Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
drw_free_installer.756836.exe

Overview

General Information

Sample name:drw_free_installer.756836.exe
Analysis ID:1445855
MD5:6e3bc255dc7b79e452c66610c741eb95
SHA1:972d9adbec19dd1277b4329fa13641847ca18c87
SHA256:bdb74a31956e7c2ce7a3c6344ac7265d84b735c1038a390168f01d6d9fa43b3a
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Tries to delay execution (extensive OutputDebugStringW loop)
Allocates memory with a write watch (potentially for evading sandboxes)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Searches for the Microsoft Outlook file path
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • drw_free_installer.756836.exe (PID: 3548 cmdline: "C:\Users\user\Desktop\drw_free_installer.756836.exe" MD5: 6E3BC255DC7B79E452C66610C741EB95)
    • EDownloader.exe (PID: 4612 cmdline: "C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe" EXEDIR=C:\Users\user\Desktop ||| EXENAME=drw_free_installer.756836.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0 MD5: 8A250A75859FE52116E706A640E6D77C)
      • InfoForSetup.exe (PID: 1540 cmdline: /Uid "S-1-5-21-2246122658-3693405117-2476756634-1003" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 5876 cmdline: /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Switzerland\",\"Pageid\":\"756836\",\"Timezone\":\"GMT-05:00\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
        • AliyunWrapExe.exe (PID: 3940 cmdline: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.Exe MD5: F3B9A2D94682FEE26FC079BA1E0FB040)
      • InfoForSetup.exe (PID: 6308 cmdline: /SendInfo Window "Home_Installer" Activity "Click_Fold_Custom" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 6316 cmdline: /SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Switzerland\",\"Install_Path\":\"C:/Program Files/EaseUS/EaseUS Data Recovery Wizard\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"756836\",\"Timezone\":\"GMT-05:00\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 6440 cmdline: /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"S\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free&tmpTime_=41\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"18.0\\",\\"testid\\":\\"FR180_202458-05082\\",\\"url\\":[],\\"md5\\":\\"5A3827C53A342F038D0BC3350D6CED88\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1716391125}\",\"Result\":\"Success\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 6464 cmdline: /SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Pageid\":\"756836\",\"Testid\":\"FR180_202458-05082\",\"Version\":\"free\",\"Versionnumber\":\"18.0\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 6448 cmdline: /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"6447\",\"Errorinfo\":\"328\",\"Result\":\"Failed\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 1488 cmdline: /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d2.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"6895\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 744 cmdline: /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d3.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"7344\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 2996 cmdline: /SendInfo Window "Download_Failed" Activity "Download_Default" Attribute "{\"Url\":\"https://download.easeus.com/free/drw_free.exe\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 7048 cmdline: /SendInfo Window "Download_Failed" Activity "Download_Default" Attribute "{\"Url\":\"https://download.easeus.com/free/drw_free.exe\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 7096 cmdline: /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://download.easeus.com/free/drw_free.exe\",\"Elapsedtime\":\"7813\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 2972 cmdline: /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"\",\"Elapsedtime\":\"8262\",\"Errorinfo\":\"203\",\"Result\":\"Failed\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
      • InfoForSetup.exe (PID: 6620 cmdline: /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"\",\"Elapsedtime\":\"8711\",\"Errorinfo\":\"203\",\"Result\":\"Failed\"}" MD5: 99891AAA0E15B2A514A4FF5C9EC03F4D)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: drw_free_installer.756836.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: drw_free_installer.756836.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49826 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49829 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49832 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49833 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49834 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49836 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49838 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49839 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49840 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49841 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49843 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49845 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49849 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49851 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49854 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49855 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49856 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49857 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49858 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49859 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49860 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49861 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49862 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49863 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49864 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49865 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49866 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49867 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49870 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49871 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49873 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49875 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49877 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49878 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49874 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49879 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49880 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49881 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49882 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49885 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49884 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49886 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49887 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49888 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49889 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49890 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49891 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49892 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49893 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49894 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49896 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49903 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49902 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49904 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49905 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49906 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49907 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49909 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49910 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49911 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49912 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49913 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49914 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49915 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49918 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49916 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49917 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49919 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49921 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49922 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49924 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49925 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49927 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49928 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49930 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49929 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49931 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49932 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49933 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49934 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49935 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49936 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49937 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49939 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49938 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49941 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49940 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49942 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49943 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49945 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49944 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49946 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49948 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49947 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49951 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49949 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49950 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49953 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49952 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49954 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49955 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49956 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49957 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49959 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49961 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49962 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49963 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49964 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49965 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49967 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49968 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49970 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49971 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49973 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49975 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49974 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49976 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49977 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49979 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49978 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49980 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49983 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49986 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49987 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49985 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49990 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49989 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49992 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49993 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49991 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49995 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49994 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49996 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49998 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49999 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50001 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50000 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50005 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50004 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50006 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50007 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50008 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50009 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50010 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50011 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50012 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50014 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50013 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50015 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50016 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50017 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50018 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50019 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50020 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50021 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50024 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50022 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50023 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50025 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50026 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50027 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50028 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50030 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50029 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50031 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50032 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50033 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50034 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50035 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50037 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50038 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50039 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50040 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50041 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50045 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50046 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50047 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50048 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50049 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50050 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50052 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50051 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50053 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50055 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50054 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50057 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50060 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50059 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50061 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50062 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50064 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50063 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50065 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50067 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50069 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50068 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50070 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50071 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50072 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50073 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50074 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50076 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50075 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50079 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50077 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50078 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50082 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50080 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50081 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50084 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50083 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50085 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50086 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50088 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50087 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50089 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50091 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50090 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50094 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50092 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50093 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50096 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50095 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50099 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50100 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50103 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50102 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50101 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50106 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50105 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50104 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50107 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50108 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50109 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50110 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50115 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50116 version: TLS 1.2
Source: drw_free_installer.756836.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\SysWOW64\KERNELBASE.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\gdiplus.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\SysWOW64\KERNEL32.DLL
Source: global trafficHTTP traffic detected: POST /api2/index.php/Apicp/Drwdl202004/index/ HTTP/1.1Host: download.easeus.comAccept: */*Content-Length: 69Content-Type: application/x-www-form-urlencodedData Raw: 65 78 65 4e 75 6d 62 65 72 3d 37 35 36 38 33 36 26 6c 61 6e 67 3d 45 6e 67 6c 69 73 68 26 70 63 56 65 72 73 69 6f 6e 3d 68 6f 6d 65 26 70 69 64 3d 32 26 74 69 64 3d 31 26 76 65 72 73 69 6f 6e 3d 66 72 65 65 Data Ascii: exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free
Source: global trafficHTTP traffic detected: POST /api2/index.php/Apicp/Drwdl202004/index/ HTTP/1.1Host: download.easeus.comAccept: */*Content-Length: 81Content-Type: application/x-www-form-urlencodedData Raw: 65 78 65 4e 75 6d 62 65 72 3d 37 35 36 38 33 36 26 6c 61 6e 67 3d 45 6e 67 6c 69 73 68 26 70 63 56 65 72 73 69 6f 6e 3d 68 6f 6d 65 26 70 69 64 3d 32 26 74 69 64 3d 31 26 76 65 72 73 69 6f 6e 3d 66 72 65 65 26 74 6d 70 54 69 6d 65 5f 3d 34 31 Data Ascii: exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free&tmpTime_=41
Source: global trafficHTTP traffic detected: GET /product/index.php?c=main&a=getstatus&pid=2 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.easeus.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 22 May 2024 15:18:42 GMTContent-Type: text/html; charset=UTF-8Content-Length: 21Connection: keep-aliveServer: ApacheContent-Encoding: gzipX-Via: 1.1 PSmgshxSJC1fr72:0 (Cdn Cache Server V2.0), 1.1 fra13:1 (Cdn Cache Server V2.0)X-Ws-Request-Id: 664e0cd0_kf98_17099-20711Data Raw: 1f 8b 08 00 00 00 00 00 00 03 33 00 00 21 df db f4 01 00 00 00 Data Ascii: 3!
Source: global trafficHTTP traffic detected: GET /product/index.php?c=main&a=getstatus&pid=2 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.easeus.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: track.easeus.com
Source: global trafficDNS traffic detected: DNS query: download.easeus.com
Source: global trafficDNS traffic detected: DNS query: easeusinfo.us-east-1.log.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: d1.easeus.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: d2.easeus.com
Source: global trafficDNS traffic detected: DNS query: d3.easeus.com
Source: unknownHTTP traffic detected: POST /api2/index.php/Apicp/Drwdl202004/index/ HTTP/1.1Host: download.easeus.comAccept: */*Content-Length: 69Content-Type: application/x-www-form-urlencodedData Raw: 65 78 65 4e 75 6d 62 65 72 3d 37 35 36 38 33 36 26 6c 61 6e 67 3d 45 6e 67 6c 69 73 68 26 70 63 56 65 72 73 69 6f 6e 3d 68 6f 6d 65 26 70 69 64 3d 32 26 74 69 64 3d 31 26 76 65 72 73 69 6f 6e 3d 66 72 65 65 Data Ascii: exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49826 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49829 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49832 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49833 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49834 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49836 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49838 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49839 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49840 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49841 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49843 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49845 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49849 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49851 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49854 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49855 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49856 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49857 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49858 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49859 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49860 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49861 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49862 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49863 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49864 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49865 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49866 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49867 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49870 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49871 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49873 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49875 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49877 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49878 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49874 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49879 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49880 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49881 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49882 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49885 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49884 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49886 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49887 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49888 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49889 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49890 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49891 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49892 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49893 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49894 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49896 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49903 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49902 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49904 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49905 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49906 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49907 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49909 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49910 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49911 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49912 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49913 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49914 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49915 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49918 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49916 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49917 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49919 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49921 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49922 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49924 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49925 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49927 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49928 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49930 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49929 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49931 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49932 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49933 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49934 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49935 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49936 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49937 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49939 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49938 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49941 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49940 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49942 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49943 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49945 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49944 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49946 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49948 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49947 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49951 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49949 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49950 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49953 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49952 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49954 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49955 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49956 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49957 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49959 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49961 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49962 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49963 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49964 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49965 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49967 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49968 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49970 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49971 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49973 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49975 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49974 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49976 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49977 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49979 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49978 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49980 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49983 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49986 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49987 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49985 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49990 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49989 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49992 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49993 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49991 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49995 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49994 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49996 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49998 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49999 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:49997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50001 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50000 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50005 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50004 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50006 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50007 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50008 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50009 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50010 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50011 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50012 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50014 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50013 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50015 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50016 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50017 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50018 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50019 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50020 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50021 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50024 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50022 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50023 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50025 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50026 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50027 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50028 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50030 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50029 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50031 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50032 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50033 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50034 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50035 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50037 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50038 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50039 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50040 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50041 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50045 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50046 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50047 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50048 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50049 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50050 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50052 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50051 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50053 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50055 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50054 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50057 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50060 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50059 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50061 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50062 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50064 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50063 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50065 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50067 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50069 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50068 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50070 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50071 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50072 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50073 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50074 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50076 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50075 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50079 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50077 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50078 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50082 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50080 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50081 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50084 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50083 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50085 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50086 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50088 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50087 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50089 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50091 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50090 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50094 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50092 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50093 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50096 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50095 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50099 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50100 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50103 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50102 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50101 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50106 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50105 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.156.60.79:443 -> 192.168.2.16:50104 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50107 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50108 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50109 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50110 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50115 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.112.38:443 -> 192.168.2.16:50116 version: TLS 1.2
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: drw_free_installer.756836.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: sus24.evad.winEXE@33/38@10/35
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\index[1].htm
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeMutant created: \Sessions\1\BaseNamedObjects\DRW_Installer
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeMutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\C$$USERS$user$APPDATA$LOCAL$TEMP$DOWNLOADER_EASEUS$2.0.0$2FREE$ALIYUN$ALIYUNCONFIG.INI
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\C$$USERS$user$APPDATA$LOCAL$TEMP$DOWNLOADER_EASEUS$2.0.0$2FREE$ALIYUN$DATAFILE.INI
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile created: C:\Users\user\AppData\Local\Temp\nsn62AD.tmp
Source: drw_free_installer.756836.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile read: C:\Users\user\Desktop\drw_free_installer.756836.exe
Source: unknownProcess created: C:\Users\user\Desktop\drw_free_installer.756836.exe "C:\Users\user\Desktop\drw_free_installer.756836.exe"
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe "C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe" EXEDIR=C:\Users\user\Desktop ||| EXENAME=drw_free_installer.756836.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /Uid "S-1-5-21-2246122658-3693405117-2476756634-1003"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Switzerland\",\"Pageid\":\"756836\",\"Timezone\":\"GMT-05:00\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.Exe
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Home_Installer" Activity "Click_Fold_Custom"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Switzerland\",\"Install_Path\":\"C:/Program Files/EaseUS/EaseUS Data Recovery Wizard\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"756836\",\"Timezone\":\"GMT-05:00\"}"
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe "C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe" EXEDIR=C:\Users\user\Desktop ||| EXENAME=drw_free_installer.756836.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"S\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free&tmpTime_=41\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"18.0\\",\\"testid\\":\\"FR180_202458-05082\\",\\"url\\":[],\\"md5\\":\\"5A3827C53A342F038D0BC3350D6CED88\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1716391125}\",\"Result\":\"Success\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Pageid\":\"756836\",\"Testid\":\"FR180_202458-05082\",\"Version\":\"free\",\"Versionnumber\":\"18.0\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /Uid "S-1-5-21-2246122658-3693405117-2476756634-1003"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Switzerland\",\"Pageid\":\"756836\",\"Timezone\":\"GMT-05:00\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Home_Installer" Activity "Click_Fold_Custom"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Switzerland\",\"Install_Path\":\"C:/Program Files/EaseUS/EaseUS Data Recovery Wizard\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"756836\",\"Timezone\":\"GMT-05:00\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.Exe
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"S\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free&tmpTime_=41\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"18.0\\",\\"testid\\":\\"FR180_202458-05082\\",\\"url\\":[],\\"md5\\":\\"5A3827C53A342F038D0BC3350D6CED88\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1716391125}\",\"Result\":\"Success\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Pageid\":\"756836\",\"Testid\":\"FR180_202458-05082\",\"Version\":\"free\",\"Versionnumber\":\"18.0\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"6447\",\"Errorinfo\":\"328\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d2.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"6895\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d3.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"7344\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Download_Failed" Activity "Download_Default" Attribute "{\"Url\":\"https://download.easeus.com/free/drw_free.exe\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Download_Failed" Activity "Download_Default" Attribute "{\"Url\":\"https://download.easeus.com/free/drw_free.exe\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://download.easeus.com/free/drw_free.exe\",\"Elapsedtime\":\"7813\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"\",\"Elapsedtime\":\"8262\",\"Errorinfo\":\"203\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"\",\"Elapsedtime\":\"8711\",\"Errorinfo\":\"203\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"6447\",\"Errorinfo\":\"328\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d2.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"6895\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d3.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"Elapsedtime\":\"7344\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Download_Failed" Activity "Download_Default" Attribute "{\"Url\":\"https://download.easeus.com/free/drw_free.exe\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Download_Failed" Activity "Download_Default" Attribute "{\"Url\":\"https://download.easeus.com/free/drw_free.exe\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://download.easeus.com/free/drw_free.exe\",\"Elapsedtime\":\"7813\",\"Errorinfo\":\"228\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"\",\"Elapsedtime\":\"8262\",\"Errorinfo\":\"203\",\"Result\":\"Failed\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"\",\"Elapsedtime\":\"8711\",\"Errorinfo\":\"203\",\"Result\":\"Failed\"}"
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: oleacc.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: shfolder.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: aliyunwrap.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: msiso.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: mshtml.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: srpapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: msimtf.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: d2d1.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile written: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Malay.ini
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\SysWOW64\msftedit.dll
Source: drw_free_installer.756836.exeStatic PE information: certificate valid
Source: drw_free_installer.756836.exeStatic file information: File size 2654624 > 1048576
Source: drw_free_installer.756836.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exeJump to dropped file
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrap.dllJump to dropped file
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeJump to dropped file
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeFile created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\drw_free_installer.756836.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeSection loaded: OutputDebugStringW count: 465
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeMemory allocated: 5F00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeWindow / User API: threadDelayed 733
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 6336Thread sleep time: -77000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 6336Thread sleep count: 105 > 30
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 6336Thread sleep time: -735000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 7136Thread sleep count: 62 > 30
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 6336Thread sleep count: 303 > 30
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 6336Thread sleep time: -2121000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 6336Thread sleep count: 733 > 30
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe TID: 6336Thread sleep time: -5131000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\SysWOW64\KERNELBASE.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\gdiplus.dll
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeFile opened: C:\Windows\SysWOW64\KERNEL32.DLL
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /sendinfo window "home_installer" activity "click_install" attribute "{\"country\":\"switzerland\",\"install_path\":\"c:/program files/easeus/easeus data recovery wizard\",\"language\":\"english\",\"os\":\"microsoft windows 10\",\"pageid\":\"756836\",\"timezone\":\"gmt-05:00\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /sendinfo window "home_installer" activity "result_download_configurefile" attribute "{\"cdn\":\"http://download.easeus.com/api2/index.php/apicp/drwdl202004/index/\",\"elapsed\":\"s\",\"errorinfo\":\"0\",\"posturl\":\"http://download.easeus.com/api2/index.php/apicp/drwdl202004/index/?exenumber=756836&lang=english&pcversion=home&pid=2&tid=1&version=free&tmptime_=41\",\"responsejson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"version\\":\\"free\\",\\"curnum\\":\\"18.0\\",\\"testid\\":\\"fr180_202458-05082\\",\\"url\\":[],\\"md5\\":\\"5a3827c53a342f038d0bc3350d6ced88\\",\\"tj_download\\":\\"test\\",\\"refernumber\\":\\"1000000\\",\\"killswitch\\":\\"true\\",\\"writelogswitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1716391125}\",\"result\":\"success\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /sendinfo window "downloading" activity "info_start_download_program" attribute "{\"downloadfrom\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"pageid\":\"756836\",\"testid\":\"fr180_202458-05082\",\"version\":\"free\",\"versionnumber\":\"18.0\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /sendinfo window "home_installer" activity "click_install" attribute "{\"country\":\"switzerland\",\"install_path\":\"c:/program files/easeus/easeus data recovery wizard\",\"language\":\"english\",\"os\":\"microsoft windows 10\",\"pageid\":\"756836\",\"timezone\":\"gmt-05:00\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /sendinfo window "home_installer" activity "result_download_configurefile" attribute "{\"cdn\":\"http://download.easeus.com/api2/index.php/apicp/drwdl202004/index/\",\"elapsed\":\"s\",\"errorinfo\":\"0\",\"posturl\":\"http://download.easeus.com/api2/index.php/apicp/drwdl202004/index/?exenumber=756836&lang=english&pcversion=home&pid=2&tid=1&version=free&tmptime_=41\",\"responsejson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/free\\/drw18.0.0.0_free.exe\\",\\"version\\":\\"free\\",\\"curnum\\":\\"18.0\\",\\"testid\\":\\"fr180_202458-05082\\",\\"url\\":[],\\"md5\\":\\"5a3827c53a342f038d0bc3350d6ced88\\",\\"tj_download\\":\\"test\\",\\"refernumber\\":\\"1000000\\",\\"killswitch\\":\\"true\\",\\"writelogswitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1716391125}\",\"result\":\"success\"}"
Source: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe /sendinfo window "downloading" activity "info_start_download_program" attribute "{\"downloadfrom\":\"https://d1.easeus.com/drw/free/drw18.0.0.0_free.exe\",\"pageid\":\"756836\",\"testid\":\"fr180_202458-05082\",\"version\":\"free\",\"versionnumber\":\"18.0\"}"

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping121
Virtualization/Sandbox Evasion		Remote Services1
Email Collection		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		121
Virtualization/Sandbox Evasion		LSASS Memory1
Application Window Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
System Information Discovery		Distributed Component Object ModelInput Capture15
Application Layer Protocol		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
drw_free_installer.756836.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrap.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=20%Avira URL Cloudsafe
http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
track.easeus.com.whecloud.com
163.171.128.150
truefalse
    		unknown
    d1yqyi2epbbxvx.cloudfront.net
    		13.227.219.92
    		truefalse
      		unknown
      www.google.com
      		142.250.185.132
      		truefalse
        		unknown
        d316xlss9esscz.cloudfront.net
        		108.156.60.79
        		truefalse
          		unknown
          easeusinfo.us-east-1.log.aliyuncs.com
          		47.252.97.212
          		truefalse
            		unknown
            d2.easeus.com
            		unknown
            		unknownfalse
              		unknown
              track.easeus.com
              		unknown
              		unknownfalse
                		unknown
                download.easeus.com
                		unknown
                		unknownfalse
                  		unknown
                  d1.easeus.com
                  		unknown
                  		unknownfalse
                    		unknown
                    d3.easeus.com
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2false
                      • Avira URL Cloud: safe
                      		unknown
                      http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/false
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      47.252.97.212
                      		easeusinfo.us-east-1.log.aliyuncs.comUnited States
                      		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                      13.227.219.92
                      		d1yqyi2epbbxvx.cloudfront.netUnited States
                      		16509AMAZON-02USfalse
                      108.156.60.79
                      		d316xlss9esscz.cloudfront.netUnited States
                      		16509AMAZON-02USfalse
                      18.66.112.38
                      		unknownUnited States
                      		3MIT-GATEWAYSUSfalse
                      142.250.185.132
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      163.171.128.150
                      		track.easeus.com.whecloud.comEuropean Union
                      		54994QUANTILNETWORKSUSfalse

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1445855
                      Start date and time:2024-05-22 17:18:05 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:30
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:drw_free_installer.756836.exe
                      Detection:SUS
                      Classification:sus24.evad.winEXE@33/38@10/35
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • VT rate limit hit for: drw_free_installer.756836.exe

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Arabic.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5654
                      Entropy (8bit):5.191098703346186
                      Encrypted:false
                      SSDEEP:
                      MD5:B334764EB0A1069F6BA04C8E1F088CD0
                      SHA1:94937BE84E853031683E426886FE1861F0B397ED
                      SHA-256:D9A87257F203A80489756B8B31628FFF8D10AAB229D20A637A083059233DC54C
                      SHA-512:2E643CF3E089A20495E85441FC2904555C5C87BC15118C1136860736F295EAC00D5D761ECD12D01B5A017757B04325A394CA50FCB147A854028835BD9B6D0810
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 .........ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=..... ......InstallRecommend=%1 .......LicenseTps= %1 ... .... .......LicenseClick=....... ..... EaseUS..CustomInstall=....... .........Languge=.......InstallationPath =.... .........AgreeExperience=........ ... ........ .. ...... ..... ..... .........Downloading=.... ....... .... .............WaitTime=(.. ....... ........ .... %1m %2s.)..Installing =..........DownloadFailed=... .........CheckNet=...... ...... .. ..... .........DownloadOffline=..... ... .......Retry=..... ..........StartNow=.... ......Later=.......StartNowTips=...........................InstallFailed=... .........InstallFailedTip

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Chinese.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3835
                      Entropy (8bit):6.29016396880312
                      Encrypted:false
                      SSDEEP:
                      MD5:FD6CA501ED9A613A5094EB4C92C1A847
                      SHA1:DD0FB0EDD4ABDA1A3F6367086D99BFE5661B6B6A
                      SHA-256:4637C9C3FF511C3F15CB482C5A3EE42A3237D26AD002B2FCC3FF467E7A10B99F
                      SHA-512:3DF1A140ECD3E75F5B61CCB5018ED823F4619F8A32931E3A8D2244B998E76F724BB5C699C487C6B4077934CA14F832A68A47BA0469780D912C162B51EA335351
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1.....ProductName=........RecommendProductName=Mobimover..InstallNow=......InstallRecommend=..%1..LicenseTps=........ %1..LicenseClick= EaseUS .......CustomInstall=......Languge=....InstallationPath =......AgreeExperience=..............Downloading=.............WaitTime= (.... %1m %2s...Installing =.........DownloadFailed=......CheckNet=..........DownloadOffline=......Retry=....StartNow=......Later=......StartNowTips=...........InstallFailed=......InstallFailedTips=......................Restart=......btn_Restartnow=......lb_RestartText=.............lb_RestartTip=.........................FailedSolveSteps=........RestartSt

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\ChineseTrad.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3906
                      Entropy (8bit):6.304017277626276
                      Encrypted:false
                      SSDEEP:
                      MD5:FE7AD6D1DD07AEAFEECE921ECB23F3E7
                      SHA1:86E74EBDE9C8C6E90E64A757DAF12FD69B75E4EB
                      SHA-256:7EF907A793D9087AA804A688BDDDECF33A76011E4D820E7332533C070277507F
                      SHA-512:6F854D16E4828842713A58AE0E15ABDFC01B9DF85E5CC8ABB4BBD07FC5B6988584EB767E3639510C9B7698A70D38341014517D90EB8FD63E7F10E77EFE10DF4C
                      Malicious:false
                      Reputation:unknown
                      Preview:[string] ..InstallerName=%1.....ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=......InstallRecommend=..%1..LicenseTps=........%1 ..LicenseClick=......CustomInstall=......Languge=....InstallationPath =......AgreeExperience=..............Downloading=.............WaitTime= ..... %1m %2s....Installing =........DownloadFailed=......CheckNet=..........DownloadOffline=......Retry=......StartNow=......Later=....StartNowTips=...........InstallFailed=......InstallFailedTips=........................Restart=......btn_Restartnow=........lb_RestartText=...............lb_RestartTip=...........................FailedSolveSteps=.

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Danish.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4234
                      Entropy (8bit):4.9732153426133765
                      Encrypted:false
                      SSDEEP:
                      MD5:EB6CB6A1EA028CAC7AE61DADC568C2F9
                      SHA1:7DA5B3E2F2F3FE326BC5EB4F073DB2B46F3381AF
                      SHA-256:4524116093969EE206FA4F04D84346349ED551B4D7B87D4206E9A12D32AF5D61
                      SHA-512:1FF642BDAE2E7519EB0BA3802718146DB9440BD7356F363F51CEA82193E0222C01504D726D49588F4B523E8BB112068408C2EBBB8A669705499D4342A430F7DA
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Installer..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Installer nu..InstallRecommend=Installer %1..LicenseTps=Jeg har l.st og accepteret %1..LicenseClick=EaseUS licensaftale..CustomInstall=Installationsindstillinger..Languge=Sprog..InstallationPath =Installationsvej..AgreeExperience=Enig at deltage i Customer Experience Improvement Programmet..Downloading=Downloader, vent venligst.....WaitTime=(det forventes at vente i %1m %2s.)..Installing =Installerer, vent venligst.....DownloadFailed=Download mislykkedes..CheckNet=Kontroller netv.rksforbindelsen...DownloadOffline=Download offline..Retry=Fors.g igen..StartNow=Start nu..Later=Senere..StartNowTips=Vil du starte programmet nu?..InstallFailed=Installation mislykkedes..InstallFailedTips=Download offline for at f. fuld installationspakke eller genstart pc'en for at pr.ve igen...Restart=Genstart..btn_Restartnow=Genstart nu..lb_RestartText=Sikker p. at genstarte pc'en

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Dutch.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4503
                      Entropy (8bit):4.93018089287948
                      Encrypted:false
                      SSDEEP:
                      MD5:E4E098A3E165FC5ECB4CB806B7E6E9D8
                      SHA1:3384368FCFED720E743ABE5D4DA5F358BE22A11C
                      SHA-256:3FE882930B7C5299290AE6C0C20AE065BD915984B381436B1C3D1D1CBFC67127
                      SHA-512:76F6B463708AB529838AF6E66664B56D3E4959DFE82DBB9ECF9CB8EEAB63617DD8A7C8773ECA4B2A1703F19475A1E0AF31C6E992CB52F823DE29CDE16798A677
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Installatiewizard..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Nu Installeren..InstallRecommend=Installeer %1..LicenseTps=%1 gelezen en ga er mee akkoord..LicenseClick=EaseUS Licentie Overeenkomst..CustomInstall=Installatie-instellingen..Languge=Taal..InstallationPath =Installatiepad..AgreeExperience=Ik wil deelnemen aan het klanttevredenheidsonderzoek..Downloading=Downloaden, even geduld a.u.b......WaitTime= (Er wordt verwacht dat er wordt gewacht op %1m %2s.)..Installing =Installeren.....DownloadFailed=Downloaden Mislukt..CheckNet=Controleer de netwerkverbinding..DownloadOffline=In Browser Downloaden..Retry=Opnieuw Proberen..StartNow=Nu Beginnen..Later=Later..StartNowTips=Wilt u het programma nu starten?..InstallFailed=Installatie Mislukt..InstallFailedTips=Download offline om het volledige installatiepakket te krijgen of start de pc opnieuw op om het opnieuw te proberen...Restart=Opnieuw Opstarten..btn_Restartnow=Sta

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):1263112
                      Entropy (8bit):6.600651467754926
                      Encrypted:false
                      SSDEEP:
                      MD5:8A250A75859FE52116E706A640E6D77C
                      SHA1:473C36D9D80173636FAEEB0AE4AE9E047E4E9D8B
                      SHA-256:823AB6955052EF34218559B53D4F15224B5A850B532672FA33A7634DC74981DC
                      SHA-512:4B519B1DE8F6647A5CBBDA11084D096E8BBFE8F694F4FDA0E0F244B477F3F15C143254B044B046302AC79B136377894027D9BAA2D4BA67ED38F5A55F480A44B4
                      Malicious:true
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:unknown
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.1Z{._.{._.{._.\.1.z._....|._.r..._._.r...4._.r....._.\.2.v._.\.$.`._.{.^..._.e....._.r...8._.e...z._.r...z._.Rich{._.........PE..L......e.................F...................`....@.......................................@.................................D............................*..........g...............................L..@............`...............................text....E.......F.................. ..`.rdata.......`.......J..............@..@.data....\...0...4..................@....rsrc................@..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EasyLog.log

                      Download File
                      Process:C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):23370
                      Entropy (8bit):5.032535768080311
                      Encrypted:false
                      SSDEEP:
                      MD5:DF7DAFC4C46871085152CDBD3AEF1A7D
                      SHA1:77AB32F7AD5BAE61A6BB4115FA6D200305629E5B
                      SHA-256:496CC8D12748470832120B502AA5A151024F7E204A6305AF9DF49C31D6433F5D
                      SHA-512:7D2F9364A7E0F0FAB505798BD34E52971BA082F652FE6390358A4E37845F52D2CBA1F5D2075B47ECE734FE7B0F46AE3B413BB6A24A63959341F430449BFA6B1C
                      Malicious:false
                      Reputation:unknown
                      Preview:[1816]-11:18:36:454 ParseCmdLine param=EXEDIR=C:\Users\user\Desktop ||| EXENAME=drw_free_installer.756836.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0...[1816]-11:18:36:518 Install recomand return=259..[1816]-11:18:38:504 Install recomand return=259..[1816]-11:18:40:156 Install recomand return=259..[1816]-11:18:40:172 Install recomand return=259..[6352]-11:18:40:188 PostData Start download url=http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free...[6352]-11:21:14:540 PostData end..[6352]-11:21:14:540 StartPost error,code=28..[1816]-11:21:14:540 CHttpHelper::GetDownloadInfo 45 download info code:128..[1816]-11:21:14:540 CHttpHelper::GetDownloadInfo 60 redownload info count:1..[6380]-11:21:14:540 PostData Start download url=http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=756836&lang=English&pcVersion=home&pid=2&tid=1&version=free&tmpTime_=41...[63

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\French.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4738
                      Entropy (8bit):4.9952395764331605
                      Encrypted:false
                      SSDEEP:
                      MD5:1737B0DE1DA74E1D45285479CE66E556
                      SHA1:9FF6A57D9186F3AAE00E4C307959FF7CA24C118A
                      SHA-256:201229433F78F5CB87A9357921F34CAA2820B2917FF572E82A57D31DB5774E46
                      SHA-512:DBDFB1DE474EEA240D1797DC35143F7258F6EC19C4A74F2C47645CD4A4253654975B90D9BBFCB202CC33D3BF872BB2FB967AA7AAC5A25C6991DEC794C184C9A1
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Installateur..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Installer maintenant..InstallRecommend=Installer %1..LicenseTps=J'ai lu et accept. le %1..LicenseClick=contrat de licence d'EaseUS..CustomInstall=Param.tres d'installation..Languge=La langue..InstallationPath =Chemin d'installation..AgreeExperience=J'accepte de participer au programme d.am.lioration d'exp.rience d'utilisateur..Downloading=T.l.chargement, veuillez patienter.....WaitTime= (il est pr.vu d'attendre %1m %2s.)..Installing =Installation en cours .....DownloadFailed=Echec du t.l.chargement..CheckNet=Veuillez v.rifier la connexion r.seau...DownloadOffline=T.l.charger hors ligne..Retry=R.essayer..StartNow=D.marrer..Later=Plus tard..StartNowTips=Voulez-vous d.marrer le programme maintenant?..InstallFailed=L'installation a .chou...InstallFailedTips=T.l.charger hors ligne pour obtenir le package d'installation complet ou red.marrer le P

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\German.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4711
                      Entropy (8bit):4.942043533856361
                      Encrypted:false
                      SSDEEP:
                      MD5:DECAA2CBBACCAE2A64C588243FBD6435
                      SHA1:851020B5CD91A24720A2A61CC75108106679C618
                      SHA-256:4FFD51F20C76EE5D6CBAF16EA2AB9D0A0B0491E710C42D548724D5B5AAF3D55F
                      SHA-512:3B1EA0DEE1AABB64D9335B6FA7C62F6EA4D57DA94D37085D3D5D0E995FE9BF5A7F34FE4946D874850C595800BEE00E38E054BB47923014AB596AD00B1C06BED2
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Installationsprogramm..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Jetzt installieren..InstallRecommend=Install %1..LicenseTps=Ich habe die %1 gelesen und akzeptiere sie..LicenseClick=EaseUS Lizenzvereinbarung..CustomInstall=Installationseinstellungen..Languge=Sprache..InstallationPath =Installationspfad..AgreeExperience=Ich m.chte am Programm zur Verbesserung der Benutzerfreundlichkeit teilnehmen..Downloading=Wird heruntergeladen, bitte warten.....WaitTime= (es wird erwartet, dass Sie f.r %1m %2s warten.)..Installing =Installieren.....DownloadFailed=Download Fehlgeschlagen..CheckNet=Bitte .berpr.fen Sie Ihre Internetverbindung...DownloadOffline=Offline Download..Retry=Erneut versuchen..StartNow=Jetzt starten..Later=Sp.ter..StartNowTips=M.chten Sie jetzt das Programm starten?..InstallFailed=Installation fehlgeschlagen..InstallFailedTips=Laden Sie offline herunter, um vollst.ndiges Installationspaket zu erhalten,

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Indonesian.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4274
                      Entropy (8bit):4.952172846989875
                      Encrypted:false
                      SSDEEP:
                      MD5:38629FAB2999407FE8FA2DBABB097B57
                      SHA1:692493408FC72747128B5678C8E5140C8C59B49E
                      SHA-256:13F413DBFCBC4537D83F77E34EF0C9FA868BFA07792E990F4E94526CCEB79848
                      SHA-512:1AA8283F315617C12F2BF79F1BEEC98C7319FD26A507A566B4F1130067E468817373D71EF35C2B8BBABD60E304A467F06FEBE14FF5496871CDA80E6EDCD3A70B
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Menginstal..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Instal sekarang..InstallRecommend=Menginstal %1..LicenseTps=Saya telah membaca dan menerima %1..LicenseClick=perjanjian lisensi EaseUS..CustomInstall=Pengaturan instalasi..Languge=Bahasa..InstallationPath =Jalur instalasi..AgreeExperience=Setuju untuk berpartisipasi dalam Program peningkatan pengalaman Custmer..Downloading=Mengunduh, harap tunggu...WaitTime= (Diperkirakan menunggu selama %1m %2s.)..Installing =Instalasi.....DownloadFailed=Download gagal..CheckNet=Periksa koneksi jaringan...DownloadOffline=Download secara Offline..Retry=Coba lagi..StartNow=Mulai sekarang..Later=Kemudian..StartNowTips=Ingin Mulai Program Sekarang?..InstallFailed=Instalasi gagal..InstallFailedTips=Unduh offline untuk mendapatkan paket instalasi lengkap atau restart PC untuk mencoba lagi...Restart=Restart..btn_Restartnow=Restart sekarang..lb_RestartText=Tentu Mulai Ulang PC Sekarang?

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\InitConfigure.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Generic INItialization configuration [Language]
                      Category:dropped
                      Size (bytes):4153
                      Entropy (8bit):6.043636147359956
                      Encrypted:false
                      SSDEEP:
                      MD5:B71A433376606884D121F5017D0B58F2
                      SHA1:338C2ECCC9D45AEA410650302DC2D6ED5C27B24D
                      SHA-256:3833439CF03C0151A53B05E080878D39C36C28F68CBFCD2B6673A7B4ACB3BC0D
                      SHA-512:8B4AC6C2EDDCC774EAE8224DFF2E3A618A041E0DC0241CF8F469CE53E771DA28BF9836DF46AEEAD0162172B58B67B71007DFC1BCEE05D8BFDE5A41F2BEACD32A
                      Malicious:false
                      Reputation:unknown
                      Preview:[Product]..;LanguageType=English,....,Portugu.s,Fran.ais,Espa.ol,Deutsch,Nederlands,Italiano,.....;...............ProductID=2 ..ProductName=DRW..ProductExtentPath=EaseUS Data Recovery Wizard..ProductEventName=EaseUS_Data_Recovery_Wizard ..;..ID..RecommendProductID=1 ..;....ID..ProductProcess=DRW.exe,DRWUI.exe,EURawImg.exe,EuOfficeRepairWin32.exe..FreeVersionName=free..TrialVersionName=trial ..productContrastPage=0 ..;....... 1....0.....HasRecommendProduct=0 ..;.......,1....0.....homepage=normolPage..;....tbHomePage ebcHomePage ,normolPage ..InstallPath=EaseUS\EaseUS Data Recovery Wizard..;........BackUpPath=C:\Program Files..;......BProgramFilesPath=1..;.....program files 1. 0...InstallProgramFilesPath=C:\Program Files..;...program files.

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Italian.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4364
                      Entropy (8bit):4.874617869709843
                      Encrypted:false
                      SSDEEP:
                      MD5:AF930A64DA61B99CB120C8A3222456EB
                      SHA1:2B5F3F2EC77F649AABBC6CF40FE7DD337152E9EE
                      SHA-256:1287CD9E6626EC2081379694A309578C1D83BCA25B2C621D1A5D4608CD7AF9BF
                      SHA-512:4E7672D00C62CE1C7C437B99EAEC0FE48FAB3586E3D2AC8AB2A294FB30D30D52436AC7CE339023C6E3D56A4774F4ADD5C4B398568E087D3D930C8C63FD816CC6
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=Installazione di %1..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Installa Ora..InstallRecommend=Installare %1..LicenseTps=Ho letto e accetto le %1..LicenseClick=condizioni di licenza di EaseUS..CustomInstall=Impostazioni di installazione..Languge=Lingua..InstallationPath =Percorso..AgreeExperience=Acconsento di partecipare al programma raccolta statistiche anonime uso programma...Downloading=Download in corso, prego attendere.....WaitTime=(Ci vorrebero %1m %2s.)..Installing =Installando.....DownloadFailed=Scarica Fallita..CheckNet=Controlla la connessione di rete...DownloadOffline=Scarica Offline..Retry=Riprova..StartNow=Inizia Ora..Later=Pi. Tardi..StartNowTips=Avvia ora il programma?..InstallFailed=Installazione Fallita..InstallFailedTips=Scaricare offline per ottenere il pacchetto di installazione completo o riavviare il PC per riprovare...Restart=Riavvia..btn_Restartnow=Riavvia ora..lb_RestartText=Sei sicuro di voler

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Japanese.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5152
                      Entropy (8bit):5.791494327764329
                      Encrypted:false
                      SSDEEP:
                      MD5:76E3CFD74C8A8C99CCD461F17CBABD4D
                      SHA1:6200D3958A80AE2E7F10134256AD27EBE7037212
                      SHA-256:64EFC20036A6CAD10DDBDB014444C55B6DB93A481EE5FE84210DEB2377918BB8
                      SHA-512:3E69FF59296D8D36EC52C6FBA37252CA2E648BB51ABA0BDFE51FD8B2C341C4A9CE2722F372704706D9A34A40F1F38D90898ECD66FE3FBA0DE394A1457214C75E
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 .........ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=.............InstallRecommend=%1..........LicenseTps=...............%1..LicenseClick=EaseUS..............CustomInstall=..........Languge=....InstallationPath =.........AgreeExperience=.............................Downloading=..........................WaitTime= (......: %1m %2s)..Installing =.........DownloadFailed=...............CheckNet=...................DownloadOffline=..............Retry=.......StartNow=........Later=....StartNowTips=..................InstallFailed=.

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Korean.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4550
                      Entropy (8bit):6.037034351000263
                      Encrypted:false
                      SSDEEP:
                      MD5:81C343D7615A71FFA127E317C98B357E
                      SHA1:F0B469E102E13384C063AA78C454ABE83233698E
                      SHA-256:7E8E799B95A5E6F5AA8A18ACB78E6454E634AE52A4615F7A0B0740A51766A26F
                      SHA-512:B8C8E35C4CFC609ABA55548489063D2EACB310805A0922DDF63507BF8FC084C983690DC7CE82D373C78A896EAC2EF4EAF92EE666D37DE8E5FC0B62C10D8E896C
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 ....ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=.. ....InstallRecommend=%1 ....LicenseTps=.. .. .. %1..LicenseClick=EaseUS .... ....CustomInstall=.. ....Languge=....InstallationPath =.. ....AgreeExperience=... .. .. .... ... ........Downloading=.... ..... ... ... .........WaitTime= ( %1m %2s .. ... ... ......)..Installing =.. ......DownloadFailed=.... ....CheckNet=........ ... .........DownloadOffline=.... ......Retry=.....StartNow=.. ....Later=.....StartNowTips=.. ..... ........?..InstallFailed=.. ....InstallFailedTips=.. .. .... .... ...... ....... PC. .. .... .. ...

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\LanguageTransfor.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):325
                      Entropy (8bit):5.079622313957315
                      Encrypted:false
                      SSDEEP:
                      MD5:FFE692A67871185785EC705B1CC12C81
                      SHA1:06A12BFFDFF33024A7B8798BDCDCDA1FD7255BCC
                      SHA-256:373BEC6E7976324FF879C2988BAB772C69336D7BCB9A32386A6021568350A824
                      SHA-512:7ECDB5A4E625370888FB3A827CB668E934E29CA764177FCA04E4EB620BEC2B664FE498C0E9E73288BF977006EABA9618A4DC5A169E0FC5588A0874D9E6BB6C50
                      Malicious:false
                      Reputation:unknown
                      Preview:;...........[Language]..English=en..Japanese=jp..German=de..French=fr..Spanish=sp..Portuguese=pobr..Italian=ita..Dutch=dut..ChineseTrad=cht..Chinese=ch..Danish=Den..Swedish=Swe..Polish=Pol..Arabic=Arb..Korean=Kor..Russian=Rus..Norwegian=Nor..Indonesian=Ind..turkish=Tuk..Mungarian=Mun..Thai=Tha..Malay=Mas..

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Malay.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4341
                      Entropy (8bit):4.887667630289714
                      Encrypted:false
                      SSDEEP:
                      MD5:534A5DFA634D7B7DF7A581D4E1D08F78
                      SHA1:2C2AD2EF1DFBAFB69EDBA2F1EA7EFA152420DBA0
                      SHA-256:984E71C01CB1C2DFB260AE1C0F764F6BDF91E4F523F5DC4161B3D19456993CBB
                      SHA-512:7D4B6D6CCE8A6C7BF18803F69988FC54D80DD30E48DBB5336C587CEA8BC74CE1E553E1E549D43A2C2B6A2BA4D3538552DF4C5A684818A7E7EE63DB466C96EAE2
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 pemasang..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Pasang sekarang..InstallRecommend=Pasang %1..LicenseTps=Saya telah membaca dan menerima %1..LicenseClick=Perjanjian Lesen EaseUS..CustomInstall=Tetapan pemasangan..Languge=Bahasa..InstallationPath=Laluan Pemasangan..AgreeExperience=Bersetuju untuk menyertai Program Peningkatan Pengalaman Pelanggan..Downloading=Sedang Memuat turun..Installing=Memuat turun, sila tunggu...DownloadFailed=Muat turun gagal..WaitTime= (Ia dijangka menunggu selama %1m %2s.)..CheckNet=Sila periksa sambungan rangkaian...DownloadOffline=Muat turun Luar Talian..Retry=Cuba lagi..StartNow=Mulakan sekarang..Later=Kemudian..StartNowTips=Ingin Memulakan Program Sekarang?..InstallFailed=Pemasangan gagal..InstallFailedTips=Muat turun di luar talian untuk mendapatkan pakej pemasangan penuh atau mulakan semula PC untuk mencuba lagi...Restart=Mulakan semula PC..btn_Restartnow=Mulakan semula sekarang..lb

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Mungarian.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5647
                      Entropy (8bit):5.242008838233848
                      Encrypted:false
                      SSDEEP:
                      MD5:35331ED66C059568C54865EF7D41087C
                      SHA1:480FBFA2C4265C526B148A9725994C1C687355BD
                      SHA-256:F55A35E6D3CCC944D4C264E34244A127BCE54079621CAB25D9E8E53CC1F9AC07
                      SHA-512:70BD95CE94C32FCF5E252AA9762BA6BE8112D4F8FDD1172B3588246FA4A5E7C91E18179228BF9A5204FEF1D30563E7C69B1E1E0829310933A18B1478BF7F4199
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 telep.tse..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Felszerel most..InstallRecommend=%1 telep.t.se..LicenseTps=Elolvastam .s elfogadtam %1..LicenseClick=EaseUS licencszerz.d.st..CustomInstall=Telep.t.si be.ll.t.sok..Languge=Nyelv..InstallationPath =Telep.t.si .tvonal..AgreeExperience=Meg.llapodnak abban, hogy r.szt vegyenek custmer tapasztalat jav.t. program..Downloading=Let.lt.s, k.rj.k, v.rjon...WaitTime= (V.rhat.an %1p %2s.)..Installing =Telep.t.se.....DownloadFailed=Let.lt.s nem siker.lt..CheckNet=Ellen.rizze a h.l.zati kapcsolatot...DownloadOffline=Let.lt.s offline..Retry=.jra..StartNow=Elkezd most..Later=K.s.bb..StartNowTips=Szeretne most elind.tani a programot?..InstallFailed=Telep.t.s nem siker.lt..InstallFailedTips=T.ltse le offline .llapotban a teljes telep.t.csomag el.r.s.hez, vagy ind.tsa .jra a sz.m.t.g.pet, hogy .jra megpr.b.lja...Restart=Ind.

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Norwegian.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4331
                      Entropy (8bit):4.986041692080868
                      Encrypted:false
                      SSDEEP:
                      MD5:74F6E38B2B7AC3893B1AB6C092B854D1
                      SHA1:583B35335D479E9E3BC6B412A7CAE52FC1B3D3BF
                      SHA-256:9692FECB48E8745F26C235C8925F106E56E862CD1B7B8CA8C84B8CB751B7A748
                      SHA-512:0464BE71E6EEAC902346D1A5119612D7BDE62D2EFCB15D4A14CF88814294358E69BA592CFD5F4B86EEB72FE3E3A9C2EDF61510AE16B16CA5D0A591DBB416E0AF
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Installer..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Installer n...InstallRecommend=Installer %1..LicenseTps=Jeg har lest og akseptert %1..LicenseClick=EaseUS Lisensavtale..CustomInstall=Installasjonsinnstillinger..Languge=Spr.k..InstallationPath =Installasjonsvei..AgreeExperience=Godta . delta i Customer Experience Improvement Program..Downloading=Laster ned, vennligst vent.....WaitTime= (Det forventes . vente i %1m %2s.)..Installing =Installerer .....DownloadFailed=Nedlasting mislyktes..CheckNet=Vennligst sjekk nettverksforbindelsen...DownloadOffline=Last ned frakoblet..Retry=Pr.v igjen..StartNow=Start n...Later=Senere..StartNowTips=Vil du starte programmet n.?..InstallFailed=Installasjonen mislyktes..InstallFailedTips=Last ned offline for . f. full installasjonspakke eller start PC p. nytt for . pr.ve igjen...Restart=Restart..btn_Restartnow=Start p. nytt n...lb_RestartText=Sikker p. . starte PCen p.

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Polish.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4649
                      Entropy (8bit):5.225222333646186
                      Encrypted:false
                      SSDEEP:
                      MD5:DEF85351F7FDA76B962D6DE5F86F5FE5
                      SHA1:C47F43BCD9FF278429297B559E9103642C4A7EFC
                      SHA-256:E833E96EA0E4568FDDF90386AFDFF3F9BED6EA643FAF9EE6BC0938BE71344294
                      SHA-512:0A9FD9F708B7EECA12ED9F361B379EB1C89571E06679E06DC4DAA4A4694B29B25F69ADA42A8133CE8E067383B1A6579A320D91E543521EF9F555D17FBD9C01D4
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Instalacja..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Zainstaluj teraz..InstallRecommend=Instalacja %1..LicenseTps=Przeczyta.em i zaakceptowa.em %1..LicenseClick=umow. licencyjn. EaseUS..CustomInstall=Ustawienia instalacji..Languge=J.zyk..InstallationPath =.cie.ka instalacji..AgreeExperience=Zgadzam si. na uczestnictwo w programie poprawy jako.ci obs.ugi klienta..Downloading=Pobieranie, prosz. czeka....WaitTime= (Oczekuje si., .e b.dzie czeka. %1m %2s.)..Installing =Instalowanie.....DownloadFailed=Pobieranie nie poWiod.o si...CheckNet=Prosz. sprawdzi. po..czenie sieciowe...DownloadOffline=Pobierz w trybie offline..Retry=Pon.w pr.b...StartNow=Zacznij teraz..Later=P..niej..StartNowTips=Chcesz rozpocz.. program teraz?..InstallFailed=Instalacja nie poWiod.a si...InstallFailedTips=Pobierz offline, aby uzyska. pe.ny pakiet instalacyjny lub uruchom ponownie komputer, aby spr.bowa. ponowni

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Portuguese.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4433
                      Entropy (8bit):4.991097438110485
                      Encrypted:false
                      SSDEEP:
                      MD5:7DA92400736262F4E3032DC4B977AB39
                      SHA1:B08A564C2F4138714614DBE436673B724C9FA2B0
                      SHA-256:E22707B2E0E21C3DF87F7F85EDA9A3E76F98BDB76EDD3ED07CD19DBFA2CDC967
                      SHA-512:132E55942B2F4C638B32EE51FE5C1510E83F8D290076D4BBC86B5D6797B47C844D66C5EB84E14C98DC4912F0F5D4B1339B59B239C8E5C6404387E991728997BA
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=Instalador de %1..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Instalar Agora..InstallRecommend=Instalar %1..LicenseTps=Eu li e aceito %1..LicenseClick=Contrato de Licen.a da EaseUS..CustomInstall=Configura..o de instalar..Languge=L.ngua..InstallationPath =Caminho de instalar..AgreeExperience=Concordar em participar do Programa de Melhoria da Experi.ncia do Cliente..Downloading=Baixando, aguarde.....WaitTime=(espera-se esperar %1m %2s.)..Installing =Instalando.....DownloadFailed=Falha no Download..CheckNet=Verifique a conex.o de rede...DownloadOffline=Baixar off-line..Retry=Tente novamente..StartNow=Iniciar Agora..Later=Mais Tarde..StartNowTips=Quer iniciar o programa agora?..InstallFailed=Instala..o Falhada..InstallFailedTips=Fa.a o download offline para obter o pacote de instala..o completo ou reinicie o PC para tentar novamente...Restart=Reiniciar..btn_Restartnow=Reiniciar Agora..lb_RestartText=Tem certeza que

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Russian.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):6500
                      Entropy (8bit):5.159362915190586
                      Encrypted:false
                      SSDEEP:
                      MD5:5AFE8AE210DFF6FB6962030283B9EF2A
                      SHA1:F5F5DBB648466DF9F3D5CEB8C7770BFD7E2D5880
                      SHA-256:043B705D2B019574E7BEF57BD2DDA9E916BB85C56E4B375DDB5F5C06AB21B936
                      SHA-512:5607D47174D444E9CC1EB3DA0EF97773BF8B28096380DBD8C6AD1C3E0D0102D092A9B43661F48192E05CB09CACC51E4D5DDB98BF2E15C0FEF92B19ABDC61243F
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 ...........ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=.......... ........InstallRecommend=......... %1..LicenseTps=. ........ . ...... ............ %1..LicenseClick=.......... EaseUS..CustomInstall=......... ...........Languge=......InstallationPath =.... ...........AgreeExperience=....... ....... . ......... ......... ..... custmer..Downloading=........, ............WaitTime= (......... ..... ........ %1m %2s.)..Installing =..............DownloadFailed=.... ... ..........CheckNet=......... ....... ..............DownloadOffline=....... .........Retry=...........StartNow=...... ........Later=.......StartNowTips=......... .........

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Spanish.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4495
                      Entropy (8bit):4.949457770160705
                      Encrypted:false
                      SSDEEP:
                      MD5:BBB23BFC6347B444DC4E53D72988040B
                      SHA1:ED205392DF5999EBBD0A36BEA3EBCA1A2F33D2C3
                      SHA-256:8EBEB0AC321D81F5C5E5B5E157C554350CC224BB7222A1C97EFFC8FF987AC9C2
                      SHA-512:6EA1B732B6AAEABEAAE47630768972448BB34CC548B4F19C70ADBCE1D27FC01647B85749D0CD31682B823339D775CD9F4A6DDB7F35A643526C052FB8982112B9
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=Instalador de %1..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Instalar ahora..InstallRecommend=Instalar %1..LicenseTps=He le.do y acepto %1..LicenseClick=el acuerdo de licencia de EaseUS..CustomInstall=Configuraci.n de la instalaci.n..Languge=Idioma..InstallationPath =Ruta..AgreeExperience=Acepto unirme al Programa para la mejora de la experiencia del usuario..Downloading=Descargando, por favor espere.....WaitTime= (se espera %1m %2s.)..Installing =Instalando......DownloadFailed=Descarga fallida..CheckNet=Compruebe la conexi.n de red...DownloadOffline=Descargar fuera de l.nea..Retry=Reintentar..StartNow=Ejecutarlo ahora..Later=M.s tarde..StartNowTips=.Quiere abrir el programa ahora?..InstallFailed=Instalaci.n fallida..InstallFailedTips=Descargar sin conexi.n para obtener el paquete de instalaci.n completo o reiniciar el PC para intentarlo de nuevo...Restart=Reiniciar..btn_Restartnow=Reiniciar ahora..lb_RestartTex

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Swedish.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4333
                      Entropy (8bit):5.034197413624276
                      Encrypted:false
                      SSDEEP:
                      MD5:2C206DD32AAE28D37379B6C3996705F3
                      SHA1:BA777AA9E71E6C9974785B6B5FF1BFE761F4938F
                      SHA-256:E708764646CC998C00D5CB4A916E9EC28DBA59C1A9DFDFF39EC4214EC2A65DAF
                      SHA-512:54B1589121AD89CEFBF62F512FE5C82DAC21342D3F27428AD9CF93B7A6B0CB2C7EC42658C8748F8F33B2DCE18E2D6079BEA33F53DED20D7A938C13B37C50DF80
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Installer..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Installera nu..InstallRecommend=Installera %1..LicenseTps=Jag har l.st och godk.nt %1..LicenseClick=EaseUS licensavtal..CustomInstall=Installationsinst.llningar..Languge=Spr.k..InstallationPath =Installationsv.gen..AgreeExperience=Enas om att delta i programmet Customer Experience Improvement..Downloading=H.mtar, v.nligen v.nta.....WaitTime= (Det f.rv.ntas v.nta i %1m %2s.)..Installing =Installerar.....DownloadFailed=H.mtning misslyckades..CheckNet=Kontrollera n.tverksanslutningen...DownloadOffline=H.mta offline..Retry=F.rs.k..StartNow=B.rja nu..Later=Senare..StartNowTips=Vill du b.rja programmet nu?..InstallFailed=Installation misslyckades..InstallFailedTips=Ladda ner offline f.r att f. fullt installationspaket eller starta om datorn f.r att f.rs.ka igen...Restart=Omstart..btn_Restartnow=Starta om nu..lb_RestartText=.r du s.ker p. att star

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Thai.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):8489
                      Entropy (8bit):4.542747482857118
                      Encrypted:false
                      SSDEEP:
                      MD5:6E1EDD82F7D13D4A811982392466C002
                      SHA1:4A6F3C8C945D485E6EAAD7DE6F334CFC8033B352
                      SHA-256:69394BA3B1F01C4218E169A6E16B56C2C857BA9B0D7B1FD57FA808249E68793B
                      SHA-512:F19B3DC3D96F9E88A77BE9EB726DB353E803EDDCADB55072935FBCCD51DB6B9B34FFEAAE1EE294CC12E1FE9AF0BFC3B821E2ECF79DB63E46E0F86D30A79517A4
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=.......... %1..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=.................InstallRecommend=....... %1..LicenseTps=................... %1 ......LicenseClick=...................... EaseUS..CustomInstall=......................Languge=......InstallationPath=...................AgreeExperience=................................................Downloading=.............. ..................WaitTime=(.................. %1m %2s)..Installing=..............DownloadFailed=...........

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Turkish.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4661
                      Entropy (8bit):5.247656049357231
                      Encrypted:false
                      SSDEEP:
                      MD5:0A80A0D0AC19F97D6133DC156499DC0B
                      SHA1:29F54F8925E47CA22EECC1E65A698F5331D76E53
                      SHA-256:29499DA747B2FA0CC759DE34D085682256912F4AB27E3ED64ACEE2F2474E355E
                      SHA-512:899C54C48C19E8E8966DB086737DBA3C4A04916A339239BD5D9D3A4682B65140E670AAC29B736E5ACFCC60C493E9A0ABD713756AEDA2F7C7E7972A3C58C7E679
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Y.kleyicisi..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=.imdi Y.kle..InstallRecommend=%1 Y.kle..LicenseTps=%1 okudum ve kabul ediyorum..LicenseClick=EaseUS Lisans S.zle.mesi'ni..CustomInstall=Y.kleme ayarlar...Languge=Dil..InstallationPath =Kurulum Yolu..AgreeExperience=M..teri Deneyimi .yile.tirme Program.na kat.lmay. kabul ediyorum..Downloading=.ndiriliyor, l.tfen bekleyin...WaitTime= (%1m %2s kadar beklenmesi bekleniyor.)..Installing =Y.kleniyor..DownloadFailed=.ndirme Ba.ar.s.z Oldu..CheckNet=L.tfen a. ba.lant.s.n. g.zden ge.irin...DownloadOffline=.evrimd... .ndir..Retry=Yeniden Dene..StartNow=.imdi Ba.lat..Later=Sonra..StartNowTips=.imdi Program. Ba.latmak .stiyor Musunuz?..InstallFailed=Kurulum Ba.ar.s.z Oldu..InstallFailedTips=Tam kurulum paketini almak i.in .evrimd... indirin veya tekrar denemek i.in PC'yi yeniden ba.lat.n...Restart=Yeniden Ba.lat..btn_Rest

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunConfig.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:modified
                      Size (bytes):1396
                      Entropy (8bit):3.919987572798006
                      Encrypted:false
                      SSDEEP:
                      MD5:4810AABCCCBC84873BCAA0C1187EFD0E
                      SHA1:A82AD9704A1CE4E4CF3557CD18C3FA3DA17670B7
                      SHA-256:9CC27FA5C1C9A9A1E3CFD766D4158E097BBF43125C69F2615D3BDB291620FAAF
                      SHA-512:CAE5A1CD884BAE0463CF94DC40AD65C19CAFCDBC21253BCDB61B20499BFA3AE7E2DC20EA3A2D8EDE3CB9684BCAD5DAB1D3D0662B5369120363779652366124AB
                      Malicious:false
                      Reputation:unknown
                      Preview:......[.C.o.n.f.i.g.].....L.O.G.E.N.D.P.O.I.N.T.=.W.k.Z.o.T.m.R.G.c.F.h.S.b.n.B.r.U.X.p.C.N.F.R.H.M.T.R.k.b.H.A.1.T.l.d.o.a.V.I.y.d.z.F.a.R.m.M.x.Y.W.1.O.N.U.5.X.c.G.l.N.a.k.E.5.....A.C.C.E.S.S.K.E.Y.I.D.=.V.k.V.a.U.1.F.s.T.l.Z.T.a.1.Z.U.U.0.d.S.T.l.V.6.Q.j.B.N.b.U.1.3.W.j.N.o.U.F.V.U.M.D.k.=.....A.C.C.E.S.S.K.E.Y.S.E.C.R.E.T.=.V.1.d.4.T.2.Q.w.O.U.d.a.R.n.B.O.U.k.V.a.T.1.d.q.T.m.9.T.b.E.Z.1.V.G.p.G.U.2.V.r.W.k.t.Z.M.V.J.D.Y.z.A.x.W.G.F.G.T.l.d.h.b.V.J.o.V.1.d.0.T.m.V.R.P.T.0.=.....P.R.O.J.E.C.T.N.A.M.E.=.V.2.x.k.R.2.V.s.c.F.l.W.b.n.B.o.V.n.p.W.d.F.l.u.Y.z.l.Q.U.T.0.9.....L.O.G.S.T.O.R.E.N.A.M.E.=.W.W.t.j.N.W.J.t.T.X.p.V.b.l.p.q.Y.l.Z.a.b.V.d.r.a.E.t.N.M.W.d.5.Y.k.h.j.P.Q.=.=.....L.O.G.S.T.O.R.E.N.A.M.E.2.=.W.W.t.j.N.W.J.t.T.X.p.V.b.l.p.q.Y.l.Z.a.b.V.d.r.a.E.t.N.M.W.d.5.T.l.h.a.a.F.d.F.R.T.k.=.....b.A.l.l.o.w.S.e.n.d.I.n.f.o.=.1.....b.A.u.t.o.A.d.d.U.i.d.=.1.....b.A.u.t.o.A.d.d.T.i.m.e.s.t.a.m.p.=.1.....b.G.e.n.e.r.a.t.e.T.e.s.t.I.n.f.o.=.1.....n.b.L.i.m.i.t.K.e.y.v.a.l.u.e.M.a.x.L.e.n.

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrap.dll

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):494088
                      Entropy (8bit):6.701938599658677
                      Encrypted:false
                      SSDEEP:
                      MD5:58968E221F2522D98DBFE7574D0C44AA
                      SHA1:424B55216F2C832202C01363E013546380F5312A
                      SHA-256:265170E701EC453B13249E7A4E4F401B87FAE79442CCE77060213EBCD03828C0
                      SHA-512:9BBA6FFBEC9B6D3DE7B530B056098465A54B66494DB7E7CA82E8C98802FB5A1CB500F5D505387F2A33FB9A42A533D5838B1125EF14AFAD11285410652C6F07B5
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:unknown
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[@...!.K.!.K.!.K.nfK.!.K.YtK_!.K.YeK.!.K8.K.!.K.!.K.!.K.YsK. .K.YzK.!.K.YbK.!.K.YaK.!.KRich.!.K........PE..L......]...........!.........>......)........0......................................p.....@.................................H........`...............`...*...p..07.. 3..................................@............0...............................text............................... ..`.rdata.......0......."..............@..@.data....E..........................@....rsrc........`......................@..@.reloc...D...p...F..................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):110088
                      Entropy (8bit):6.438187182004648
                      Encrypted:false
                      SSDEEP:
                      MD5:F3B9A2D94682FEE26FC079BA1E0FB040
                      SHA1:FF9E89FBCB6939095ECFA34438D9E6EBF9AD6FB4
                      SHA-256:CDC9EE419589B8E378B030A5180B12CF4E1FC2FA132DBAF0E961ADBE3C782E55
                      SHA-512:40BAA3D59EB931EEAB583ECBD4526031BC8D455192D69C3F87B9220EBAAB194A2922E4A3E9E36DB3A587F56961C0686B81BCEC8382AC02F968F31B566581BBBD
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:unknown
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i....,...,...,...,...,...,...,...,...,...,...,.2|,...,...,...,...,...,...,...,Rich...,................PE..L......].....................l.......z.......0....@.......................................@.................................0e..x........................*...........1..............................`V..@............0..l............................text............................... ..`.rdata...=...0...>..................@..@.data...`-...p.......V..............@....rsrc................h..............@..@.reloc...............j..............@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\DataFile.ini

                      Download File
                      Process:C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:modified
                      Size (bytes):1070
                      Entropy (8bit):3.8310479542830578
                      Encrypted:false
                      SSDEEP:
                      MD5:D0F1346E48B046C68994E69FC39E960A
                      SHA1:B4AFB139FB4C0FBDF558C8F8B232BFA0DE947BA8
                      SHA-256:CF266F8F0C889922C23E9375C7FEAEED0F40D4967253CD7A5B141E16095C717B
                      SHA-512:BF75C6A670E3847FC1B8B7304B850EFCBC3AB1D8A25A85AF841C4E1C4BB9EE16C06494DF5620BE9382E76C91D0611B6DBCADF23C39978C06E5EDC7DBF7D86009
                      Malicious:false
                      Reputation:unknown
                      Preview:......[.H.E.A.D._.D.A.T.A.].....T.O.T.A.L.C.O.U.N.T.=.3.....S.T.A.R.T.I.N.D.E.X.=.0.....[.I.T.E.M._.1.].....K.E.Y._.0.=.T.i.m.e.s.t.a.m.p.....V.A.L.U.E._.0.=.1.7.1.6.3.9.1.1.2.0.....K.E.Y._.1.=.W.i.n.d.o.w.....V.A.L.U.E._.1.=.H.o.m.e._.I.n.s.t.a.l.l.e.r.....K.E.Y._.2.=.A.c.t.i.v.i.t.y.....V.A.L.U.E._.2.=.C.l.i.c.k._.F.o.l.d._.C.u.s.t.o.m.....P.A.R.A.M.C.O.U.N.T.=.3.....[.I.T.E.M._.2.].....K.E.Y._.0.=.T.i.m.e.s.t.a.m.p.....V.A.L.U.E._.0.=.1.7.1.6.3.9.1.1.2.0.....K.E.Y._.1.=.W.i.n.d.o.w.....V.A.L.U.E._.1.=.H.o.m.e._.I.n.s.t.a.l.l.e.r.....K.E.Y._.2.=.A.c.t.i.v.i.t.y.....V.A.L.U.E._.2.=.C.l.i.c.k._.I.n.s.t.a.l.l.....K.E.Y._.3.=.A.t.t.r.i.b.u.t.e.....V.A.L.U.E._.3.=.{.".C.o.u.n.t.r.y.".:.".S.w.i.t.z.e.r.l.a.n.d.".,.".I.n.s.t.a.l.l._.P.a.t.h.".:.".C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.E.a.s.e.U.S./.E.a.s.e.U.S. .D.a.t.a. .R.e.c.o.v.e.r.y. .W.i.z.a.r.d.".,.".L.a.n.g.u.a.g.e.".:.".E.n.g.l.i.s.h.".,.".O.s.".:.".M.i.c.r.o.s.o.f.t. .W.i.n.d.o.w.s. .1.0.".,.".P.a.g.e.i.d.".:.".7.5.6.8.3.6.".,.".T.i.m.

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exe

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):67592
                      Entropy (8bit):6.539401493696455
                      Encrypted:false
                      SSDEEP:
                      MD5:99891AAA0E15B2A514A4FF5C9EC03F4D
                      SHA1:FAF215763908A9A6B8413C7E40293FE4BE9BFE7B
                      SHA-256:505AB42F0F376A4D8576BBEC9CFDCE43DEABE168356DEE760000319A73E72611
                      SHA-512:36F6D66987506A938FAA7503E0FA3A6CF76AA9CA6A30EA7CB7E80D058CF203EAE152EF97B2329BA83BB18FC70430A2E00E9AA1F408E94B132813B4BF741697DE
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:unknown
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....S..S..S..:S!.S..+S..S..=ST.S#..S..S..SJ.S..4S..S../S..SRich..S........PE..L......].....................N......M'............@.......................... .......7....@.................................t...<........................*..........@...................................@............................................text............................... ..`.rdata..@(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc.."...........................@..B................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\tempInfo.web

                      Download File
                      Process:C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:CFCD208495D565EF66E7DFF9F98764DA
                      SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                      SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                      SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                      Malicious:false
                      Reputation:unknown
                      Preview:0

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\downloader.ico

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:MS Windows icon resource - 10 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                      Category:dropped
                      Size (bytes):66622
                      Entropy (8bit):7.200049591188769
                      Encrypted:false
                      SSDEEP:
                      MD5:E7BA7ED202773284C3DD85E4162C38D3
                      SHA1:7467DA2D1455C5AF1419DA18FEAE2CB5C3558A3D
                      SHA-256:AA4DF8B6F5BC456121EAFD03857098E56A4357A2BAE7CDD651CAFD2CFD78AC7D
                      SHA-512:87DCA3BCEF8B309A501FFE3EEFB5B20194DCF3B9729F024577F3D57DC025643E556C5C01797606483590E5DBD28502425C5F603A0077CC2E4561DDDD0322EFC1
                      Malicious:false
                      Reputation:unknown
                      Preview:..............(....... ..............00......h...............h....... ..............00.................... .h....'.. .... .....>,..00.... ..%...<........ ......b..(....... ..........................................................................................................FF.....F.lf@...l|f.........`...............f..~~...@...~....g..w..`.....@......@....n`.......@....FFF...............?..........................................................(... ...@......................................................................................................................d..............g.t`............llf.d..........g..lf.F@.......~..v.lln.@.....N..l.v.f|f@..........ll.l.`...........lf.|`..........|...f@.......g.n.l||.`......|.|l~.n.@........n.n...p...........~...V............`.g...........@.......w|..f`..h.........t....F....y..x...V............`............~..............@.....~........`.........................~.~............................p.....

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\english.ini

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4030
                      Entropy (8bit):4.974804558492645
                      Encrypted:false
                      SSDEEP:
                      MD5:514C7CFA0101EAE70994AFD3FA7801C3
                      SHA1:BD6249FE023542C5BE1180B76343E4E220BE7148
                      SHA-256:A6237A06959F1BF65FC2B3E77AE509D3BCA1713340227B7FBB66E28DA4F84404
                      SHA-512:D889FFD4495EC023394D1170B97BF40FAD9FF202B36500FE85D6620CC08E3C42580CAF6992C09817646A93D253CFECE8E94B66B14E6EEE5CEFCE3F91B5FA4919
                      Malicious:false
                      Reputation:unknown
                      Preview:[string]..InstallerName=%1 Installer..ProductName=EaseUS Data Recovery Wizard..RecommendProductName=Mobimover..InstallNow=Install Now..InstallRecommend=Install %1..LicenseTps=I have read and accepted %1..LicenseClick=EaseUS License Agreement..CustomInstall=Installation settings..Languge=Language..InstallationPath =Installation Path..AgreeExperience=Agree to participate in Customer Experience Improvement Program..Downloading=Downloading, please wait...WaitTime= (It is expected to wait for %1m %2s.)..Installing =Installing, please wait...DownloadFailed=Download Failed..CheckNet=Please check the network connection...DownloadOffline=Download Offline..Retry=Retry..StartNow=Start Now..Later=Later..StartNowTips=Want To Start Program Now?..InstallFailed=Installation Failed..InstallFailedTips=Download offline to get full installation package or restart PC to try again...Restart=Restart PC..btn_Restartnow=Restart now..lb_RestartText=Sure to Restart PC Now?..lb_RestartTip=In most cases, progr

                      C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\skin.zip

                      Download File
                      Process:C:\Users\user\Desktop\drw_free_installer.756836.exe
                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                      Category:dropped
                      Size (bytes):1499226
                      Entropy (8bit):7.9845663401363405
                      Encrypted:false
                      SSDEEP:
                      MD5:784C6F9B53521F4CB115532F49B67A36
                      SHA1:7DCD0E24B7940156FC5BE4EDB185A57A030B45EF
                      SHA-256:A0951464134E2AF94ECD389EA9C0F3D784BAE909F60EB2F45D7764B4DBDE7A73
                      SHA-512:88851E60A1EC3974558B45E422B2A6B412A2A87603E9A1A61BA5491D2C8475C269F29164DD25AC7A3C72D0AD190437E0DC93C02C6A9F2C85BA599C89ED315F21
                      Malicious:false
                      Reputation:unknown
                      Preview:PK.........Y.W..1Pd...........bg.png..+.q..?....lY!...Nd..V+.g=...rP..F6R.Ma.\.EqQ..\...J..v..\...F).G.......O.....|?..j..e2...`R......W..&.......\NHd..i#...1...).@V&@.Fh.i..q.<KX..J.m..%f...K...@.]....y...8.V..,F.'.s.|.So..k...r........U.Q..X...T..D.c.wj#d....gDTS.=z...G..=z......>.q9.;a..2..n.A...CR.~.\......8b..........E.BG...9..# ..K.g.7.H.SG@......OPK.........Y.W..W7............configpage.xml.X...@.^.S.u.... &?...D..1!.....i.......nbt.eaL...x{.Q\....B.......7....x.ym..2.il;..T.$K.S.i..:....mi[..v.P..q.U,....K.....7......o...........6'.b.W.2...)....H.../.1;C4nt...A............`c...S..6..,0.d'..ff..nH.....G&.FKB`"l.2.......,.M.v..._.c.!?..q.f6.........{.Ug..3..8.&u9.&.J....-.6(H@..Y..d.;J....J-q......x*.......t........Y.hn..u0.e0.8....>.@.&..EQ........j1n.p9g....s....k.l..6s..>r.&....Eh..j..S.Gz..e...)...I.}/..b.K!..[..6./.d0.4..EC.1.V.khc...4.(}.._`.{.D..Rv,.G.g.......r....UfY.j......c).,Mq..(..>...n._..s.Y..U.S.`

                      C:\Users\user\Desktop\drw18.0.0.0_free.exe.temp

                      Download File
                      Process:C:\Users\user\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):78739160
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:830C17091B3CB1374A4FA17CAF2623A4
                      SHA1:1680D500DC1FBF18425C9C20A0CF25941ED2569F
                      SHA-256:066B6DF19ED27A17B795330CECA66DCBAD27F0678CBB88E7379714546E765209
                      SHA-512:B89CB6F1B736467887CFCC74F243D63603961C9CD803B702930B756BECAA84533516424D5FD53A116147A701841CC448CD2FF15FF631770C6B12788246F5AA39
                      Malicious:false
                      Reputation:unknown
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                      Entropy (8bit):7.99146778985103
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:drw_free_installer.756836.exe
                      File size:2'654'624 bytes
                      MD5:6e3bc255dc7b79e452c66610c741eb95
                      SHA1:972d9adbec19dd1277b4329fa13641847ca18c87
                      SHA256:bdb74a31956e7c2ce7a3c6344ac7265d84b735c1038a390168f01d6d9fa43b3a
                      SHA512:8f79aff54a92394ee1098c92b7bb0880369cdacf0aa482475edb47857838687eb06ec2f33075eb2343c54284d8cf8ccf6e50cbe4a96ed36f63321796eb1f8562
                      SSDEEP:49152:e/jU67vjsddEhjFGNS9LXQOjOQKK6bxM1vehddPa46JFUxkVxq6ZBcMucAtL:2U67vYUhjjV5OdbOUhDPWTUq9cMPOL
                      TLSH:F2C533092380D11BEC8484318FDD34B52A966D234CE65E53A305FFAC73956DABC52BAF
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...<.oZ.................h.........

                      File Icon

                      Icon Hash:33336d693b2b1f0e

                      Static PE Info

                      General

                      Entrypoint:0x40338f
                      Entrypoint Section:.text
                      Digitally signed:true
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x5A6FED3C [Tue Jan 30 03:57:48 2018 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:b34f154ec913d2d2c435cbd644e91687

                      Authenticode Signature

                      Signature Valid:true
                      Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                      Signature Validation Error:The operation completed successfully
                      Error Number:0
                      Not Before, Not After
                      • 21/09/2022 02:00:00 03/12/2024 00:59:59
                      Subject Chain
                      • CN="CHENGDU YIWO Tech Development Co., Ltd.", O="CHENGDU YIWO Tech Development Co., Ltd.", L=, S=, C=CN, SERIALNUMBER=91510107765360104N, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=, OID.1.3.6.1.4.1.311.60.2.1.2=, OID.1.3.6.1.4.1.311.60.2.1.3=CN
                      Version:3
                      Thumbprint MD5:65C6F555EF8DAC075EB0C1097C43862C
                      Thumbprint SHA-1:E044E920D56ECE15D7A21DD058651A3F2166CFD6
                      Thumbprint SHA-256:65178EE438BD0ECB878802F6229C71E6497627671344247DA9FCF37C1DAF74BC
                      Serial:03BD221937F2D796FA7029547B190301

                      Entrypoint Preview

                      Instruction
                      sub esp, 000002D4h
                      push ebx
                      push esi
                      push edi
                      push 00000020h
                      pop edi
                      xor ebx, ebx
                      push 00008001h
                      mov dword ptr [esp+14h], ebx
                      mov dword ptr [esp+10h], 0040A2E0h
                      mov dword ptr [esp+1Ch], ebx
                      call dword ptr [004080A8h]
                      call dword ptr [004080A4h]
                      and eax, BFFFFFFFh
                      cmp ax, 00000006h
                      mov dword ptr [00434EECh], eax
                      je 00007F592D38F003h
                      push ebx
                      call 00007F592D3922B5h
                      cmp eax, ebx
                      je 00007F592D38EFF9h
                      push 00000C00h
                      call eax
                      mov esi, 004082B0h
                      push esi
                      call 00007F592D39222Fh
                      push esi
                      call dword ptr [00408150h]
                      lea esi, dword ptr [esi+eax+01h]
                      cmp byte ptr [esi], 00000000h
                      jne 00007F592D38EFDCh
                      push 0000000Ah
                      call 00007F592D392288h
                      push 00000008h
                      call 00007F592D392281h
                      push 00000006h
                      mov dword ptr [00434EE4h], eax
                      call 00007F592D392275h
                      cmp eax, ebx
                      je 00007F592D38F001h
                      push 0000001Eh
                      call eax
                      test eax, eax
                      je 00007F592D38EFF9h
                      or byte ptr [00434EEFh], 00000040h
                      push ebp
                      call dword ptr [00408044h]
                      push ebx
                      call dword ptr [004082A0h]
                      mov dword ptr [00434FB8h], eax
                      push ebx
                      lea eax, dword ptr [esp+34h]
                      push 000002B4h
                      push eax
                      push ebx
                      push 0042B208h
                      call dword ptr [00408188h]
                      push 0040A2C8h

                      Rich Headers

                      Programming Language:
                      • [EXP] VC++ 6.0 SP5 build 8804

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x450000x10d40.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x2857980x2a08
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x66270x68008c030dfed318c62753a7b0d60218279bFalse0.6642503004807693data6.452235553722483IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x80000x149a0x1600966a3835fd2d9407261ae78460c26dccFalse0.43803267045454547data5.007075185851696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0xa0000x2aff80x600939516377e7577b622eb1ffdc4b5db4aFalse0.517578125data4.03532418489749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .ndata0x350000x100000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0x450000x10d400x10e007bbd1f2fb3b11360c391d2f92105e8b7False0.7578559027777778data7.140371794785311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0x453400xa1b0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9976323927328953
                      RT_ICON0x4f4f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3817427385892116
                      RT_ICON0x51a980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4978893058161351
                      RT_ICON0x52b400xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.3744669509594883
                      RT_ICON0x539e80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.45126353790613716
                      RT_ICON0x542900x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.43353658536585366
                      RT_ICON0x548f80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.5086705202312138
                      RT_ICON0x54e600x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6640070921985816
                      RT_ICON0x552c80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.5389784946236559
                      RT_ICON0x555b00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.6351351351351351
                      RT_DIALOG0x556d80x100dataEnglishUnited States0.5234375
                      RT_DIALOG0x557d80x11cdataEnglishUnited States0.6056338028169014
                      RT_DIALOG0x558f80x60dataEnglishUnited States0.7291666666666666
                      RT_GROUP_ICON0x559580x92dataEnglishUnited States0.6232876712328768
                      RT_MANIFEST0x559f00x349XML 1.0 document, ASCII text, with very long lines (841), with no line terminatorsEnglishUnited States0.5517241379310345

                      Imports

                      DLLImport
                      KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                      USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                      SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                      ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States