20.my.id/second.php

msedge.exe

Remote address:

103.13.206.13:80

Request

POST /second.php HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Content-Length: 13
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://apps-mykasih20.my.id
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:00:58 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
POST

http://apps-mykasih20.my.id/third.php

msedge.exe

Remote address:

103.13.206.13:80

Request

POST /third.php HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Content-Length: 18
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://apps-mykasih20.my.id
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:01:07 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
POST

http://apps-mykasih20.my.id/thirdb.php

msedge.exe

Remote address:

103.13.206.13:80

Request

POST /thirdb.php HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Content-Length: 17
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://apps-mykasih20.my.id
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:01:18 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
POST

http://apps-mykasih20.my.id/fourth.php

msedge.exe

Remote address:

103.13.206.13:80

Request

POST /fourth.php HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Content-Length: 18
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://apps-mykasih20.my.id
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:01:34 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
POST

http://apps-mykasih20.my.id/next.php

msedge.exe

Remote address:

103.13.206.13:80

Request

POST /next.php HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Content-Length: 17
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://apps-mykasih20.my.id
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:01:48 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
POST

http://apps-mykasih20.my.id/next1.php

msedge.exe

Remote address:

103.13.206.13:80

Request

POST /next1.php HTTP/1.1
Host: apps-mykasih20.my.id
Connection: keep-alive
Content-Length: 32
Accept: */*
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://apps-mykasih20.my.id
Referer: http://apps-mykasih20.my.id/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 20 Feb 2024 06:02:01 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
DNS

13.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.173.189.20.in-addr.arpa

IN PTR

Response

103.13.206.13:80

http://apps-mykasih20.my.id/favicon.ico

http

msedge.exe

1.3kB
1.6kB
9
6

HTTP Request

GET http://apps-mykasih20.my.id/rx9/

HTTP Response

200

HTTP Request

GET http://apps-mykasih20.my.id/favicon.ico

HTTP Response

404
103.13.206.13:80

http://apps-mykasih20.my.id/img/programlogo-bm.png

http

msedge.exe

3.4kB
64.3kB
49
51

HTTP Request

GET http://apps-mykasih20.my.id/

HTTP Response

200

HTTP Request

GET http://apps-mykasih20.my.id/img/programlogo-bm.png

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/js/script.js

http

msedge.exe

1.2kB
6.5kB
10
9

HTTP Request

GET http://apps-mykasih20.my.id/css/custom.css

HTTP Response

200

HTTP Request

GET http://apps-mykasih20.my.id/js/script.js

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/img/favicon.png

http

msedge.exe

2.4kB
37.8kB
29
32

HTTP Request

GET http://apps-mykasih20.my.id/img/hearder.png

HTTP Response

200

HTTP Request

GET http://apps-mykasih20.my.id/img/favicon.png

HTTP Response

200
151.101.1.229:443

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/fonts/bootstrap-icons.woff2?231ce25e89ab5804f9a6c427b8d325c9

tls, http2

msedge.exe

4.1kB
120.9kB
61
99

HTTP Request

GET https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

HTTP Response

200

HTTP Request

GET https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/fonts/bootstrap-icons.woff2?231ce25e89ab5804f9a6c427b8d325c9

HTTP Response

200
151.101.1.229:443

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css

tls, http2

msedge.exe

1.8kB
15.0kB
16
21

HTTP Request

GET https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/first.php

http

msedge.exe

856 B
505 B
7
7

HTTP Request

POST http://apps-mykasih20.my.id/first.php

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/img/no_records.png

http

msedge.exe

892 B
6.2kB
10
9

HTTP Request

GET http://apps-mykasih20.my.id/img/no_records.png

HTTP Response

200
142.250.187.202:443

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

tls, http2

msedge.exe

2.7kB
39.7kB
35
39

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
103.13.206.13:80

http://apps-mykasih20.my.id/second.php

http

msedge.exe

795 B
453 B
6
6

HTTP Request

POST http://apps-mykasih20.my.id/second.php

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/third.php

http

msedge.exe

799 B
453 B
6
6

HTTP Request

POST http://apps-mykasih20.my.id/third.php

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/thirdb.php

http

msedge.exe

799 B
453 B
6
6

HTTP Request

POST http://apps-mykasih20.my.id/thirdb.php

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/fourth.php

http

msedge.exe

800 B
453 B
6
6

HTTP Request

POST http://apps-mykasih20.my.id/fourth.php

HTTP Response

200
103.13.206.13:80

http://apps-mykasih20.my.id/next.php

http

msedge.exe

797 B
453 B
6
6

HTTP Request

POST http://apps-mykasih20.my.id/next.php

HTTP Response

200
103.13.206.13:80

apps-mykasih20.my.id

msedge.exe

202 B
104 B
4
2
103.13.206.13:80

http://apps-mykasih20.my.id/next1.php

http

msedge.exe

871 B
649 B
7
6

HTTP Request

POST http://apps-mykasih20.my.id/next1.php

HTTP Response

200

8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

apps-mykasih20.my.id

dns

msedge.exe

66 B
82 B
1
1

DNS Request

apps-mykasih20.my.id

DNS Response

103.13.206.13
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

67.242.123.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

67.242.123.52.in-addr.arpa
8.8.8.8:53

13.206.13.103.in-addr.arpa

dns

72 B
114 B
1
1

DNS Request

13.206.13.103.in-addr.arpa
224.0.0.251:5353

518 B
8
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

cdn.jsdelivr.net

dns

msedge.exe

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.1.229

151.101.65.229

151.101.129.229

151.101.193.229
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.187.202
8.8.8.8:53

226.20.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.20.18.104.in-addr.arpa
8.8.8.8:53

229.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

229.1.101.151.in-addr.arpa
151.101.1.229:443

cdn.jsdelivr.net

https

msedge.exe

3.3kB
4.2kB
8
6
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

13.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
713d8bf4bc367a9cce7fd4143975b751

SHA1
c98962aa787d0e386c3605aabfc235e56e46cb0e

SHA256
41866ef5907ac7e5af5c2f3431bedad57cca64acaa3a0ea5b58cb7be64cf3955

SHA512
65de7d61be3752964fcfa6cd6ea45914f5f4aa2a65159c38d90500722d6189623c5f58c5966ce0c1b7cf699b26ad7805e7ab34cf08cb3b61d9c49e0dfe29b3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
594B

MD5
3bbf48324c0423d2ec3035a17ddbb815

SHA1
863567c052fa04c6266971d2376e95c37e22c799

SHA256
ea894b78965b38656d1481b22d20689137639540ba33b1d95639da53ff8eaba3

SHA512
d690b0aac9aa09b19f9e75c8911e8cdaa6048b61663ed7b1517fb51767cf4f02c2e9ef112ceb3eaf87bd5294f97b1270b480fb8cd0973d0c059e199e507813c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e4d9bd6eb2e1aff741fde779b7ea4bdd

SHA1
e3b9f63633177c764167946755df0ece35d469ea

SHA256
821fcc1635a516d2b3375240f69c38d3a19f723550d080fb20e6bacb2e256ccd

SHA512
c471f5403a6aaab670b5e242b0ae7c1691c9c4684b556b4156438076be2fc316eb6fcf64de36feb767c322eff1dac01d551631ad6a45f9aee4dfdc4fcc54a859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b9745103805c2686000bec43a3e2af7

SHA1
70fa7b86d688bdcd677df25ee052ee1d02de3a2e

SHA256
a25ff3b1c4f68469ec015f0684f66348a6194aba32f79df0b0b8bbb6c7d33b66

SHA512
739e161feac4a8b317404bbf2f2d320b4e6808c907ea7431b815923b913e0435ba64825c5367645152b6c72ee93604b89a85b26e6e3f675e987dcced4ea4ba83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
458bdd66b6ac419b33cb2d5a246f873e

SHA1
a4f56a6ca8abdc8ad3ee3c8ad41edf10d7d2cc8c

SHA256
c4b60f0725bbf98f3f306e48db20d83f9c293ffb48b17498c14227865d4644fc

SHA512
71d18792892d1179595587e20d452284a3645b6019e1203ae8e01faaeb2989e8adb82ef085af7b21106090692afc8940afc53cff6d7e2b88922f8176386e5a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96188d58b87902bbad03d39f6530f92b

SHA1
d9c5ea284626fb02e11faac485d34182a69f948c

SHA256
d0188a7df50ade948096d98efa733299778c0f9265bf0cefcf4742e44b994366

SHA512
043b73b403514165ce765bd224a6886c7a909dbd66a02d704a563a78230bd5648b7c29874230a99fb875d17201136b2e643232dfeb32e4050577db963f4e8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af927780e32046e70b0b20e40bcb9905

SHA1
8843c71f0bf999c6c0bd029a1e37fe8a39768fe4

SHA256
a9dcd4900d64d757b5c3c4599ae17544df0dbf22410588f13bf3d68bd27e3e47

SHA512
95e973da2c37d0064259162874786dcd31580df2c49dfb61c7105b0cd34f2bab82364aafeb055e95fb419ae4249405e0cbd0511aa7eae3e7b37514cbdf246dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa4817454f16cbe4f7412659ba07b80d

SHA1
1eb73404a6b38245acce508ecf43f06b48cedf95

SHA256
ff513b52053b5b022deb32bd3f6e27929345d780f923283f4795d60e1880d8e5

SHA512
932b90550d94d3de6532d91ccb0944ad483c3a4b827c4285ea10ff8c92fd7c886fd16b4a0a4a9371c80cda757a14c8cb12d85b096bc6ef1c1453035d91fbee6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c7adceb4-615f-44ae-8123-bfe0bd0cab0f.tmp

Filesize
5KB

MD5
f171944473b68d670d86bf7422dffce4

SHA1
ab289773278ec0ce003b8fe5163b70edd01fca10

SHA256
40307f2b81437d5c9b8e9294f78498aa1a5cf5172772724704870633d3a764db

SHA512
96d93c7523dc0bd2392395b537e535399763be72abb49452efcb6aa648fe786e01e36895efa5cf2e849f31bcafda821ee750107d6775e3f41805947e1bca9d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
429dbda8ee7eb063245dcfac918434c3

SHA1
965370b62231842e6b84cbeb797e50d6ba279e23

SHA256
677bf9b6ef961e12f5b315f097b95e970c00204aa58b232e645b44daf8a01e1d

SHA512
a77600ead7642003c6706ac1d2611a76c38bf8906419ac807568ea6b5bb90fbb68192c5f9e4d0278f47be0dfdd6e2b278046cab18f9c49bf2dcc3ef7948ea1d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.