Windows Analysis Report
mirrorto_setup.exe

ID:	1467121
Product:	CloudBasic
Start time:	17:59:34
Start date:	03.07.2024
Sample:	mirrorto_setup.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d75d8acc3266e89d6c66fe0e0df367f4
SHA1:	c0992c765155d911407745ed8304361b829ea2df
SHA256:	6aeca8fb7a286e161a6cb63e73de78775d2bf6d031b3d1db883bf73f6c1e54b0
Filetype:	Win32 Executable (generic) a (10002005/4) 98.81%

Name	Type	MD5	SHA1	SHA256
C:\Program Files (x86)\imyfone_down\mirrorto_setup\Log\imyfone_down.log	ASCII text, with CRLF, CR line terminators	ED20CE266786BCE495F993F77C075276	A1A9C6CDD1C13CDF398E6ADED89827BE2E7CA887	CAD83F9936D8F54C6D9623C7B98314A15FCFCBAB4FA023FD08E639262C580BD7
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Arabic\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	1477D7A1B6D71E9CA299EFAD16EC62EF	D289D64AC49C4E89763D73295FF1DD2AA77F6579	0C64B754F13CDA4288055D8D87BACFF19057F478ED0AC88EF3721F9B25F456FC
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Arabic\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	18F0A45B8FEE05F2AD547D483ACF16A6	4CEE35F5357F7912991B04B5F0B3C646C5985E25	BC4A609A31234A066B449B780B9E0EB2F0B29AA08651191E5DAD98378FCB148C
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\ChineseTW\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	13F247A6A657BAB6C9B7BEA6EC94C2CD	5012D4065E96673DCF4D75878DD4B65EBA6B1F16	E2DEEC4387878ADDA59DD536924218ECB3A862561C1D9F0808798AFCABDC19EA
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\ChineseTW\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	AADF9863AC84C555821DA2E30B7363D5	43922BC5DDB87A277FDACC696942088255B4E1D7	E1544073037A407D0E83DFDC96730FF4B774DC5A7E3E5E75D370BB27934BC68E
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Chinese\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	FAB7B7FCAE3F385AEB2A04C4D3A5FD49	8A522406471153C87CEF4DA972EADA66789995E6	8279F83E222BC42C86EC3977F806722BDCA66EAC25A2A4ECE9FCC121D34CA5D3
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Chinese\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	4C26C9F59C97D5AED8A3610E4A4772FA	9BD5655A94F87AAEF2FDCA423F55B3312B5E2B6D	DEAA80415D0B4BC1EA3EA245D2BA0DA6E883542F9B2B087F90B1017E10B610DD
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Dutch\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	44F12BE424D73AED01CC21F0260B64A9	25167FFED38CA563C592EF07A0D07F609A6EE115	424F010BBC877D24B08484281CAC1F19B91F6B2840C179FF7E06202FB0F1E61A
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Dutch\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	EB91B75E9502088C6A6C15D453ABD834	E5A419282C55AEE89298E939E86B3C3ECBF95519	D2F992FB399C47C04A85152BEB3C347FA0921A0985A63DBA886CA49D7CE20AAF
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\English\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	A7AF9EF96697343DE86553F865358464	EE4CFA06EE5D86574A217F6A58019C0D9B5A40F5	06DEAD4353E1F7B8C22271997FA211E1E388322181459C2805DE5953605C203A
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\English\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	6D4B954917B8555ACA6E1F581F6F7FDA	307FD8BC0D0A1CD9359EC1B9B36C4006D53E7196	368275E355DC8FCFDD1A23E8126FB67A2C88FEF86C8F924C3778FB9783F7E4D5
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\French\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	168BF2F99E169A748037430BA4701541	2E102E3D126851782C3A84B1AD675DBDE8F63606	855DAD90753D9D6E01892352B327944BB52E67C80E6505D9BB35F3C55288AA79
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\French\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	6CE3DAE135C6B7A02AFED123577B2B5B	A5DF5ACB362DDAC411398811A6E9EC0EB0E3EDF4	FFCA8E2FA72A7437BE33BCFD53AB85C4BC57A2DF841EC2C0BA5F831F52BEB50C
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\German\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	E59BA73C4A223A4BF896C844AEAC9816	3D2501DF64B7C8DB877C9D8598B6CF4EA2F3A90C	0D78400EE3FB94C414637DF6B275CB35C9D82BD3FDA365A25A6874D09315ADBC
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\German\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	216B30F0111A85A8580139064E90E94B	A3BCFBDF6A066B52F1DAD981B40DDFB7E23F4E17	2F59EB3FBF9EF009CD7C000B4BD3A21C50C8FEF68EDF3FAAFB73EC80842F03C5
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Indonesian\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	200BA93C62FCC0558E56BD287DC59190	A9CCF3F723907DC84D8471421B35F78C914935D9	BA69A7CE13CD7096E555F0EE76A78A33F51DD382647F98BE9CBAAC7039DF1022
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Indonesian\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	4C617C9439CE5EEA2F9CFB82A4C228FB	F3A1B53E834CD99391997602980D255AA16FA303	76605E5B27790E2F4B6BB56DEEEA159A0532E94BAC7D8722E957DB22DB8F27DD
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Italian\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	0CF2CCC373EE312E59F142AB797FA39A	84B23B204A50B22D37280B1986F41E495F44C117	E11FB2B902EC12890F100AE453E1DE4E25FD21DB7B8F8A92C2749E8F084CC1B6
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Italian\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	0637DC8335D960B078C22D3FB93AA0C4	F46D252DF350061590DB1C975A2CDE99D623854D	676E85576CB2BF9547891CDD42C851CFCF07C76B99662E55D1DB2BF79D52FE39
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Japanese\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	B074498038B2FF3D0446B1D9B9F8CED9	8347851E85EB78DB2C6088D3A228C55BC36F8AB1	56286F40261DDA0707B7A881DB25B13D2BF1F5F5584D4A38E63CA990A687C0B1
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Japanese\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	0573819A748D56154C28015BBE029A63	C5B2D9FC7463F85E456084A4AF50D9B277C24AE5	CA6D6BF82CEDEB6FCAA184FC7BD3E03A2A8730FC499FAA72037979071588377B
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Korean\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	82135B3F1107219D52E6BBF472D55280	C41C9E1793D3B1AB95901F2F8645454F251EDC3B	76990117C618D61B11C71E6DC3974FA5F9FB8EF1878490A9773AB29883539E28
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Korean\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	8EC1723CE3C403C18899F7B618DC432C	C3305158BAE53B74BA08E0562884D90EB61E4049	A07B1589BE9DC223130B344A4CF950043E181D310F90EBD7DB2301968EBAD88A
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Malaysian\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	81A57CE84E67CA7879D8F7B558105AC1	FD66F4A5372F4D5DA12C07D6653E43FD7A764297	A53F8ECABA81CC1D3456D0E8B2F33C51A075E4E57449526763183623EB7126C6
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Malaysian\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	ADB5608B9E7C301B816CA5D0E30D8433	572F273593FCCEC17834F58F22112F4BC6146C42	3856EAA9EC718403A7308349C23BA307B9E547E49C78331544A9AB0940289C4A
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Polish\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	2EABDD2C9FF70720D51AA23B6DEB7D4D	81595937AA0BB11A831E5FB23E083E0FD9EFA863	E09BFE179D68344C4473DEFE133E433215C3F0C104DDC4BD4DBA6DB34E0E7A27
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Polish\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	6A30E966288BB235E8441DD3C7FEF9B1	CCAD1477D99094BFB07930A673DCB895E5272136	7E380942599245B16AD5D621427A2A2980AF9A0018186CD777B4DE4570939DED
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Portuguese\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	2627CEA687A6E37FC7887FB851A4EEAF	17DFDBE9EBB00404AC8AC64363F5D697C1736658	A4B89629BFFFCE176A797F15FDF8D7DE8CDD5042E9B3820867EC449319EA84D0
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Portuguese\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	087FA4FFD19AAB0BBE70FDD406C50CD6	EF30CD29D1BE2D59E9D509710AD8723DBD8ADC2A	06D3A9B805E5AF15B4BEFE82BD6CFD195889718CC1E14FFEF6177632D0F48CEC
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Russian\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	3947B7BC9071DA58A78DA74CADF80A7A	0F2750FDA6732949C8D136BAF62E375EDCE91526	243E2F87A1EABBCFD51E39C269322978F13198689B1DDA8FCEF3C659E378E464
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Russian\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	AA72C1A7D7879CEA4CA808CBAF73E865	874AED66BC7B121646964AECEE809FE8EC647F8A	173A73264840644662FD9DD88EC79E6901D3FBC747593DC181FB70B4DBCDD037
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Spanish\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	7504DB2B856B5058AB3B1487F367B951	A711E9D09A1A583EFCCB1284D70906D2C73FFDC9	9AB32C707C28D60965FC6FE0723FBAAF1CD970C8867A8C000B325E39BECA4280
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Spanish\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	24327D13C0300A3B5CF937DA54D2A8BA	2DE35D7AF3660B164AF25F4E5AE314C0796F682F	9651E8730D984D2A2B965E41720ACD003A0A3811ACCE232AF0CFDD57EF42BB86
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Swedish\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CD23B1FB995DD84E27CE8528196DE579	0C3FFEA6B634943C02E1AF4A681A7A5EE2101214	5D8E946AA9EBFE30D1F99ECD3086BDEB78CF4E24B7021EBDD9380FF8D515926B
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Swedish\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	63984FB4AB8A41E6B9F5A4A3F15AAF3D	C4653A8AFFE7DC2053BCA9E812285B9488FDEE94	5D188291C4BB5C6DEC808C5925C3601A9AD4755644FD783C32AA15D4B2187164
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Thai\UrlInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	9DF69EB56BA9C7BC4B5682A4396E9D3D	BD4DCA6D4A2D3F8943134E453A9CFEDF05C3D32E	205EBD5D98E594D7568DFC8C1C2BAA6946108C54C61CD80A2B4C2F05E8BC8004
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Thai\text.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	3159276DB70D5DDF4DE3B7B3A4AE5790	9D80FCEC3ADCBC125C3215C70F17625FF321C5AB	98FEFFCBB4182201E78361CB3E26E524508CBBD393ADC200ABF24DF7EE29537D
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\language.ini	ASCII text, with CRLF line terminators	EFD95F925E8D6F780641287E01EA3746	AA6B1F26F7703432D11320EA7188F8F3A4957276	6471D06E400B74C860278B57BA94BE3941573D3DF2840EEBAD5D38E45D4E26A4
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\productInfo.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	87DCCC032D825B7226DDF5979BFA0733	69860AAE4FDB02BCA3B765B62E0CDF16DD41ED17	ABD44D8BFAACB0D3DA2B9BCE9013D4642514E319583A561C2A724221846DB17A

Cryptography

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_003FEC60 CreateFileW,CryptAcquireContextW,CryptCreateHash,ReadFile,ReadFile,CryptHashData,ReadFile,CryptGetHashParam,_Smanip,CryptDestroyHash,CryptReleaseContext,CloseHandle,std::ios_base::_Ios_base_dtor,CryptDestroyHash,CryptReleaseContext,CloseHandle,

0_2_003FEC60

Compliance

Source: mirrorto_setup.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: mirrorto_setup.exe

Static PE information: certificate valid

Source: mirrorto_setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\Jenkins\workspace\MF_Downloader\output\Release\MFDownloader.pdb# source: mirrorto_setup.exe
Source:	Binary string: D:\Jenkins\workspace\MF_Downloader\output\Release\MFDownloader.pdb source: mirrorto_setup.exe

Networking

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_003E5070 InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetOpenW,__CxxThrowException@8,InternetConnectA,__CxxThrowException@8,HttpOpenRequestA,__CxxThrowException@8,HttpAddRequestHeadersA,HttpSendRequestA,__CxxThrowException@8,__CxxThrowException@8,_memset,InternetReadFile,InternetReadFile,__CxxThrowException@8,GetLastError,

0_2_003E5070

Source: mirrorto_setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: mirrorto_setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: mirrorto_setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: mirrorto_setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: mirrorto_setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: mirrorto_setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: mirrorto_setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: mirrorto_setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: mirrorto_setup.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: mirrorto_setup.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: mirrorto_setup.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: mirrorto_setup.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: mirrorto_setup.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: mirrorto_setup.exe, 00000000.00000003.2055912540.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055946392.00000000012B5000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055946392.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2056347486.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2056450567.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2056114628.00000000012BB000.00000004.00000020.00020000.00000000.sdmp, home.xml, home_rtl.xml	String found in binary or memory: http://www.baidu.com
Source: mirrorto_setup.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: mirrorto_setup.exe	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: mirrorto_setup.exe	String found in binary or memory: https://apipdm.imyfone.club/downloader/carousel?
Source: mirrorto_setup.exe	String found in binary or memory: https://apipdm.imyfone.club/downloader/carousel?pid=STR_PID&lang=STR_DIR1_NAMESTR_DIR2_NAMESTR_EXE_N
Source: mirrorto_setup.exe, 00000000.00000003.2054358014.0000000001298000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apipdm.imyfone.club/productu
Source: mirrorto_setup.exe, 00000000.00000003.2053609311.0000000001296000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apipdm.imyfone.club/producturl?key
Source: UrlInfo.ini5.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Chinese
Source: mirrorto_setup.exe, 00000000.00000003.2051727460.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini6.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=ChineseTW
Source: mirrorto_setup.exe, 00000000.00000003.2051727460.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Chineseu3
Source: mirrorto_setup.exe, 00000000.00000003.2052077952.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini7.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Dutch
Source: mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Dutchb3?
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052323899.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055595981.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, UrlInfo.ini8.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=English
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=English;/c
Source: mirrorto_setup.exe, 00000000.00000003.2052483855.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=French
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052619697.0000000001295000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini0.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=German
Source: mirrorto_setup.exe, 00000000.00000003.2052767009.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini1.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Indonesian
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052996980.0000000001296000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini2.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Italian
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2053404413.0000000001296000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini3.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Japanese
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2053575057.0000000001297000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini9.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Korean
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2053907085.0000000001297000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini10.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Malaysian
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2054121921.0000000001298000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini11.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Polish
Source: UrlInfo.ini12.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Portuguese
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Portuguese43
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2054910219.0000000001299000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini13.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Russian
Source: mirrorto_setup.exe, 00000000.00000003.2055061787.000000000129A000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini14.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Spanish
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Spanishzv
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055235176.000000000129A000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini15.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Swedish
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055397073.000000000129B000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini16.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Thai
Source: mirrorto_setup.exe, 00000000.00000003.2051727460.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini4.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=arabic
Source: mirrorto_setup.exe, 00000000.00000003.2051727460.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini5.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Chinese
Source: mirrorto_setup.exe, 00000000.00000003.2051727460.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini6.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=ChineseTW
Source: mirrorto_setup.exe, 00000000.00000003.2052077952.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini7.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Dutch
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052323899.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055595981.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, UrlInfo.ini8.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=English
Source: mirrorto_setup.exe, 00000000.00000003.2052483855.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=French
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052619697.0000000001295000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini0.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=German
Source: mirrorto_setup.exe, 00000000.00000003.2052767009.0000000001295000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini1.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Indonesian
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052996980.0000000001296000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini2.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Italian
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2053404413.0000000001296000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini3.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Japanese
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini9.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Korean
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2053907085.0000000001297000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini10.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Malaysian
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2054121921.0000000001298000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini11.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Polish
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2054358014.0000000001298000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini12.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Portuguese
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2054910219.0000000001299000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini13.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Russian
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055061787.000000000129A000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini14.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Spanish
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055235176.000000000129A000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini15.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Swedish
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2055397073.000000000129B000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini16.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Thai
Source: mirrorto_setup.exe, 00000000.00000003.2051727460.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052269461.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052437466.0000000001281000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052160938.0000000001282000.00000004.00000020.00020000.00000000.sdmp, mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp, UrlInfo.ini4.0.dr	String found in binary or memory: https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=arabic
Source: mirrorto_setup.exe, 00000000.00000003.2053158307.0000000001295000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.imyfone.com/mirrorto/mi
Source: UrlInfo.ini14.0.dr	String found in binary or memory: https://download.imyfone.com/mirrorto/mirrorto_setup.exe
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.imyfone.com/mirrorto/mirrorto_setup.exe%
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.imyfone.com/mirrorto/mirrorto_setup.exe6)
Source: mirrorto_setup.exe	String found in binary or memory: https://www.google-analytics.com/mp/collect?measurement_id=G-5K7RY5G7V4&api_secret=T0joKD2MSiCE0gC58

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_0040A7B5 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,

0_2_0040A7B5

System Summary

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_004A4720: CloseHandle,CreateFileW,GetLastError,DeviceIoControl,

0_2_004A4720

Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0042944B		0_2_0042944B
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_004195A2		0_2_004195A2
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0042D5BB		0_2_0042D5BB
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00592640		0_2_00592640
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0040A801		0_2_0040A801
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_004149DE		0_2_004149DE
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0041CB20		0_2_0041CB20
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_003FD030		0_2_003FD030
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0042E178		0_2_0042E178
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_004921A0		0_2_004921A0
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0057C3C8		0_2_0057C3C8
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0059B441		0_2_0059B441
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_005A74A7		0_2_005A74A7
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0058A5DC		0_2_0058A5DC
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0041D5EB		0_2_0041D5EB
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_004145F6		0_2_004145F6
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0041F83E		0_2_0041F83E
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_003F7910		0_2_003F7910
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0042EA4A		0_2_0042EA4A
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_003F9A00		0_2_003F9A00
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0058BAD4		0_2_0058BAD4
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00579B00		0_2_00579B00
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00428B9D		0_2_00428B9D
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00427BBD		0_2_00427BBD
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00593C02		0_2_00593C02
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_003FACF0		0_2_003FACF0
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00405CA0		0_2_00405CA0
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00590DDD		0_2_00590DDD
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_003F8D80		0_2_003F8D80
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00420DB5		0_2_00420DB5
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0059EE69		0_2_0059EE69
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_003F2FB0		0_2_003F2FB0
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0041DFF8		0_2_0041DFF8
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00589F98		0_2_00589F98
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_005A7F8B		0_2_005A7F8B

Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 004B4980 appears 44 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 004ED050 appears 31 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 0058B2A0 appears 31 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 0057A04F appears 40 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 0057B37E appears 57 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 004F02B0 appears 47 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 0042A10C appears 38 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 0057B788 appears 115 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 0057B51E appears 134 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 00562707 appears 65 times
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: String function: 00409D16 appears 37 times

Source: mirrorto_setup.exe	Static PE information: Resource name: ZIPRES type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: mirrorto_setup.exe	Static PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=store

Source: mirrorto_setup.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: clean6.winEXE@1/39@0/0

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_003EE140 GetDiskFreeSpaceExW,

0_2_003EE140

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_003EDAB0 _memset,lstrcpyW,_memset,CreateToolhelp32Snapshot,Process32FirstW,lstrcmpW,lstrcmpW,Process32NextW,CloseHandle,CloseHandle,_wprintf,

0_2_003EDAB0

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_003EF4A0 ImageList_Create,CoInitialize,CoCreateInstance,

0_2_003EF4A0

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_004195A2 __EH_prolog3_GS,CreateFileW,GetFileSize,CloseHandle,ReadFile,CloseHandle,_wcscmp,FindResourceW,LoadResource,FreeResource,SizeofResource,LockResource,_memmove,FreeResource,CreateFileW,GetFileSize,CloseHandle,ReadFile,CloseHandle,_wcscmp,_memset,CreateDIBSection,_wcscmp,CharNextW,_wcscmp,

0_2_004195A2

Source: C:\Users\user\Desktop\mirrorto_setup.exe

File created: C:\Program Files (x86)\imyfone_down

Jump to behavior

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Mutant created: \Sessions\1\BaseNamedObjects\imyfone-mirrorto_setup.exe

Source: mirrorto_setup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\mirrorto_setup.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: mirrorto_setup.exe	String found in binary or memory: set-addPolicy
Source: mirrorto_setup.exe	String found in binary or memory: .\crypto\buffer\buffer.c.\crypto\buffer\buf_str.cStack part of OpenSSL 1.0.2u 20 Dec 2019.\crypto\stack\stack.c.\crypto\comp\comp_lib.cbuffer.\crypto\bio\bf_buff.c.\crypto\rsa\rsa_crpt.cDiffie-Hellman part of OpenSSL 1.0.2u 20 Dec 2019.\crypto\dh\dh_lib.clhash part of OpenSSL 1.0.2u 20 Dec 2019.\crypto\lhash\lhash.csetct-CredReqTBSXsetct-CredResDatasetct-CredRevReqTBSsetct-CredRevReqTBSXsetct-CredRevResDatasetct-PCertReqDatasetct-PCertResTBSsetct-BatchAdminReqDatasetct-BatchAdminResDatasetct-CardCInitResTBSsetct-MeAqCInitResTBSsetct-RegFormResTBSsetct-CertReqDatasetct-CertReqTBSsetct-CertResDatasetct-CertInqReqTBSsetct-ErrorTBSsetct-PIDualSignedTBEsetct-PIUnsignedTBEsetct-AuthReqTBEsetct-AuthResTBEsetct-AuthResTBEXsetct-AuthTokenTBEsetct-CapTokenTBEsetct-CapTokenTBEXsetct-AcqCardCodeMsgTBEsetct-AuthRevReqTBEsetct-AuthRevResTBEsetct-AuthRevResTBEBsetct-CapReqTBEsetct-CapReqTBEXsetct-CapResTBEsetct-CapRevReqTBEsetct-CapRevReqTBEXsetct-CapRevResTBEsetct-CredReqTBEsetct-CredReqTBEXsetct-CredResTBEsetct-CredRevReqTBEsetct-CredRevReqTBEXsetct-CredRevResTBEsetct-BatchAdminReqTBEsetct-BatchAdminResTBEsetct-RegFormReqTBEsetct-CertReqTBEsetct-CertReqTBEXsetct-CertResTBEsetct-CRLNotificationTBSsetct-CRLNotificationResTBSsetct-BCIDistributionTBSsetext-genCryptgeneric cryptogramsetext-miAuthmerchant initiated authsetext-pinSecuresetext-pinAnysetext-track2setext-cvadditional verificationset-policy-rootsetCext-hashedRootsetCext-certTypesetCext-merchDatasetCext-cCertRequiredsetCext-tunnelingsetCext-setExtsetCext-setQualfsetCext-PGWYcapabilitiessetCext-TokenIdentifiersetCext-Track2DatasetCext-TokenTypesetCext-IssuerCapabilitiessetAttr-CertsetAttr-PGWYcappayment gateway capabilitiessetAttr-TokenTypesetAttr-IssCapissuer capabilitiesset-rootKeyThumbset-addPolicysetAttr-Token-EMVsetAttr-Token-B0PrimesetAttr-IssCap-CVMsetAttr-IssCap-T2setAttr-IssCap-SigsetAttr-GenCryptgrmgenerate cryptogramsetAttr-T2Encencrypted track 2setAttr-T2cleartxtcleartext track 2setAttr-TokICCsigICC or token signaturesetAttr-SecDevSigsecure device signatureset-brand-IATA-ATAset-brand-Dinersset-brand-AmericanExpressset-brand-JCBset-brand-Visaset-brand-MasterCardset-brand-NovusDES-CDMFdes-cdmfrsaOAEPEncryptionSETITU-Titu-tJOINT-ISO-ITU-Tjoint-iso-itu-tinternational-organizationsInternational OrganizationsmsSmartcardLoginMicrosoft SmartcardloginmsUPNMicrosoft Universal Principal NameAES-128-CFB1aes-128-cfb1AES-192-CFB1aes-192-cfb1AES-256-CFB1aes-256-cfb1AES-128-CFB8aes-128-cfb8AES-192-CFB8aes-192-cfb8AES-256-CFB8aes-256-cfb8DES-CFB1des-cfb1DES-CFB8des-cfb8DES-EDE3-CFB1des-ede3-cfb1DES-EDE3-CFB8des-ede3-cfb8streetstreetAddresspostalCodeid-pplproxyCertInfoProxy Certificate Informationid-ppl-anyLanguageAny languageid-ppl-inheritAllInherit allnameConstraintsX509v3 Name Constraintsid-ppl-independentIndependentRSA-SHA256sha256WithRSAEncryptionRSA-SHA384sha384WithRSAEncryptionRSA-SHA512sha512WithRSAEncryptionRSA-SHA224sha224WithRSAEncryptionsha256sha384SHA512sha512SHA224sha224identified-organizationc
Source: mirrorto_setup.exe	String found in binary or memory: id-cmc-addExtensions

Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: msimg32.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: explorerframe.dll			Jump to behavior
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Section loaded: textshaping.dll			Jump to behavior

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\mirrorto_setup.exe

File written: C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Arabic\text.ini

Jump to behavior

Source: mirrorto_setup.exe

Static PE information: certificate valid

Source: mirrorto_setup.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: mirrorto_setup.exe

Static file information: File size 2891216 > 1048576

Source: mirrorto_setup.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x204c00

Source: mirrorto_setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: mirrorto_setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: mirrorto_setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: mirrorto_setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: mirrorto_setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: mirrorto_setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: mirrorto_setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: mirrorto_setup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\Jenkins\workspace\MF_Downloader\output\Release\MFDownloader.pdb# source: mirrorto_setup.exe
Source:	Binary string: D:\Jenkins\workspace\MF_Downloader\output\Release\MFDownloader.pdb source: mirrorto_setup.exe

Source: mirrorto_setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: mirrorto_setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: mirrorto_setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: mirrorto_setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: mirrorto_setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_005A29E0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_005A29E0

Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0058B2E5 push ecx; ret		0_2_0058B2F8
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0057B4EC push ecx; ret		0_2_0057B4FF

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0040A801 __EH_prolog3_GS,IsIconic,ScreenToClient,GetCursorPos,ScreenToClient,GetTickCount,GetTickCount,GetActiveWindow,GetWindow,GetWindowLongW,GetParent,SetFocus,DestroyWindow,_memset,BeginPaint,EndPaint,GetClientRect,IsRectEmpty,_memset,BeginPaint,_memset,GetUpdateRect,IsRectEmpty,DeleteDC,DeleteDC,DeleteObject,DeleteObject,_memset,CreateCompatibleDC,CreateCompatibleBitmap,_memset,BeginPaint,SelectObject,SaveDC,IsWindow,IsWindowVisible,IntersectRect,CreateCompatibleDC,_memset,SelectObject,SendMessageW,BitBlt,SelectObject,DeleteObject,DeleteDC,RestoreDC,GetWindowRect,CreateCompatibleDC,_memset,SelectObject,_memset,BitBlt,SelectObject,SelectObject,SelectObject,GetStockObject,SelectObject,Rectangle,SelectObject,SaveDC,RestoreDC,EndPaint,GetFocus,GetParent,GetParent,GetTickCount,GetTickCount,GetTickCount,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,GetTickCount,SetFocus,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,_memmove,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SetFocus,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,_memset,SendMessageW,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ScreenToClient,GetTickCount,SendMessageW,SetFocus,GetTickCount,		0_2_0040A801
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0040A801 __EH_prolog3_GS,IsIconic,ScreenToClient,GetCursorPos,ScreenToClient,GetTickCount,GetTickCount,GetActiveWindow,GetWindow,GetWindowLongW,GetParent,SetFocus,DestroyWindow,_memset,BeginPaint,EndPaint,GetClientRect,IsRectEmpty,_memset,BeginPaint,_memset,GetUpdateRect,IsRectEmpty,DeleteDC,DeleteDC,DeleteObject,DeleteObject,_memset,CreateCompatibleDC,CreateCompatibleBitmap,_memset,BeginPaint,SelectObject,SaveDC,IsWindow,IsWindowVisible,IntersectRect,CreateCompatibleDC,_memset,SelectObject,SendMessageW,BitBlt,SelectObject,DeleteObject,DeleteDC,RestoreDC,GetWindowRect,CreateCompatibleDC,_memset,SelectObject,_memset,BitBlt,SelectObject,SelectObject,SelectObject,GetStockObject,SelectObject,Rectangle,SelectObject,SaveDC,RestoreDC,EndPaint,GetFocus,GetParent,GetParent,GetTickCount,GetTickCount,GetTickCount,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,GetTickCount,SetFocus,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,_memmove,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SetFocus,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,_memset,SendMessageW,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ScreenToClient,GetTickCount,SendMessageW,SetFocus,GetTickCount,		0_2_0040A801
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_0040A801 __EH_prolog3_GS,IsIconic,ScreenToClient,GetCursorPos,ScreenToClient,GetTickCount,GetTickCount,GetActiveWindow,GetWindow,GetWindowLongW,GetParent,SetFocus,DestroyWindow,_memset,BeginPaint,EndPaint,GetClientRect,IsRectEmpty,_memset,BeginPaint,_memset,GetUpdateRect,IsRectEmpty,DeleteDC,DeleteDC,DeleteObject,DeleteObject,_memset,CreateCompatibleDC,CreateCompatibleBitmap,_memset,BeginPaint,SelectObject,SaveDC,IsWindow,IsWindowVisible,IntersectRect,CreateCompatibleDC,_memset,SelectObject,SendMessageW,BitBlt,SelectObject,DeleteObject,DeleteDC,RestoreDC,GetWindowRect,CreateCompatibleDC,_memset,SelectObject,_memset,BitBlt,SelectObject,SelectObject,SelectObject,GetStockObject,SelectObject,Rectangle,SelectObject,SaveDC,RestoreDC,EndPaint,GetFocus,GetParent,GetParent,GetTickCount,GetTickCount,GetTickCount,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,GetTickCount,SetFocus,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,_memmove,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SetFocus,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,_memset,SendMessageW,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ScreenToClient,GetTickCount,SendMessageW,SetFocus,GetTickCount,		0_2_0040A801
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_004074F5 GetWindowRect,GetParent,GetWindow,MonitorFromWindow,GetMonitorInfoW,IsIconic,GetWindowRect,SetWindowPos,		0_2_004074F5
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00411979 IsIconic,		0_2_00411979
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: 0_2_00411BDE IsIconic,GetWindowRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject,		0_2_00411BDE

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_004A9810 GetSystemInfo,SetFilePointerEx,SetFilePointerEx,GetLastError,SetFilePointerEx,GetLastError,ReadFile,GetLastError,CreateEventW,ReadFileScatter,GetLastError,GetLastError,GetLastError,CloseHandle,GetOverlappedResult,CloseHandle,

0_2_004A9810

Source: mirrorto_setup.exe, 00000000.00000003.2052355500.0000000001282000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\3>c
Source: mirrorto_setup.exe, 00000000.00000002.3293685103.000000000123E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_

Source: C:\Users\user\Desktop\mirrorto_setup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\mirrorto_setup.exe	API call chain: ExitProcess graph end node

Anti Debugging

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_005A727E EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_005A727E

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_005A727E EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_005A727E

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_005A29E0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_005A29E0

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_003FE3B0 GetProcessHeap,HeapAlloc,_memmove,GetFileAttributesW,HeapFree,GetLastError,

0_2_003FE3B0

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_00585180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00585180

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_003C1000 cpuid

0_2_003C1000

Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: GetLocaleInfoEx,GetLocaleInfoW,		0_2_0058B0B9
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,		0_2_005A6300
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: EnumSystemLocalesW,		0_2_0058B033
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: EnumSystemLocalesW,		0_2_005A6574
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,		0_2_005A65B4
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,		0_2_005A6631
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,		0_2_005A69D3
Source: C:\Users\user\Desktop\mirrorto_setup.exe	Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,		0_2_005A6B54

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_005635CB GetSystemTimeAsFileTime,

0_2_005635CB

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_0059E7F2 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_0059E7F2

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_00598E12 GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,

0_2_00598E12

Remote Access Functionality

Source: C:\Users\user\Desktop\mirrorto_setup.exe

Code function: 0_2_005ABE20 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,

0_2_005ABE20