To operate X-Agent and X-Tunnel on the DCCC and DNC networks, Unit 26165 officers set up a group of computers outside those networks to 126 communicate with the implanted malware. The first set of GRU-controlled computers, known by the GRU as “middle servers,” sent and received messages to and from malware on the DNC/DCCC networks. The middle servers, in turn, relayed messages to a second set of GRU-controlled computers, labeled internally by the GRU as an “AMS Panel.” The AMS Panel Investigative Technique█ █ █ █ █ █ █ █ █ served as a nerve center through which GRU officers monitored and directed the malware’s operations on the DNC/DCCC 127 networks. The AMS Panel used to control X-Agent during the DCCC and DNC 128 intrusions was housed on a leased computer located near IT█ █ █ Arizona. 129 Investigative Technique█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ Investigative Technique█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ Investigative Technique█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ The Arizona-based AMS Panel also stored thousands of files containing keylogging sessions captured through X-Agent. These sessions were captured as GRU officers monitored DCCC and DNC employees’ work on infected computers regularly between April 2016 and June 2016. Data captured in these keylogging sessions included passwords, internal communications between employees, banking information, and sensitive personal information. c. Theft of Documents from DNC and DCCC Networks Officers from Unit 26165 stole thousands of documents from the DCCC and DNC networks, including significant amounts of data pertaining to the 2016 U.S.