35733f1f3a0d5cd551c74e87146c78aa2ab00dec1e1d6fb0cc78e76a253c69fd

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31/03/2023, 00:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

heic-converter.exe
Size

14.4MB
MD5

e012aa3c3f2ce8202c605e6a03718101
SHA1

1fd1fd4ed0ee814da556688d97183b7668166d6e
SHA256

35733f1f3a0d5cd551c74e87146c78aa2ab00dec1e1d6fb0cc78e76a253c69fd
SHA512

f7730ea392521cf424011c1b5a4ac3c7f443c16b27f833fb518e3d4c004d60d89fd899f1d332324577ecff093397a5fd04f77153110ba08e8da1286a5328a4a1
SSDEEP

393216:t2GSnKnHrb7jf6AfCgqEVWXngg2XJe9Ox:HSnKn7jCAoEVWXngFXr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
1420	heic-converter.tmp
284	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1336	splashScreen.exe

Loads dropped DLL 64 IoCs

pid	Process
1484	heic-converter.exe
1420	heic-converter.tmp
1420	heic-converter.tmp
1420	heic-converter.tmp
1420	heic-converter.tmp
1420	heic-converter.tmp
1420	heic-converter.tmp
1420	heic-converter.tmp
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1684	HEIC Converter Free.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-9DPP7.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-5LJMC.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\libeay32.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\Updater.exe	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\skin\is-DHEQ4.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-TCB39.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\libssl-1_1.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Xml.dll	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-O0JK7.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-U9LG8.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\imageformats\qico.dll	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-SIJOD.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-VRN3I.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\imageformats\is-J8O1J.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-G3AV9.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\libheicreader.dll	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-ILRHF.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\language\is-GLD17.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-9CANA.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Core.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\splashScreen.exe	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\language\is-HTR58.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-UPPIP.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Script.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\imageformats\qjpeg.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\sqldrivers\qsqlite.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\7z.exe	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\imageformats\is-D24KQ.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-0V28E.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\msvcm90.dll	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-F57US.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-BE252.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Network.dll	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-L43UT.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\unins000.msg	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\main.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\msvcp90.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\machineInfo.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Widgets.dll	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\libcurl.dll	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\sqldrivers\is-8LD89.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\unins000.dat	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\product\is-6HHVM.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-VSTRO.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-I4EUJ.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-JB6JR.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\language\is-UEUJA.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-F3JP8.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-2D3TC.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-T8FRR.tmp	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\Feedback.exe	heic-converter.tmp
File opened for modification	C:\Program Files (x86)\FonePaw\HEIC Converter Free\CommonUtils.dll	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\product\is-F33G0.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-S6HGI.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-31KDK.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-1B9T9.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\unins000.dat	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-RQSF7.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-HH40U.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\imageformats\is-TDDIF.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-GJVTB.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-S6C43.tmp	heic-converter.tmp
File created	C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-KR6M4.tmp	heic-converter.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 60 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com\Total = "105"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.fonepaw.com\ = "105"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "26"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "58"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6FE98301-CF6E-11ED-9047-D2C9D0B8F522} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com\Total = "26"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com\Total = "58"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.fonepaw.com\ = "65"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fba6cfbdd4578d48a4e75475bed73c6a0000000002000000000010660000000100002000000054b8d3824c47c4360c00bdc148e507f3c4c31d52c32b9b4242931d25ea347661000000000e8000000002000020000000a7f0b8b0999860ce7474e5b34dfecb7921237bdb80ae9cc099c02cf0875ea48a90000000f1e40b2a0fee4ca5fe8acaa3e10393f8c8618405fb9ecf502a8971d2b703529c51dfcfe6a4546857af30c7f0daf1e0c31f00e7bb74fe7a2a1f3e77140da51da6879aefd2924fda9e275930b18dddd21a14a899df6c8c86ebe89bb2382508b31091e2383d5fb854a7e0af2ad1fbd85c08875828fc2ce46f56323510966a1e83259358b1da1854de9ee526bf9acfa43d55400000002051393df7011619ec6d6922ea6e8231e950f1260170b23f04dc5eba2d1d8774186b68bd1b6b200a65539e018b61180517c01051259ec2f195e7703cfbdad5fe	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.fonepaw.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fba6cfbdd4578d48a4e75475bed73c6a0000000002000000000010660000000100002000000089b7077bfd1a425f630f210a18c666e1a53a5b57906c120e01bca6ccda1d3c75000000000e80000000020000200000008bee76dfaea9deb33332127000af9e6a25564399c3ac4cd0a204b4257f63877c2000000033fd0738867217ad526fff61f240cb74d2d3310fe52ecac83b7c07795d8b062f400000001dce1434d866e848c8d9dc3d2f4a802f780af55345c8d95a30c1e7fc98b080b8fb91972639e64c170c9ec9a617bccc1e36c870505e66926470779e061db05608	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.fonepaw.com\ = "26"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.fonepaw.com\ = "58"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.fonepaw.com\ = "184"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "144"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3064c24e7b63d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com\Total = "144"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "184"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com\Total = "65"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.fonepaw.com\ = "144"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\fonepaw.com\Total = "184"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "65"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Wow6432Node	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "96"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Wow6432Node\CLSID\{D3C39EE7-4C82-48AD-939D-4C0AB9E9939D}	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "3"	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a0000000e0859ff2f94f6810ab9108002b27b3d9050000005800000030f125b7ef471a10a5f102608c9eebac0c00000050000000920444648b4cd1118b70080036b11a030900000060000000	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f4225481e03947bc34db131e946b44c8dd50000	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "1"	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\TV_TopViewVersion = "0"	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	HEIC Converter Free.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\TV_FolderType = "{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}"	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\TV_TopViewVersion = "0"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_Classes\Local Settings	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 740000001a00eebbfe23000010009fae90a93ba0804e94bc9912d750410400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000001900efbeebaa2b0b4200ca4daa4d3ee8648d03e58207ba827a5b6945b5d7ec83085f08cc20000000	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = a60500007605811914104c05200000000060000000000000000000000000000000000000000000000000000100005a0000003153505330f125b7ef471a10a5f102608c9eebac310000000a000000001f00000010000000530061006d0070006c00650020005000690063007400750072006500730000000d0000000c0000000001000000000000003100000031535053b1166d44ad8d7048a748402ea43d788c1500000064000000001500000059cc0acfc0661389000000002900000031535053f4767d7a30b6d74b95ff37cc51a975c90d00000002000000000100000000000000bc02000031535053a66a63283d95d211b5d600c04fd918d0110000001900000000130000007f018070390200002000000000111000002502000014001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c000000000000000000000000000000000000007400310000000000545671a71100557365727300600008000400efbeee3a851a545671a72a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d00320031003800310033000000140078003100000000008c3e854311005075626c69630000620008000400efbeee3a851a8c3e85432a0000007c0200000000010000000000000000003800000000005000750062006c0069006300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003600000016007e00310000000000ee3acd26110050696374757265730000660008000400efbeee3a851aee3acc262a000000840200000000010000000000000000003c000000000050006900630074007500720065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380030003200000018008c00310000000000ee3acd26110053414d504c457e310000740008000400efbeee3a142cee3a142c2a000000850200000000010000000000000000004a0000000000530061006d0070006c006500200050006900630074007500720065007300000040007300680065006c006c00330032002e0064006c006c002c002d00320031003800300035000000180000000000003100000018000000001f00000010000000530061006d0070006c0065002000500069006300740075007200650073000000250000000b000000001f0000000a0000004400690072006500630074006f00720079000000000000002d00000031535053901c6949177e1a10a91c08002b2ecda91100000003000000000300000000000000000000002c0100003153505340e83e1e2bbc6c4782372acd1a839b226500000008000000001f0000002900000043003a005c00550073006500720073005c005000750062006c00690063005c00500069006300740075007200650073005c00530061006d0070006c006500200050006900630074007500720065007300000000002500000003000000001f100000010000000700000066006f006c006400650072000000000011000000140000000003000000010000007500000011000000001f000000310000007b00310036003800350044003400410042002d0041003500310042002d0034004100460031002d0041003400450035002d004300450045003800370030003000320034003300310044007d002e004d006500720067006500200041006e00790000000000000000002900000031535053fcb3b4b9512b424ab5d8324146afcf250d0000000800000000010000000000000029000000315350533c0af1e4e6495d408288a23bd4eeaa6c0d000000640000000001000000000000002d00000031535053c0e85bcf6c23d34abacecd608a2748d71100000064000000000b000000ffff0000000000000000000000002a0000000000efbe9f33f8c112f3974cb1c6ecdf5910c5c08207ba827a5b6945b5d7ec83085f08cc7c050000	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	HEIC Converter Free.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	HEIC Converter Free.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	HEIC Converter Free.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\TV_FolderType = "{C1F8339F-F312-4C97-B1C6-ECDF5910C5C0}"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Wow6432Node\CLSID\{D3C39EE7-4C82-48AD-939D-4C0AB9E9939D}\cacheUrlDate = "1680230912"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Wow6432Node\CLSID	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	HEIC Converter Free.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	HEIC Converter Free.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	HEIC Converter Free.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 9e0000001a00eebbfe23000010009fae90a93ba0804e94bc9912d750410400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbeebaa2b0b4200ca4daa4d3ee8648d03e58207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	HEIC Converter Free.exe

Suspicious behavior: AddClipboardFormatListener 5 IoCs

pid	Process
284	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1336	splashScreen.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1420	heic-converter.tmp
1420	heic-converter.tmp
1516	HEIC Converter Free.exe
1684	HEIC Converter Free.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1684	HEIC Converter Free.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1420	heic-converter.tmp
1984	iexplore.exe
1984	iexplore.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
284	HEIC Converter Free.exe
284	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1808	HEIC Converter Free.exe
1684	HEIC Converter Free.exe
1336	splashScreen.exe
1516	HEIC Converter Free.exe
1516	HEIC Converter Free.exe
1984	iexplore.exe
1984	iexplore.exe
1684	HEIC Converter Free.exe
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE
1684	HEIC Converter Free.exe
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 1420	1484	heic-converter.exe	28
PID 1484 wrote to memory of 1420	1484	heic-converter.exe	28
PID 1484 wrote to memory of 1420	1484	heic-converter.exe	28
PID 1484 wrote to memory of 1420	1484	heic-converter.exe	28
PID 1484 wrote to memory of 1420	1484	heic-converter.exe	28
PID 1484 wrote to memory of 1420	1484	heic-converter.exe	28
PID 1484 wrote to memory of 1420	1484	heic-converter.exe	28
PID 1420 wrote to memory of 284	1420	heic-converter.tmp	30
PID 1420 wrote to memory of 284	1420	heic-converter.tmp	30
PID 1420 wrote to memory of 284	1420	heic-converter.tmp	30
PID 1420 wrote to memory of 284	1420	heic-converter.tmp	30
PID 1420 wrote to memory of 1684	1420	heic-converter.tmp	33
PID 1420 wrote to memory of 1684	1420	heic-converter.tmp	33
PID 1420 wrote to memory of 1684	1420	heic-converter.tmp	33
PID 1420 wrote to memory of 1684	1420	heic-converter.tmp	33
PID 1420 wrote to memory of 1808	1420	heic-converter.tmp	32
PID 1420 wrote to memory of 1808	1420	heic-converter.tmp	32
PID 1420 wrote to memory of 1808	1420	heic-converter.tmp	32
PID 1420 wrote to memory of 1808	1420	heic-converter.tmp	32
PID 1420 wrote to memory of 1516	1420	heic-converter.tmp	31
PID 1420 wrote to memory of 1516	1420	heic-converter.tmp	31
PID 1420 wrote to memory of 1516	1420	heic-converter.tmp	31
PID 1420 wrote to memory of 1516	1420	heic-converter.tmp	31
PID 1684 wrote to memory of 1336	1684	HEIC Converter Free.exe	34
PID 1684 wrote to memory of 1336	1684	HEIC Converter Free.exe	34
PID 1684 wrote to memory of 1336	1684	HEIC Converter Free.exe	34
PID 1684 wrote to memory of 1336	1684	HEIC Converter Free.exe	34
PID 1808 wrote to memory of 1984	1808	HEIC Converter Free.exe	35
PID 1808 wrote to memory of 1984	1808	HEIC Converter Free.exe	35
PID 1808 wrote to memory of 1984	1808	HEIC Converter Free.exe	35
PID 1808 wrote to memory of 1984	1808	HEIC Converter Free.exe	35
PID 1984 wrote to memory of 1608	1984	iexplore.exe	37
PID 1984 wrote to memory of 1608	1984	iexplore.exe	37
PID 1984 wrote to memory of 1608	1984	iexplore.exe	37
PID 1984 wrote to memory of 1608	1984	iexplore.exe	37

C:\Users\Admin\AppData\Local\Temp\heic-converter.exe
"C:\Users\Admin\AppData\Local\Temp\heic-converter.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Users\Admin\AppData\Local\Temp\is-QCEL0.tmp\heic-converter.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QCEL0.tmp\heic-converter.tmp" /SL5="$70120,14510913,206848,C:\Users\Admin\AppData\Local\Temp\heic-converter.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe
    "C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe" --register
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:284
- - C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe
    "C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe" --access_after_install_counting_url
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1516
- - C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe
    "C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe" --pop_after_install_force_url
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1808
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.fonepaw.com/heic-converter/installation.html
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1984
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1608
- - C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe
    "C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Program Files (x86)\FonePaw\HEIC Converter Free\splashScreen.exe
      "C:\Program Files (x86)\FonePaw\HEIC Converter Free\splashScreen.exe" -l ZW4= -m1 PGZvbnQgY29sb3IgPSAjMjYyNjI2PkxvYWRpbmcgbGFuZ3VhZ2UuLi48L2ZvbnQ+ -c PGZvbnQgY29sb3I9IzYwNjA2MD5Db3B5cmlnaHQgPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkFyaWFsOyI+JmNvcHk7PC9zcGFuPiAyMDIyIEZvbmVQYXcuIEFsbCByaWdodHMgcmVzZXJ2ZWQuPC9mb250Pg== -v PGI+PGZvbnQgY29sb3IgPSAjNjA2MDYwPlZlcnNpb246IDEuNy4wPC9mb250Pg== -m2 PGZvbnQgY29sb3IgPSAjMjYyNjI2PkZyYW1ld29yayBpbml0aWFsaXppbmcuLi48L2ZvbnQ+ -m3 PGZvbnQgY29sb3IgPSAjMjYyNjI2PkxvYWRpbmcgc2tpbi4uLjwvZm9udD4= -m4 PGZvbnQgY29sb3IgPSAjMjYyNjI2PlByZXBhcmluZyBtYWluIHdpbmRvdy4uLjwvZm9udD4= -f VGFob21h
      4⤵
      Executes dropped EXE
      Suspicious behavior: AddClipboardFormatListener
      Suspicious use of SetWindowsHookEx
      PID:1336

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\FonePaw\HEIC Converter Free\CommonUtils.dll

Filesize
46KB

MD5
1c4e9c4e72713ff38f17c8626d672a43

SHA1
689d9aa7751bbc0f824e18b205b39f7d017d94e7

SHA256
8129abc5dcd0b30c7e424aa6d75e384406b2db85ac6462e29fc99926d3e97057

SHA512
9df7c2cdde2680eb2dda58d8d21615d2fc7ff87fee8e59be58b8aab27e95232c16bcb3aa5c130355a3ac8591b59cef0b3dca327341cb40c22049bfc8cce687fc

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\Framework.dll

Filesize
1.1MB

MD5
5072b1872cd0e8f3ac29b8f1b8cb5f04

SHA1
031b1400266c6fd8742b458878f5ce80cb2be918

SHA256
a458e150c8d7bcaf75a8f3993528b03de9a6a049c0a3db2e45379d86b3e01973

SHA512
fc900c9e7cd31051aa8aeb5bf065c4a783aab161c9a4b700866f8531d7ddf00c61b1b2638316f3d22a43c66aa42d3b4977926008af5758855ab08c49a3853f63

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\MSVCP120.dll

Filesize
444KB

MD5
a883c95684eff25e71c3b644912c73a5

SHA1
3f541023690680d002a22f64153ea4e000e5561b

SHA256
d672fb07a05fb53cc821da0fde823fdfd46071854fe8c6c5ea83d7450b978ecb

SHA512
5a47c138d50690828303b1a01b28e6ef67cfe48215d16ed8a70f2bc8dbb4a73a42c37d02ccae416dc5bd12b7ed14ff692369bc294259b46dbf02dc1073f0cb52

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\MSVCR120.dll

Filesize
948KB

MD5
2fb20c782c237f8b23df112326048479

SHA1
b2d5a8b5c0fd735038267914b5080aab57b78243

SHA256
e0305aa54823e6f39d847f8b651b7bd08c085f1dbbcb5c3c1ce1942c0fa1e9fa

SHA512
4c1a67da2a56bc910436f9e339203d939f0bf854b589e26d3f4086277f2bec3dfce8b1f60193418c2544ef0c55713c90f6997df2bfb43f1429f3d00ba46b39b0

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Core.dll

Filesize
4.5MB

MD5
b0b80010d4e3f8145e521bdbab79d8d2

SHA1
f3e0aec3d86bd5caba1eb2c5391385c7ed0c0008

SHA256
2825cd5d8abe6db224ad822cd3362ec496dde563818927df9122159d9a7b099e

SHA512
2a23804892ae95d47086f493292069e06253f897013660c44349de45ca99952eff3747eec94282e3677014f64bc85cd9c94301f75f907ba4835b0333d225cdd2

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Gui.dll

Filesize
4.8MB

MD5
b4c0e92f23f76d26329dc0ca25656c8f

SHA1
9ccbbf95020cc64952b2c24c55e2b85007d06915

SHA256
d1fea5011d8bb25e4a833c9ad0f65a3debfcf1a177522325e25f284fb00bacf8

SHA512
a2633028440b75195bee32be655f06723084a6886d392e692d851b5eeca92fa93089d0a29adf73f92347a113860e1069b1f73ac60031fa2314e1571680564900

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Network.dll

Filesize
841KB

MD5
d20a32b50ad638d48dba61e91aba6fb1

SHA1
fefbfbffe5b0a528c5e5fa78b20240628eda039a

SHA256
7a5474a414b1f4b6438b5986c5531b2d13d1f64dc2a60c9317430fa5d5f71f17

SHA512
a480add15368c7633c85270a278c565c299473f74acf295eb7db79b4f3a67b8c0d72e34e1fc62bfd1b1709e2191b6209c1fc7df3550f7bf5d7623a23a9df68aa

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Widgets.dll

Filesize
4.3MB

MD5
67beaabc6cfa113d0b31a6d151cf9949

SHA1
0ddd45d6dcf3ea8b6a917756e41fb598306f641c

SHA256
e7e3b3fe767a1861852403bb2dd5b07906e88c4f857fca9b6bc0dfdd602ab92f

SHA512
e5e9896add6d73f2b765b58eac12c0d74555faca0f9dda65248431b97ffed0114312318495e6099b8a43ae5972cc654e7c2f786a401c10c2f893a238c134d251

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Xml.dll

Filesize
156KB

MD5
dda3f40b45bdbc8aaecb4447418ca4cc

SHA1
3219cfe62d96b3e312067c391a58ed84279dbb54

SHA256
9525db43ec5db114a5cec2407fe9b95dfd633fc8cb7d602548a1081867cef7a5

SHA512
9d3d4a3ab7d8bcf57a7f1bedc49caf6cc9de9296e4c1855063d0c1991939343cf68cd3ce5d3150e3526defed87892ac76869c8097faa58df90fdfb67db359446

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\Utility.dll

Filesize
20KB

MD5
385d2765174f6d41ee5db007b438ff06

SHA1
2a4a8dceed320957a7f8d08a61744acafe94dbb4

SHA256
a459eadf2f3e689620ef4a5963ac51721cbf497e104cc66134f8f0f0727ead6e

SHA512
de9a8ce23990ff7a4a3cc04e915ef48108ce4bab1195c6eca4bb017e151aaa0389b0178ff1e8b236e68ce2b7c2024af3f9bae995380dde5c58b41e8c997a144f

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\aff.ini

Filesize
2KB

MD5
3d9b402c9d5c62138d5edfa3431d85b3

SHA1
9f9b22107058e92228c88d6c3a4715abf31971aa

SHA256
758956de521475c182eaaeb1e296cded82abf0f9647296187e51ad883fb0e4cc

SHA512
655b9c49d3310ff9bc5cba43fa0d2e5e143304fdb2e9db20f973d507f094eb09aa461f9041b24a7f77e629cd5a4dab87ae648f9f8e117ebb790909d416d2859f

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-P9774.tmp

Filesize
2KB

MD5
3d9b402c9d5c62138d5edfa3431d85b3

SHA1
9f9b22107058e92228c88d6c3a4715abf31971aa

SHA256
758956de521475c182eaaeb1e296cded82abf0f9647296187e51ad883fb0e4cc

SHA512
655b9c49d3310ff9bc5cba43fa0d2e5e143304fdb2e9db20f973d507f094eb09aa461f9041b24a7f77e629cd5a4dab87ae648f9f8e117ebb790909d416d2859f

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\is-TCB39.tmp

Filesize
25KB

MD5
e511b24ab5c82fd58451379cc9aea928

SHA1
9e39b8be720180c151376e140c8d58a0eb76807b

SHA256
85e660f533ad5d44054bf36e3228522c5889a645327f1c4781a151d0d6116c57

SHA512
7d525d4b4bd049742babc9147f974d07082046857ecad03ce7b9543d108a256929eb0e11ae440c827bba257a79b3f1de645f22431a588ce289a8058ff042bfc2

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\libcrypto-1_1.dll

Filesize
3.1MB

MD5
5f9390942dc0d62efa1d8b66f6c62c1d

SHA1
00a16086d80c8f6993d19e690545905480a84a1b

SHA256
1f1da3a156fb193e793812d810c03d72b32f27719330b24f8820c34851a249ab

SHA512
f6570597a644e7c0125f7f98bb9243c2bb123ab248843857a06c20993fc0bd10d892bd1d6be33a2e7f5ea745b2d3dfaceefd67f7662e7bdd881c2b0cef375cf0

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\libcurl.dll

Filesize
298KB

MD5
377506a2d2bf4fbfb93e3c304da586d7

SHA1
31de504ed2feef6729f7fbe317d8f3b7b13adf16

SHA256
592bb33bbde418e79dc7c4bac44cfd4ce9b561d589c097c9e90d4ef9f4d42988

SHA512
cb9ab5c91fd043bc8e244bafc086995ba490fc3fdaca6cf957afc26e985aeeaf304f582f5e1331575943cf86b9c4221ea560379e805050268963542bac272125

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\libheicdecoder.dll

Filesize
4.7MB

MD5
2047e77ecf56350536b5a010f83fa330

SHA1
bbcd82378e75ddecdd60be6da320ae5339766b89

SHA256
4cf1e6ab67de8372abbe5ec61f9fed68069d02a6bd4e33a58b8a66cdcf9d9acc

SHA512
e6a52cc678065321a161574c37f197be21c49c9768c0adb4ab3bd4800b62836d5adaa56c34c3d9266d2eded96e3d2d66ce2340b16ce993268883725b51eeab02

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\libheicreader.dll

Filesize
8.6MB

MD5
c867567bbf545fc1d85ad2b727577a6f

SHA1
8236264b00cd2e2d70543cd124c0741291bf2745

SHA256
dbef9ef9aefdfc1f3b16657b1e4c04e9e5d8053b221eae2fe2c0c2e94b3024b7

SHA512
a8e0bb64efa319f359072b9fff2f1214107ffa33d8a05a42fa9a37d19ce8266bfe7c2031ed59976afe2a75d5a567819b45b48a0628b05d54b97a7d91ae939e6b

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\libssl-1_1.dll

Filesize
919KB

MD5
ba25bc6a1ced8f1b366a76466a23659a

SHA1
fd91e6e1cdd2e8f5a271760f8397ac366e29156f

SHA256
40e7964d4b0382f5cd8069a783514c5367c72247d362341cb991357010fa3b0d

SHA512
655f1b8b97206e47c664b7e20b3c143b6c89a5e7f8668342f49c552a85291c467e4924e099cfb9d580a1da64334c70bc1ad254b30048430ce7031b8f5339b2df

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\main.dll

Filesize
294KB

MD5
020b9905ba209c0e3c7e74e89dc28614

SHA1
3066324466b7ebc1e9bf579c506da25bfe516d72

SHA256
ddb3c820ec9801787693d9adc234cc4a802a96c8ce6ec33e6b81ebaaafae4227

SHA512
61907fe7f164af864bd1679b5b2422919c66d5290fa0f4e513157d4284794b5e9f8e0fa25ff79fe4825f7387afc03fbae80a0ac9a88d5f10273afc40cf297324

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\platforms\qwindows.dll

Filesize
995KB

MD5
18b0db700b98c83cf35ded7c145f0b9f

SHA1
4391483d43e4bb749cbe1b644c9976e74486f335

SHA256
ea194f1e75f69b0b4eef1bb328a1d86a759caa60b24ac17e898bc8f8feb4747e

SHA512
cc9cb342870b11eefe1850ffb03d15841de3ae76566d435849f22d3caf01bfc3223297e3131a9b264f31ec9c35da7be059c9924f92aa7204f5a127dae3cc7280

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\product\affiliate.xml

Filesize
5KB

MD5
d981c7e49c7ec0f159c9030377a15914

SHA1
bd18d4e978620255124805e526c48a6899d57cb6

SHA256
585c6eaea92fdb553ed634330e7e5f4ac4e5059d1f1631decc7fbb4bfa6c8f38

SHA512
cff9e356a77a190403c902859eb762c7d69dbc6cc24acebe9628ac49317571138f98976ba254bf74821d231dc3f13e976df3c8f7fc18a4f9be93989c8812b8b4

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\product\product.data

Filesize
121KB

MD5
f01c43f79a687776468eb6e9bd3a048b

SHA1
611503c1da85ff31c34cd99c1f13c9b38954d53a

SHA256
167364a45d218abc3bb3763c7659461250469edfba0fadfc4c623682901d218f

SHA512
36421f3d52ff70fe3f2bef7642fa3cfbc600db7bcaba8a9cc222f6c4044f47834a096b85ecc1176b5dd2a262074fa3752c35f2322a550335e5722d3bdb57f457

Download Submit
C:\Program Files (x86)\FonePaw\HEIC Converter Free\unins000.exe

Filesize
1.5MB

MD5
1851948b5ddc1b467fe003e91e6340c4

SHA1
ec36a5cdf0f8779d9277728063d2c3524b5ad466

SHA256
9d8221bde2055688a40009c636968446dc4feb146af8866f1028e7989fcd1ae4

SHA512
5632abfd11fdbc8017224b68e2511504e255a02ee99e5198a0d9b269986a18429f538898cb6489be2a0b938712ed8726681387360f4ab154a2b5dabe94e20335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E240C662CD79B5CD89655D57AE57844

Filesize
599B

MD5
67ebb0c8600408f17f7550ce5c480b8e

SHA1
cd2713c0bf291187bcaa987b1a80201f7abf29b4

SHA256
6444e18a019e750670b285357ff2c3570f0e69111f5314c99e45c780f16d6136

SHA512
7117f3840f8c9672b65a6b700add5b4fe42b1bb2502d149579cf2a66fa73e5f926f5f98e847219abd6e39f2f1ca20dc850816bc411821fc290c3bb42efb6837f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_BE25D0FE540174A4A87E2295C663329D

Filesize
1KB

MD5
12eb59bcccedee2139d9fdec1600fa30

SHA1
e6b21c3f2aa95605e68f9c1e336cb748e5d864b8

SHA256
afd4db43c6cdfd6bf908ca884e59ccc11e55f61db760ef2375c7ca3bd0180382

SHA512
a2886c732cee2f00ede13955927d8fc9a9c16515f04ba6a235e8ab5d840cec1d50683aaa0e244e3fe59ae43d9f0e463a9c88a923d66a247909a62fbea2e0c3bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74a24e2e934cd8586a9222df4245c304

SHA1
ce1935d3cf2003263c3bc51353efd20e211f83bd

SHA256
ea12723a7b8e2825a05c9bc251d5e4b9619ade44a07d11ce3d16c16182e1cbc7

SHA512
d518a16eba6c28b46856769cbe5d1aa866cd2a3bf6f1e485ba505af778bff7e66f08d2e80c8066684c4b2f2319d9ac9b5e6b592fbe6c2846399e3ea539412bf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e30b72509a91942c067ac70de3f224f2

SHA1
20289ba710dc9d69a63869ca7901d2ad4f0681b7

SHA256
0e294fc4b136844fc8376dd81cfd76886988aa500f460340dd4ceb9e74c54228

SHA512
633867306534f22ce6a3d4658a2800148c5a19a104d74f073346dd90cdc9f820ab27c1a8fc445f2f5618e50e2809aaa903ee664a860b7c74e9dff4fc6634d5a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
536b29c83d51764c5fe9dfb4e0cb4ed0

SHA1
d547384a8dab25c5eb96b8419fc0050fd5630eb9

SHA256
99fb9b4d2fe2eaead5a1f302305a7b8a46d05512e4c29033a0a5953636c1ea44

SHA512
e0daae35cdde3a6af73bb8aa24d85404a9de7a27510be648c3036027ac5f704742a45ad779c1389a246bbf3d21ba4719db057b7e523507ceb4bc7351a91d2878

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52f75f976cebef6054f433621c9d04cf

SHA1
3c4cc74274a2fc1c4514bfa701e598de0f9f1deb

SHA256
69a7c9389c70ac770b4466b152736f6cb03540df777dfdc1ca38c2e1bea08d6d

SHA512
eae485343656e5116f2a1121e8a6b9aa6f736dddc70cc3c82c48d427daefdfca66ede091430b476dd2b628858cffd4249b6815c446ab7e29370d3bb01b5acb01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55b3356bd79c866f29dfe283a5f1f4cf

SHA1
3ddea4cab64e5977ea672019ebdcdd000167a9b7

SHA256
7807c9db28bc8cecef23361be23771458a2268dc297b0f76acfec9bea750e154

SHA512
916ea1897a942a96832ac64e3ddf97cd9715f3645e89bb423798fecb6710f02c6ebdc66ac5ba75470e2a860c178f2fe3a30d85864db5796c878d0fc1672e227c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d50aa3fe91a44d59305f8928d5f53c4

SHA1
5046660f85d1e00843b4f882682785c4fa536381

SHA256
224e5ad33f14f292a3dc02c079a60a5dac9732a9b7b17a2d1a4a81786a73c0ac

SHA512
fb995edd926a06f37e732a5bb73c0998d76c3aff79d8e171d478a1bdb8f0e30a619fab0e460b9d3cc95c2f2d1461c921f8ea9db3fe7e6024b080368f8ca64a9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39150555350e749a70ad5a489dbe1e17

SHA1
f39e638e68ef5feec43f44d5f6a4b728a3f02804

SHA256
90f850908dbc8a5f040537be55d0682f11c285a6cd0d18e2756783c0a5c99a26

SHA512
87029cc83d42aa058d839bf21bcda4749ffdeaa183cda90ef981fe890436aa81060bcf05241841f0eac41e502b33fb485510b3c702ca6017c3c65079823e4add

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c79e09d85cb16955b7fac605a1c63057

SHA1
7e957690809d432ff6bbb6a11b0be2000776b297

SHA256
90707c422abf5d65d1d5e28b107d6c99e2ad8ffd5fb2853c9a8bf47846dc18c1

SHA512
4242a1d75a2a3c29230f7b9f97f5171df591c6d1e4ae7aa7b245b40daf850befaa47faeb5a7c8b8e3cae1bff68c46a09d4bd5ac177c6e0e1dfd05bc89713225b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4ceccf6fd7e55134880045b3b8ec558

SHA1
e7464f89e39039210646952cad6b76cde8e1d8f9

SHA256
1c1a15adb3a2b1f0f0c3913d9f4d4ab64d02e851eca65a427b9d1ac0d939ab83

SHA512
34896524c063ad3a02478157bdda85880500ec29b5f380f198e23c19ca11d4b1e9ec9e9ed3aba7447dd7c48d7adbc2ceb0518bdc42787d49eaa66d8d3be723d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfc323f9b41897b01168b342e6bb0f4a

SHA1
57f7578dfd2abff2dfb79d8d0e6f99da31f5bc39

SHA256
6fa52f752780e6c2afd85955a38dc787449c5ec89d2eeac54efb2b112bc5dbe5

SHA512
8d072dde1291776ace97be9328a77b9ace06e098e61b62e6f4ffdbb6381a189ad68ab79dfb29963e0bbacfd865f055cc36a403ad128658f5ad10afd96bfb5687

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4db673c1b4cc9b9fbccadd8cf0662dd0

SHA1
85f3252390703c107cf76c738e921a567915d448

SHA256
6a248b83c95de0a61723a7105a98c8d0acd24dc32d00cd064933112eb30e0d63

SHA512
a6b068eac4ed65441ad125a53d9fec980850835b7e202446a36a3098b75c2a3a84f9f0c7a832bddef7318c0ee207f8e804c3e71450e44136807b1d0152e3380b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0811f1032549102fae121ec65c16157e

SHA1
e171cdaa61069f8387d1b226d861ad8e91b5f35c

SHA256
2cf71d346f1cc6d0534e88756e6ac410de2d69aab6490f91b34def7c3bc8fec3

SHA512
8d8ea12d33c7967737256f28b3e66b861c74be6ce396367bcade3a50ffccfc99a3daabb49e19b51e0c25454830b1cc315fc6d9a97b31006869e5f1c8c8c9b870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c01f2aff339f255b5962a948eef7566d

SHA1
9a43880298e009b5322745fa73323d3d16b4caac

SHA256
cbdf16f603351d5b65651866ebc4179a16fe66898536630d0da2b7afa8c67f5c

SHA512
fc1fe5b5f6bedf8992ee6b4a4504a4c7c99822191b485f8ba8adef3898d094dfde5a989dc3a09232c8394ed095b7ccb2c639f99d861c5e05b20f7484508acb5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
362bc075cbe21f5812c628d7cdc3d8ff

SHA1
c6f7dcb42fffb698767806f27b489ca4d9820078

SHA256
858b1791a3fb929ee6a83cf8de5f01c3ad0430920d37e3042bd68ae99326facb

SHA512
0229ea9cf94f62a7b134b9ff97e9b88ce06927dc1f66c1cd24bea634a7ac35f5d6a19dd67389672010329eb51f5289641f12104b2464a5759bb0fab9fe9f560c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9816583ad40470b0f101a1426567a5c6

SHA1
389a1e80bc5ef8dcaf0ded534aa2587613b26994

SHA256
e170d2b9e30851f3ed5c9e6c393976841de0c4dea387e3d40889a045423643a0

SHA512
68096d3568bdb23d9a58504353187ab44d42570552fb1478f612b1c3d09be8c79d4c7d43db2e04a250ff9292854748b0c3be1797079cb75793107d3eabde213f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78f195035ac45b6e04dd9504dc5c95bf

SHA1
d3e7b9fe3ce18962fbb92751f99c2495e091923c

SHA256
20905f8b0ca32b6bcfb7314b5b01dc8d5bf81a232a65794545f437c5ec17ed61

SHA512
a855855425e595d53350b9bf481ef2dfc3136d6a08af42c0e3e65481d9ba9f02c65f65995e0c54ae2055b1761a1d98e23d1b0a57b8e2e7e30298290d48677e1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36a490373e4e3bb86d1c13a9b8712c17

SHA1
af87f490a160994a1a4002e4eded9c8d97ea2b7b

SHA256
64fa8c0e66e56ae2c088e9203c676744a7c5e0e468ea8cda2c1b32d6e8cb3d2f

SHA512
94968c5c92ad10aa1c8aa64367f41e7b5e1600c810548cbe93c3876db1975c3761df5d37844cab0c28a0bf763dda6fabcf300631dc60da78f2794a5c7cef450c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b027741812d9f81f4209b7289eab954

SHA1
e8d4bf64cb579a038e1aee73c266c6f5beb9ae1c

SHA256
d69b5fd8f158cd30b9ff74a0a44f43c0dbc244896afd038a22cb7a96272fe6d2

SHA512
06ebcedabacb466e263b7eee28e29fa6997298a4539e69cf0978f8fee257ad066c2da842affd929e4c4d2a214e187872ef81a3c692cad327b8238dd739bb4257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff4bb6389e6fcd139727eb1a58a28be6

SHA1
edbd6d755126f8bfed9e5529200b469f61bef3a2

SHA256
5ac062e2fe383315d038076eb133e65e1de0061c786d710028b087b8d3a2d63c

SHA512
8e3afe6507bde59d95f2ed221935e123fa0ae5913e718a663835380242f8a897161765f4bcd0ff32e7a7034c0002814b4ad29506317f36f72004a6e13c8ac992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2163f6e8f1fc714c5c8ddf7eeb0fe45c

SHA1
10b40ee33082c987fbd11f4dfd9de60270e0e6de

SHA256
7d7c3613ba0669ce3dba87fddfa7588bd2d8b85900124048021cf587753a90c7

SHA512
883bcec2d28cfaf43437e80ef00351276d8dc664d97631cad302fed930b61fd9866f98d27c920b46fbf3151e610235e2f11fc83cda22bb1c5cd6046aa609964c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9912489017e7f2677d60bdda290c3d4

SHA1
23be0866a27570a1f601259195eb8b5ccf04bd8e

SHA256
c73350c952ecb9b7dcaa41c7b8799944c79aff9a2dac714df70905764a0c566d

SHA512
ec78f0aee10cd2ac49d3252415690252ca492177937d5e89c5a3bb2b47a6811faf5bf68b232def4d024544642d604b0d3056bf4b6c6324176a373121efc62edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_BE25D0FE540174A4A87E2295C663329D

Filesize
482B

MD5
c3a4d8a35a3f8a3499412a388e21e5bf

SHA1
0085423fed38d21f081c0a0fcc095f2f573a7fff

SHA256
dda851293258cca20c7a1d590446016c3866404599231c17e46c33a3ed8ffba6

SHA512
a606b7df53ec3846504ef87bf3bfcfa1ff20cfe4380bc25bde96a47f71252e54d3c4ebde6ffd2c734059e56a552c4a408088cd9fe38f3430000867d92f78209e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\98FB8ZRI\www.fonepaw[1].xml

Filesize
100B

MD5
fb6e9899de4d768ee5ab1a3843abaf8e

SHA1
5dfb62b2ea9251999e4b3c61ac77d63cf649c05d

SHA256
f0fa21a6d78b28e57d7bc650b2010af256f55e90f36801055acee94d95353148

SHA512
73e3c2231d1534ba4ab9321f0522f09fe9fa68cf13b50a6bddce5179f04f19cad7bf98b3775f0fd172a11f359b293a389a2832e88ad13f6cdf862c48a27b415f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\98FB8ZRI\www.fonepaw[1].xml

Filesize
502B

MD5
80a4ed690f9dd109c64f034b79c21c57

SHA1
557653c2d0458c38a15b96168df9800cda5bef4e

SHA256
3959ea426d2237e21db2bd0a6bf5d256a25b447a8573bf8370bc18bd13a6c9c4

SHA512
e17024d4f74faec2329df8df1cce2b4300561bac5504e40f25e212127e5f2e70f974f7100f71baa643ec592767ffdd2494f24bb2f04bd17d9dc83ea9d0ea928b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FTJON2S9\www.google[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\fp[1].ico

Filesize
433B

MD5
9872dc143a2a0364463cc000a5d132ed

SHA1
69ce5169274235575322214ad9b725260effa71d

SHA256
cf9c0999bcf1c12690114bf3284c1c17b429c910a350c84d646c3c47cdfc78e6

SHA512
4731881e3e2377d16322829c18d7306ebd5ae9ce6660292d537b8ea75f4f8b82c02ce241d1debdc9f949c98095526dbfa7aebeafcc721fbd9e989c82345ed09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3AB8.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q3503.tmp\libcurl.dll

Filesize
1.9MB

MD5
7da8e38e9b73425c9629e77950c205d1

SHA1
27ed177abc7916c1f9c73f5f440ee43d2e02434c

SHA256
28ed8fb447e1a52d5d6b898b41cb0dff9f38f5838d7aa7fbd90ba7861a29900a

SHA512
d701bddb3fff72ffc132513fe622df3b804369b7f7654dae2e6fc9d5d57823016f5b4bd932743a26534634868ce9e63ac590c944282dd77c772402ee0f5c3f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q3503.tmp\setup_ja.bmp

Filesize
150KB

MD5
71fbcb379d274412c3a5a9e5c1194f1e

SHA1
bac9c243bd9eba6ebb91133d41ea264c13e1b894

SHA256
ddbfae18373805d541ded0b304245485d5f29a0584de71e6faab25bacbd3633c

SHA512
da492ac9c93023254eebf3e861b8a00a76f05ad8a669336814fe060468b2ce76732bea6c56ba093f2e9b1e7e258e3c342d53deb03866a33447d1a89c79e58fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QCEL0.tmp\heic-converter.tmp

Filesize
1.5MB

MD5
1851948b5ddc1b467fe003e91e6340c4

SHA1
ec36a5cdf0f8779d9277728063d2c3524b5ad466

SHA256
9d8221bde2055688a40009c636968446dc4feb146af8866f1028e7989fcd1ae4

SHA512
5632abfd11fdbc8017224b68e2511504e255a02ee99e5198a0d9b269986a18429f538898cb6489be2a0b938712ed8726681387360f4ab154a2b5dabe94e20335

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QCEL0.tmp\heic-converter.tmp

Filesize
1.5MB

MD5
1851948b5ddc1b467fe003e91e6340c4

SHA1
ec36a5cdf0f8779d9277728063d2c3524b5ad466

SHA256
9d8221bde2055688a40009c636968446dc4feb146af8866f1028e7989fcd1ae4

SHA512
5632abfd11fdbc8017224b68e2511504e255a02ee99e5198a0d9b269986a18429f538898cb6489be2a0b938712ed8726681387360f4ab154a2b5dabe94e20335

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFDC7F1BC263A8EF0D.TMP

Filesize
16KB

MD5
78b79445b3a776c5fc68bd649e7954b6

SHA1
a43849fe3b0a7f84818cf9c7d1df6a903278be83

SHA256
c953e7710d3a7e660c258b7981f99ff4bf25eeddf43f397a2ede80b3cd738344

SHA512
04229a46c413d4ddb75cd8fa3dca3280ef1af76f897795c356b7f97fed4f653fb3d110871bd4e99ea147ccf7311c0f9691ae684b8797750c26f2340a2d1ee024

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\CommonUtils.dll

Filesize
46KB

MD5
1c4e9c4e72713ff38f17c8626d672a43

SHA1
689d9aa7751bbc0f824e18b205b39f7d017d94e7

SHA256
8129abc5dcd0b30c7e424aa6d75e384406b2db85ac6462e29fc99926d3e97057

SHA512
9df7c2cdde2680eb2dda58d8d21615d2fc7ff87fee8e59be58b8aab27e95232c16bcb3aa5c130355a3ac8591b59cef0b3dca327341cb40c22049bfc8cce687fc

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Framework.dll

Filesize
1.1MB

MD5
5072b1872cd0e8f3ac29b8f1b8cb5f04

SHA1
031b1400266c6fd8742b458878f5ce80cb2be918

SHA256
a458e150c8d7bcaf75a8f3993528b03de9a6a049c0a3db2e45379d86b3e01973

SHA512
fc900c9e7cd31051aa8aeb5bf065c4a783aab161c9a4b700866f8531d7ddf00c61b1b2638316f3d22a43c66aa42d3b4977926008af5758855ab08c49a3853f63

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\HEIC Converter Free.exe

Filesize
81KB

MD5
543e38d51a43e65e2c56cc6e09b007f5

SHA1
02ee27213cdd5539118a0ce0c3e65dcab56a7cfe

SHA256
882d31898848a9c3610ad59cf4b022a89c9cbc02490bfda99785256a31c61756

SHA512
928bdad172e47cb47acd5cb6bdb7967608eff21392b25144aa7fb319036008d10b4881dfc53974493405644d1473006f432f440ea42f4f1813fe569426406e21

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Core.dll

Filesize
4.5MB

MD5
b0b80010d4e3f8145e521bdbab79d8d2

SHA1
f3e0aec3d86bd5caba1eb2c5391385c7ed0c0008

SHA256
2825cd5d8abe6db224ad822cd3362ec496dde563818927df9122159d9a7b099e

SHA512
2a23804892ae95d47086f493292069e06253f897013660c44349de45ca99952eff3747eec94282e3677014f64bc85cd9c94301f75f907ba4835b0333d225cdd2

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Core.dll

Filesize
4.5MB

MD5
b0b80010d4e3f8145e521bdbab79d8d2

SHA1
f3e0aec3d86bd5caba1eb2c5391385c7ed0c0008

SHA256
2825cd5d8abe6db224ad822cd3362ec496dde563818927df9122159d9a7b099e

SHA512
2a23804892ae95d47086f493292069e06253f897013660c44349de45ca99952eff3747eec94282e3677014f64bc85cd9c94301f75f907ba4835b0333d225cdd2

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Core.dll

Filesize
4.5MB

MD5
b0b80010d4e3f8145e521bdbab79d8d2

SHA1
f3e0aec3d86bd5caba1eb2c5391385c7ed0c0008

SHA256
2825cd5d8abe6db224ad822cd3362ec496dde563818927df9122159d9a7b099e

SHA512
2a23804892ae95d47086f493292069e06253f897013660c44349de45ca99952eff3747eec94282e3677014f64bc85cd9c94301f75f907ba4835b0333d225cdd2

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Gui.dll

Filesize
4.8MB

MD5
b4c0e92f23f76d26329dc0ca25656c8f

SHA1
9ccbbf95020cc64952b2c24c55e2b85007d06915

SHA256
d1fea5011d8bb25e4a833c9ad0f65a3debfcf1a177522325e25f284fb00bacf8

SHA512
a2633028440b75195bee32be655f06723084a6886d392e692d851b5eeca92fa93089d0a29adf73f92347a113860e1069b1f73ac60031fa2314e1571680564900

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Gui.dll

Filesize
4.8MB

MD5
b4c0e92f23f76d26329dc0ca25656c8f

SHA1
9ccbbf95020cc64952b2c24c55e2b85007d06915

SHA256
d1fea5011d8bb25e4a833c9ad0f65a3debfcf1a177522325e25f284fb00bacf8

SHA512
a2633028440b75195bee32be655f06723084a6886d392e692d851b5eeca92fa93089d0a29adf73f92347a113860e1069b1f73ac60031fa2314e1571680564900

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Gui.dll

Filesize
4.8MB

MD5
b4c0e92f23f76d26329dc0ca25656c8f

SHA1
9ccbbf95020cc64952b2c24c55e2b85007d06915

SHA256
d1fea5011d8bb25e4a833c9ad0f65a3debfcf1a177522325e25f284fb00bacf8

SHA512
a2633028440b75195bee32be655f06723084a6886d392e692d851b5eeca92fa93089d0a29adf73f92347a113860e1069b1f73ac60031fa2314e1571680564900

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Network.dll

Filesize
841KB

MD5
d20a32b50ad638d48dba61e91aba6fb1

SHA1
fefbfbffe5b0a528c5e5fa78b20240628eda039a

SHA256
7a5474a414b1f4b6438b5986c5531b2d13d1f64dc2a60c9317430fa5d5f71f17

SHA512
a480add15368c7633c85270a278c565c299473f74acf295eb7db79b4f3a67b8c0d72e34e1fc62bfd1b1709e2191b6209c1fc7df3550f7bf5d7623a23a9df68aa

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Widgets.dll

Filesize
4.3MB

MD5
67beaabc6cfa113d0b31a6d151cf9949

SHA1
0ddd45d6dcf3ea8b6a917756e41fb598306f641c

SHA256
e7e3b3fe767a1861852403bb2dd5b07906e88c4f857fca9b6bc0dfdd602ab92f

SHA512
e5e9896add6d73f2b765b58eac12c0d74555faca0f9dda65248431b97ffed0114312318495e6099b8a43ae5972cc654e7c2f786a401c10c2f893a238c134d251

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Widgets.dll

Filesize
4.3MB

MD5
67beaabc6cfa113d0b31a6d151cf9949

SHA1
0ddd45d6dcf3ea8b6a917756e41fb598306f641c

SHA256
e7e3b3fe767a1861852403bb2dd5b07906e88c4f857fca9b6bc0dfdd602ab92f

SHA512
e5e9896add6d73f2b765b58eac12c0d74555faca0f9dda65248431b97ffed0114312318495e6099b8a43ae5972cc654e7c2f786a401c10c2f893a238c134d251

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Widgets.dll

Filesize
4.3MB

MD5
67beaabc6cfa113d0b31a6d151cf9949

SHA1
0ddd45d6dcf3ea8b6a917756e41fb598306f641c

SHA256
e7e3b3fe767a1861852403bb2dd5b07906e88c4f857fca9b6bc0dfdd602ab92f

SHA512
e5e9896add6d73f2b765b58eac12c0d74555faca0f9dda65248431b97ffed0114312318495e6099b8a43ae5972cc654e7c2f786a401c10c2f893a238c134d251

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Widgets.dll

Filesize
4.3MB

MD5
67beaabc6cfa113d0b31a6d151cf9949

SHA1
0ddd45d6dcf3ea8b6a917756e41fb598306f641c

SHA256
e7e3b3fe767a1861852403bb2dd5b07906e88c4f857fca9b6bc0dfdd602ab92f

SHA512
e5e9896add6d73f2b765b58eac12c0d74555faca0f9dda65248431b97ffed0114312318495e6099b8a43ae5972cc654e7c2f786a401c10c2f893a238c134d251

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Qt5Xml.dll

Filesize
156KB

MD5
dda3f40b45bdbc8aaecb4447418ca4cc

SHA1
3219cfe62d96b3e312067c391a58ed84279dbb54

SHA256
9525db43ec5db114a5cec2407fe9b95dfd633fc8cb7d602548a1081867cef7a5

SHA512
9d3d4a3ab7d8bcf57a7f1bedc49caf6cc9de9296e4c1855063d0c1991939343cf68cd3ce5d3150e3526defed87892ac76869c8097faa58df90fdfb67db359446

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\Utility.dll

Filesize
20KB

MD5
385d2765174f6d41ee5db007b438ff06

SHA1
2a4a8dceed320957a7f8d08a61744acafe94dbb4

SHA256
a459eadf2f3e689620ef4a5963ac51721cbf497e104cc66134f8f0f0727ead6e

SHA512
de9a8ce23990ff7a4a3cc04e915ef48108ce4bab1195c6eca4bb017e151aaa0389b0178ff1e8b236e68ce2b7c2024af3f9bae995380dde5c58b41e8c997a144f

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\libcrypto-1_1.dll

Filesize
3.1MB

MD5
5f9390942dc0d62efa1d8b66f6c62c1d

SHA1
00a16086d80c8f6993d19e690545905480a84a1b

SHA256
1f1da3a156fb193e793812d810c03d72b32f27719330b24f8820c34851a249ab

SHA512
f6570597a644e7c0125f7f98bb9243c2bb123ab248843857a06c20993fc0bd10d892bd1d6be33a2e7f5ea745b2d3dfaceefd67f7662e7bdd881c2b0cef375cf0

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\libcurl.dll

Filesize
298KB

MD5
377506a2d2bf4fbfb93e3c304da586d7

SHA1
31de504ed2feef6729f7fbe317d8f3b7b13adf16

SHA256
592bb33bbde418e79dc7c4bac44cfd4ce9b561d589c097c9e90d4ef9f4d42988

SHA512
cb9ab5c91fd043bc8e244bafc086995ba490fc3fdaca6cf957afc26e985aeeaf304f582f5e1331575943cf86b9c4221ea560379e805050268963542bac272125

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\libheicdecoder.dll

Filesize
4.7MB

MD5
2047e77ecf56350536b5a010f83fa330

SHA1
bbcd82378e75ddecdd60be6da320ae5339766b89

SHA256
4cf1e6ab67de8372abbe5ec61f9fed68069d02a6bd4e33a58b8a66cdcf9d9acc

SHA512
e6a52cc678065321a161574c37f197be21c49c9768c0adb4ab3bd4800b62836d5adaa56c34c3d9266d2eded96e3d2d66ce2340b16ce993268883725b51eeab02

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\libheicreader.dll

Filesize
8.6MB

MD5
c867567bbf545fc1d85ad2b727577a6f

SHA1
8236264b00cd2e2d70543cd124c0741291bf2745

SHA256
dbef9ef9aefdfc1f3b16657b1e4c04e9e5d8053b221eae2fe2c0c2e94b3024b7

SHA512
a8e0bb64efa319f359072b9fff2f1214107ffa33d8a05a42fa9a37d19ce8266bfe7c2031ed59976afe2a75d5a567819b45b48a0628b05d54b97a7d91ae939e6b

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\libssl-1_1.dll

Filesize
919KB

MD5
ba25bc6a1ced8f1b366a76466a23659a

SHA1
fd91e6e1cdd2e8f5a271760f8397ac366e29156f

SHA256
40e7964d4b0382f5cd8069a783514c5367c72247d362341cb991357010fa3b0d

SHA512
655f1b8b97206e47c664b7e20b3c143b6c89a5e7f8668342f49c552a85291c467e4924e099cfb9d580a1da64334c70bc1ad254b30048430ce7031b8f5339b2df

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\main.dll

Filesize
294KB

MD5
020b9905ba209c0e3c7e74e89dc28614

SHA1
3066324466b7ebc1e9bf579c506da25bfe516d72

SHA256
ddb3c820ec9801787693d9adc234cc4a802a96c8ce6ec33e6b81ebaaafae4227

SHA512
61907fe7f164af864bd1679b5b2422919c66d5290fa0f4e513157d4284794b5e9f8e0fa25ff79fe4825f7387afc03fbae80a0ac9a88d5f10273afc40cf297324

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\msvcp120.dll

Filesize
444KB

MD5
a883c95684eff25e71c3b644912c73a5

SHA1
3f541023690680d002a22f64153ea4e000e5561b

SHA256
d672fb07a05fb53cc821da0fde823fdfd46071854fe8c6c5ea83d7450b978ecb

SHA512
5a47c138d50690828303b1a01b28e6ef67cfe48215d16ed8a70f2bc8dbb4a73a42c37d02ccae416dc5bd12b7ed14ff692369bc294259b46dbf02dc1073f0cb52

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\msvcp120.dll

Filesize
444KB

MD5
a883c95684eff25e71c3b644912c73a5

SHA1
3f541023690680d002a22f64153ea4e000e5561b

SHA256
d672fb07a05fb53cc821da0fde823fdfd46071854fe8c6c5ea83d7450b978ecb

SHA512
5a47c138d50690828303b1a01b28e6ef67cfe48215d16ed8a70f2bc8dbb4a73a42c37d02ccae416dc5bd12b7ed14ff692369bc294259b46dbf02dc1073f0cb52

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\msvcp120.dll

Filesize
444KB

MD5
a883c95684eff25e71c3b644912c73a5

SHA1
3f541023690680d002a22f64153ea4e000e5561b

SHA256
d672fb07a05fb53cc821da0fde823fdfd46071854fe8c6c5ea83d7450b978ecb

SHA512
5a47c138d50690828303b1a01b28e6ef67cfe48215d16ed8a70f2bc8dbb4a73a42c37d02ccae416dc5bd12b7ed14ff692369bc294259b46dbf02dc1073f0cb52

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\msvcr120.dll

Filesize
948KB

MD5
2fb20c782c237f8b23df112326048479

SHA1
b2d5a8b5c0fd735038267914b5080aab57b78243

SHA256
e0305aa54823e6f39d847f8b651b7bd08c085f1dbbcb5c3c1ce1942c0fa1e9fa

SHA512
4c1a67da2a56bc910436f9e339203d939f0bf854b589e26d3f4086277f2bec3dfce8b1f60193418c2544ef0c55713c90f6997df2bfb43f1429f3d00ba46b39b0

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\msvcr120.dll

Filesize
948KB

MD5
2fb20c782c237f8b23df112326048479

SHA1
b2d5a8b5c0fd735038267914b5080aab57b78243

SHA256
e0305aa54823e6f39d847f8b651b7bd08c085f1dbbcb5c3c1ce1942c0fa1e9fa

SHA512
4c1a67da2a56bc910436f9e339203d939f0bf854b589e26d3f4086277f2bec3dfce8b1f60193418c2544ef0c55713c90f6997df2bfb43f1429f3d00ba46b39b0

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\msvcr120.dll

Filesize
948KB

MD5
2fb20c782c237f8b23df112326048479

SHA1
b2d5a8b5c0fd735038267914b5080aab57b78243

SHA256
e0305aa54823e6f39d847f8b651b7bd08c085f1dbbcb5c3c1ce1942c0fa1e9fa

SHA512
4c1a67da2a56bc910436f9e339203d939f0bf854b589e26d3f4086277f2bec3dfce8b1f60193418c2544ef0c55713c90f6997df2bfb43f1429f3d00ba46b39b0

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\platforms\qwindows.dll

Filesize
995KB

MD5
18b0db700b98c83cf35ded7c145f0b9f

SHA1
4391483d43e4bb749cbe1b644c9976e74486f335

SHA256
ea194f1e75f69b0b4eef1bb328a1d86a759caa60b24ac17e898bc8f8feb4747e

SHA512
cc9cb342870b11eefe1850ffb03d15841de3ae76566d435849f22d3caf01bfc3223297e3131a9b264f31ec9c35da7be059c9924f92aa7204f5a127dae3cc7280

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\platforms\qwindows.dll

Filesize
995KB

MD5
18b0db700b98c83cf35ded7c145f0b9f

SHA1
4391483d43e4bb749cbe1b644c9976e74486f335

SHA256
ea194f1e75f69b0b4eef1bb328a1d86a759caa60b24ac17e898bc8f8feb4747e

SHA512
cc9cb342870b11eefe1850ffb03d15841de3ae76566d435849f22d3caf01bfc3223297e3131a9b264f31ec9c35da7be059c9924f92aa7204f5a127dae3cc7280

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\platforms\qwindows.dll

Filesize
995KB

MD5
18b0db700b98c83cf35ded7c145f0b9f

SHA1
4391483d43e4bb749cbe1b644c9976e74486f335

SHA256
ea194f1e75f69b0b4eef1bb328a1d86a759caa60b24ac17e898bc8f8feb4747e

SHA512
cc9cb342870b11eefe1850ffb03d15841de3ae76566d435849f22d3caf01bfc3223297e3131a9b264f31ec9c35da7be059c9924f92aa7204f5a127dae3cc7280

Download Submit
\Program Files (x86)\FonePaw\HEIC Converter Free\unins000.exe

Filesize
1.5MB

MD5
1851948b5ddc1b467fe003e91e6340c4

SHA1
ec36a5cdf0f8779d9277728063d2c3524b5ad466

SHA256
9d8221bde2055688a40009c636968446dc4feb146af8866f1028e7989fcd1ae4

SHA512
5632abfd11fdbc8017224b68e2511504e255a02ee99e5198a0d9b269986a18429f538898cb6489be2a0b938712ed8726681387360f4ab154a2b5dabe94e20335

Download Submit
\Users\Admin\AppData\Local\Temp\is-Q3503.tmp\NetAccess.dll

Filesize
82KB

MD5
e6ee918c6c2d7439ab8a3c5bfda648e5

SHA1
c6e57d6bf4cede2e2320b96ab831756b45887cd5

SHA256
ed03e0baec14cef516933b0b03f46ed5e300a4d528e1ad83befddf30b0373584

SHA512
7515d2babd5bfb0c333daa86f6765d3863a10831e8b14687db4a3ce8a991c302c6c900c4999f3c3166f03981bc11cd35f44ca454134b10836d8e1419d3c7dfdb

Download Submit
\Users\Admin\AppData\Local\Temp\is-Q3503.tmp\libcurl.dll

Filesize
1.9MB

MD5
7da8e38e9b73425c9629e77950c205d1

SHA1
27ed177abc7916c1f9c73f5f440ee43d2e02434c

SHA256
28ed8fb447e1a52d5d6b898b41cb0dff9f38f5838d7aa7fbd90ba7861a29900a

SHA512
d701bddb3fff72ffc132513fe622df3b804369b7f7654dae2e6fc9d5d57823016f5b4bd932743a26534634868ce9e63ac590c944282dd77c772402ee0f5c3f71

Download Submit
\Users\Admin\AppData\Local\Temp\is-QCEL0.tmp\heic-converter.tmp

Filesize
1.5MB

MD5
1851948b5ddc1b467fe003e91e6340c4

SHA1
ec36a5cdf0f8779d9277728063d2c3524b5ad466

SHA256
9d8221bde2055688a40009c636968446dc4feb146af8866f1028e7989fcd1ae4

SHA512
5632abfd11fdbc8017224b68e2511504e255a02ee99e5198a0d9b269986a18429f538898cb6489be2a0b938712ed8726681387360f4ab154a2b5dabe94e20335

Download Submit
memory/284-308-0x00000000726F0000-0x00000000727B5000-memory.dmp

Filesize
788KB

Download
memory/284-288-0x00000000727C0000-0x0000000072A7C000-memory.dmp

Filesize
2.7MB

Download
memory/284-287-0x0000000072A80000-0x0000000072AD1000-memory.dmp

Filesize
324KB

Download
memory/284-310-0x0000000068E80000-0x0000000069198000-memory.dmp

Filesize
3.1MB

Download
memory/284-309-0x0000000072020000-0x0000000072494000-memory.dmp

Filesize
4.5MB

Download
memory/1420-164-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/1420-134-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/1420-128-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/1420-89-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/1420-85-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1420-84-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/1420-334-0x0000000000400000-0x000000000058F000-memory.dmp

Filesize
1.6MB

Download
memory/1420-61-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1484-335-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1484-83-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1484-54-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1516-387-0x0000000068E80000-0x0000000069198000-memory.dmp

Filesize
3.1MB

Download
memory/1516-375-0x0000000072770000-0x0000000072A2C000-memory.dmp

Filesize
2.7MB

Download
memory/1516-385-0x00000000726A0000-0x0000000072765000-memory.dmp

Filesize
788KB

Download
memory/1516-374-0x0000000072A30000-0x0000000072A81000-memory.dmp

Filesize
324KB

Download
memory/1516-386-0x0000000071B90000-0x0000000072004000-memory.dmp

Filesize
4.5MB

Download
memory/1516-388-0x00000000723D0000-0x0000000072479000-memory.dmp

Filesize
676KB

Download
memory/1516-389-0x00000000721B0000-0x00000000723C6000-memory.dmp

Filesize
2.1MB

Download
memory/1684-396-0x00000000721B0000-0x00000000723C6000-memory.dmp

Filesize
2.1MB

Download
memory/1684-1638-0x0000000004900000-0x0000000004901000-memory.dmp

Filesize
4KB

Download
memory/1684-1655-0x0000000072A30000-0x0000000072A81000-memory.dmp

Filesize
324KB

Download
memory/1684-392-0x00000000726A0000-0x0000000072765000-memory.dmp

Filesize
788KB

Download
memory/1684-1656-0x0000000072770000-0x0000000072A2C000-memory.dmp

Filesize
2.7MB

Download
memory/1684-391-0x0000000072770000-0x0000000072A2C000-memory.dmp

Filesize
2.7MB

Download
memory/1684-398-0x0000000004900000-0x0000000004901000-memory.dmp

Filesize
4KB

Download
memory/1684-390-0x0000000072A30000-0x0000000072A81000-memory.dmp

Filesize
324KB

Download
memory/1684-397-0x0000000004910000-0x0000000004912000-memory.dmp

Filesize
8KB

Download
memory/1684-394-0x0000000068E80000-0x0000000069198000-memory.dmp

Filesize
3.1MB

Download
memory/1684-395-0x00000000723D0000-0x0000000072479000-memory.dmp

Filesize
676KB

Download
memory/1684-393-0x0000000071B90000-0x0000000072004000-memory.dmp

Filesize
4.5MB

Download
memory/1808-321-0x00000000726A0000-0x0000000072765000-memory.dmp

Filesize
788KB

Download
memory/1808-320-0x0000000072770000-0x0000000072A2C000-memory.dmp

Filesize
2.7MB

Download
memory/1808-319-0x0000000072A30000-0x0000000072A81000-memory.dmp

Filesize
324KB

Download
memory/1808-336-0x0000000068E80000-0x0000000069198000-memory.dmp

Filesize
3.1MB

Download
memory/1808-333-0x0000000071B90000-0x0000000072004000-memory.dmp

Filesize
4.5MB

Download