Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
mirrorto_setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\Log\imyfone_down.log
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Arabic\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Arabic\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\ChineseTW\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\ChineseTW\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Chinese\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Chinese\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Dutch\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Dutch\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\English\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\English\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\French\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\French\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\German\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\German\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Indonesian\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Indonesian\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Italian\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Italian\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Japanese\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Japanese\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Korean\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Korean\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Malaysian\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Malaysian\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Polish\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Polish\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Portuguese\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Portuguese\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Russian\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Russian\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Spanish\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Spanish\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Swedish\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Swedish\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Thai\UrlInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\Thai\text.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\language.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\imyfone_down\mirrorto_setup\language\productInfo.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
There are 30 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\mirrorto_setup.exe
|
"C:\Users\user\Desktop\mirrorto_setup.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Korean
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Korean
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Italian
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Malaysian
|
unknown
|
||
|
https://download.imyfone.com/mirrorto/mirrorto_setup.exe%
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Japanese
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Dutch
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=French
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Polish
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Thai
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Chinese
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=French
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Polish
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Indonesian
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=English
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=ChineseTW
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Thai
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Japanese
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=English
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=German
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Swedish
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Russian
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=German
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Portuguese43
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=arabic
|
unknown
|
||
|
https://download.imyfone.com/mirrorto/mirrorto_setup.exe
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=arabic
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=English;/c
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Dutch
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Chineseu3
|
unknown
|
||
|
https://apipdm.imyfone.club/downloader/carousel?pid=STR_PID&lang=STR_DIR1_NAMESTR_DIR2_NAMESTR_EXE_N
|
unknown
|
||
|
http://www.baidu.com
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Russian
|
unknown
|
||
|
https://download.imyfone.com/mirrorto/mi
|
unknown
|
||
|
https://apipdm.imyfone.club/downloader/carousel?
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=ChineseTW
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Swedish
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Spanishzv
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Spanish
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Portuguese
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Indonesian
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Malaysian
|
unknown
|
||
|
https://download.imyfone.com/mirrorto/mirrorto_setup.exe6)
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Spanish
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=license_agreement&pid=370&lang=Chinese
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Italian
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Dutchb3?
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key=installed&pid=370&lang=Portuguese
|
unknown
|
||
|
https://apipdm.imyfone.club/productu
|
unknown
|
||
|
https://apipdm.imyfone.club/producturl?key
|
unknown
|
There are 41 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\iMyfone\iMyfoneDown
|
GUID
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
128F000
|
heap
|
page read and write
|
||
|
12C3000
|
heap
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
4187000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
1312000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
3054000
|
heap
|
page read and write
|
||
|
12B7000
|
heap
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
640000
|
unkown
|
page read and write
|
||
|
12DC000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
63D000
|
unkown
|
page write copy
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
5A3D000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
12D5000
|
heap
|
page read and write
|
||
|
654000
|
unkown
|
page read and write
|
||
|
123A000
|
heap
|
page read and write
|
||
|
4118000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
40EF000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
12C3000
|
heap
|
page read and write
|
||
|
35A0000
|
trusted library allocation
|
page read and write
|
||
|
4148000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
129B000
|
heap
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
40F4000
|
heap
|
page read and write
|
||
|
5A31000
|
heap
|
page read and write
|
||
|
410D000
|
heap
|
page read and write
|
||
|
12C9000
|
heap
|
page read and write
|
||
|
5A21000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
1036000
|
stack
|
page read and write
|
||
|
12B7000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
4116000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
12DC000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
1312000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
4146000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
12A2000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
12C9000
|
heap
|
page read and write
|
||
|
1307000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
5A21000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
4102000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
4122000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
1133000
|
stack
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
4143000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
4108000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
12F6000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
441F000
|
stack
|
page read and write
|
||
|
123E000
|
heap
|
page read and write
|
||
|
414F000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
40F8000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
129A000
|
heap
|
page read and write
|
||
|
12C9000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
1312000
|
heap
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
12E9000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
129F000
|
heap
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
1281000
|
heap
|
page read and write
|
||
|
63F000
|
unkown
|
page write copy
|
||
|
1295000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
4106000
|
heap
|
page read and write
|
||
|
12DC000
|
heap
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
5C6000
|
unkown
|
page readonly
|
||
|
1298000
|
heap
|
page read and write
|
||
|
1299000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
40FA000
|
heap
|
page read and write
|
||
|
12F2000
|
heap
|
page read and write
|
||
|
4120000
|
heap
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
455F000
|
stack
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
410F000
|
heap
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
4112000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
359F000
|
stack
|
page read and write
|
||
|
4154000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
129A000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
129F000
|
heap
|
page read and write
|
||
|
12E2000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
64E000
|
unkown
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
1319000
|
heap
|
page read and write
|
||
|
657000
|
unkown
|
page readonly
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
130F000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
3C0000
|
unkown
|
page readonly
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
129F000
|
heap
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
409D000
|
stack
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
5A2A000
|
heap
|
page read and write
|
||
|
130B000
|
heap
|
page read and write
|
||
|
411B000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
648000
|
unkown
|
page write copy
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1136000
|
stack
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
414A000
|
heap
|
page read and write
|
||
|
641000
|
unkown
|
page write copy
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
1307000
|
heap
|
page read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
5C6000
|
unkown
|
page readonly
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
12E9000
|
heap
|
page read and write
|
||
|
35A0000
|
trusted library allocation
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
12BB000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
12A2000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
3F90000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
3F7B000
|
stack
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
445E000
|
stack
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
431E000
|
stack
|
page read and write
|
||
|
414C000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
12A2000
|
heap
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
130B000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
1316000
|
heap
|
page read and write
|
||
|
1299000
|
heap
|
page read and write
|
||
|
646000
|
unkown
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
657000
|
unkown
|
page readonly
|
||
|
63D000
|
unkown
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
12F2000
|
heap
|
page read and write
|
||
|
129A000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
130B000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
3C0000
|
unkown
|
page readonly
|
||
|
1299000
|
heap
|
page read and write
|
||
|
12F6000
|
heap
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
129F000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
3720000
|
trusted library allocation
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
129B000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
35A0000
|
trusted library allocation
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
2E55000
|
heap
|
page read and write
|
||
|
2E59000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
3C1000
|
unkown
|
page execute read
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
130F000
|
heap
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
1299000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
35A0000
|
trusted library allocation
|
page read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
4193000
|
heap
|
page read and write
|
||
|
12DD000
|
heap
|
page read and write
|
||
|
12D5000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
40E5000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
3C1000
|
unkown
|
page execute read
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
There are 314 hidden memdumps, click here to show them.