91c7c3e1ac15cb9d320a6386e43e77ca7473ba3db708f45776869d85bbde3adc

Analysis

max time kernel
140s
max time network
125s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03-04-2023 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pdr-free-online.exe
Size

2.2MB
MD5

8e938b9dc68c347110e57a8086662bd5
SHA1

33e65b0ea45bc0496897288a37ef2492c69307d1
SHA256

91c7c3e1ac15cb9d320a6386e43e77ca7473ba3db708f45776869d85bbde3adc
SHA512

28fd1371638c108c77bbf7bd189c09a8eee53e4c40957748ddaf02eb4a1b40ad824ea94b170e8ed50d5a40c6d3656a12347d67837221eb23d56c4f0f0cfa0ac1
SSDEEP

49152:9tJEra8kaXpfLZyTiikVd4vSq8Fk5M76LPDgTSjZShK:9tc9kOpfLZyTyuvzZi6LPDgeZShK

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PowerDataRecovery.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	PowerDataRecovery.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	PowerDataRecovery.exe

Executes dropped EXE 5 IoCs

Processes:

OnlineInstall.exepdr-free-x64.exepdr-free-x64.tmpexperience.exePowerDataRecovery.exe

pid process

1860 OnlineInstall.exe
1152 pdr-free-x64.exe
1528 pdr-free-x64.tmp
836 experience.exe
1308 PowerDataRecovery.exe

pid	process
1860	OnlineInstall.exe
1152	pdr-free-x64.exe
1528	pdr-free-x64.tmp
836	experience.exe
1308	PowerDataRecovery.exe

Loads dropped DLL 58 IoCs

Processes:

pdr-free-online.exeOnlineInstall.exepdr-free-x64.exepdr-free-x64.tmpexperience.exePowerDataRecovery.exe

pid	process
1644	pdr-free-online.exe
1860	OnlineInstall.exe
1860	OnlineInstall.exe
1860	OnlineInstall.exe
1860	OnlineInstall.exe
1152	pdr-free-x64.exe
1528	pdr-free-x64.tmp
1528	pdr-free-x64.tmp
1528	pdr-free-x64.tmp
1236
1236
1236
1236
1528	pdr-free-x64.tmp
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
836	experience.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1236
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

PowerDataRecovery.exe

description ioc process

File opened for modification \??\PhysicalDrive0 PowerDataRecovery.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	PowerDataRecovery.exe

Drops file in Program Files directory 64 IoCs

Processes:

pdr-free-x64.tmpPowerDataRecovery.exe

description	ioc	process
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-KGDDM.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-JQ0C0.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-F5HBU.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\is-FCT85.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-E88S3.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\qtiff.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Core.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\msvcr120.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-SGKUU.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-81PD2.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-20768.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-M21DC.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\unins000.msg	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\log.txt	PowerDataRecovery.exe
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\qgif.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\iconengines\is-E5D6L.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\is-5MUMH.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\7-zip.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-O1MTH.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\ssleay32.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\qwebp.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-BENOI.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-0UU7P.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-Q8PRF.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\Innosetuplog.txt	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\iconengines\qsvgicon.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\libGLESV2.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-K3640.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-FH23T.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-EG9PI.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-RRAK8.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\resources\is-0KLFT.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-LTQTO.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-FSRIM.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-0JT1H.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-5BJFH.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\platforms\qwindows.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-JMA1A.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-9EAE7.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-QB603.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-A800T.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-CQ93D.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-EODF3.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-D4QPB.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-LGF8A.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Svg.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-E2D6H.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\is-EKD77.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-NBTVE.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-R20A7.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-70F4N.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-F321S.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\dbghelp.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Positioning.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-TJR07.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\RawObject.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-SBUC9.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-TJRPN.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-CMJ4U.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\qjpeg.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\bearer\qnativewifibearer.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-H1CRJ.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-R9T5F.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-BG4L0.tmp	pdr-free-x64.tmp

Drops file in Windows directory 1 IoCs

Processes:

PowerDataRecovery.exe

description ioc process

File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico PowerDataRecovery.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	PowerDataRecovery.exe

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PowerDataRecovery.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\10	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\12	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\18	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\24	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\54	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\32	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\41	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\48	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\50	PowerDataRecovery.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\16	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\31	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\47	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\43	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\57	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\63	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\58	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\59	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\61	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\9	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\29	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\40	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\42	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\53	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\8	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\26	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\34	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\35	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\33	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\49	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\52	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\60	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\62	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PowerDataRecovery.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\13	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\14	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\19	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\22	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\37	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\45	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\23	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\30	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\38	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\44	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\15	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\20	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\28	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\56	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\39	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\46	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\55	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\11	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\21	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\25	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\27	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\17	PowerDataRecovery.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeexperience.exepdr-free-x64.tmpIEXPLORE.EXEPowerDataRecovery.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	experience.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\PowerDataRecovery.exe = "11000"	pdr-free-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AE43BD3-D24C-11ED-9CB8-C227D5A71BE4}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\experience.exe = "11000"	pdr-free-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1AE43BD1-D24C-11ED-9CB8-C227D5A71BE4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	PowerDataRecovery.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	experience.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	pdr-free-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	experience.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

experience.exePowerDataRecovery.exe

pid process

836 experience.exe
1308 PowerDataRecovery.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

OnlineInstall.exepdr-free-x64.tmpPowerDataRecovery.exe

pid process

1860 OnlineInstall.exe
1528 pdr-free-x64.tmp
1528 pdr-free-x64.tmp
1308 PowerDataRecovery.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

PowerDataRecovery.exe

pid process

1308 PowerDataRecovery.exe

pid	process
1860	OnlineInstall.exe
1528	pdr-free-x64.tmp
1528	pdr-free-x64.tmp
1308	PowerDataRecovery.exe

pid	process
1308	PowerDataRecovery.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

PowerDataRecovery.exe

description	pid	process
Token: SeBackupPrivilege	1308	PowerDataRecovery.exe
Token: SeBackupPrivilege	1308	PowerDataRecovery.exe
Token: SeRestorePrivilege	1308	PowerDataRecovery.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

pdr-free-x64.tmpiexplore.exe

pid process

1528 pdr-free-x64.tmp
748 iexplore.exe

pid	process
1528	pdr-free-x64.tmp
748	iexplore.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

experience.exeiexplore.exeIEXPLORE.EXEPowerDataRecovery.exe

pid	process
836	experience.exe
836	experience.exe
836	experience.exe
748	iexplore.exe
748	iexplore.exe
860	IEXPLORE.EXE
860	IEXPLORE.EXE
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe
1308	PowerDataRecovery.exe

Suspicious use of WriteProcessMemory 37 IoCs

Processes:

pdr-free-online.exeOnlineInstall.exepdr-free-x64.exepdr-free-x64.tmpiexplore.exe

description	pid	process	target process
PID 1644 wrote to memory of 1860	1644	pdr-free-online.exe	OnlineInstall.exe
PID 1644 wrote to memory of 1860	1644	pdr-free-online.exe	OnlineInstall.exe
PID 1644 wrote to memory of 1860	1644	pdr-free-online.exe	OnlineInstall.exe
PID 1644 wrote to memory of 1860	1644	pdr-free-online.exe	OnlineInstall.exe
PID 1644 wrote to memory of 1860	1644	pdr-free-online.exe	OnlineInstall.exe
PID 1644 wrote to memory of 1860	1644	pdr-free-online.exe	OnlineInstall.exe
PID 1644 wrote to memory of 1860	1644	pdr-free-online.exe	OnlineInstall.exe
PID 1860 wrote to memory of 1152	1860	OnlineInstall.exe	pdr-free-x64.exe
PID 1860 wrote to memory of 1152	1860	OnlineInstall.exe	pdr-free-x64.exe
PID 1860 wrote to memory of 1152	1860	OnlineInstall.exe	pdr-free-x64.exe
PID 1860 wrote to memory of 1152	1860	OnlineInstall.exe	pdr-free-x64.exe
PID 1860 wrote to memory of 1152	1860	OnlineInstall.exe	pdr-free-x64.exe
PID 1860 wrote to memory of 1152	1860	OnlineInstall.exe	pdr-free-x64.exe
PID 1860 wrote to memory of 1152	1860	OnlineInstall.exe	pdr-free-x64.exe
PID 1152 wrote to memory of 1528	1152	pdr-free-x64.exe	pdr-free-x64.tmp
PID 1152 wrote to memory of 1528	1152	pdr-free-x64.exe	pdr-free-x64.tmp
PID 1152 wrote to memory of 1528	1152	pdr-free-x64.exe	pdr-free-x64.tmp
PID 1152 wrote to memory of 1528	1152	pdr-free-x64.exe	pdr-free-x64.tmp
PID 1152 wrote to memory of 1528	1152	pdr-free-x64.exe	pdr-free-x64.tmp
PID 1152 wrote to memory of 1528	1152	pdr-free-x64.exe	pdr-free-x64.tmp
PID 1152 wrote to memory of 1528	1152	pdr-free-x64.exe	pdr-free-x64.tmp
PID 1528 wrote to memory of 836	1528	pdr-free-x64.tmp	experience.exe
PID 1528 wrote to memory of 836	1528	pdr-free-x64.tmp	experience.exe
PID 1528 wrote to memory of 836	1528	pdr-free-x64.tmp	experience.exe
PID 1528 wrote to memory of 836	1528	pdr-free-x64.tmp	experience.exe
PID 1528 wrote to memory of 748	1528	pdr-free-x64.tmp	iexplore.exe
PID 1528 wrote to memory of 748	1528	pdr-free-x64.tmp	iexplore.exe
PID 1528 wrote to memory of 748	1528	pdr-free-x64.tmp	iexplore.exe
PID 1528 wrote to memory of 748	1528	pdr-free-x64.tmp	iexplore.exe
PID 748 wrote to memory of 860	748	iexplore.exe	IEXPLORE.EXE
PID 748 wrote to memory of 860	748	iexplore.exe	IEXPLORE.EXE
PID 748 wrote to memory of 860	748	iexplore.exe	IEXPLORE.EXE
PID 748 wrote to memory of 860	748	iexplore.exe	IEXPLORE.EXE
PID 1860 wrote to memory of 1308	1860	OnlineInstall.exe	PowerDataRecovery.exe
PID 1860 wrote to memory of 1308	1860	OnlineInstall.exe	PowerDataRecovery.exe
PID 1860 wrote to memory of 1308	1860	OnlineInstall.exe	PowerDataRecovery.exe
PID 1860 wrote to memory of 1308	1860	OnlineInstall.exe	PowerDataRecovery.exe

C:\Users\Admin\AppData\Local\Temp\pdr-free-online.exe
"C:\Users\Admin\AppData\Local\Temp\pdr-free-online.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1644

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1860

C:\Users\Admin\Downloads\pdr-free-x64.exe
"C:\Users\Admin\Downloads\pdr-free-x64.exe" /progress="C:\Users\Admin\AppData\Local\Temp\progress.txt" /VERYSILENT /LOG="C:\Program Files (x86)\MiniToolPowerDataRecovery\Innosetuplog.txt" /NORESTART /DIR="C:\Program Files (x86)\MiniToolPowerDataRecovery" /LANG=english /agreeImprove=1 /online
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1152

C:\Users\Admin\AppData\Local\Temp\is-DQHL4.tmp\pdr-free-x64.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DQHL4.tmp\pdr-free-x64.tmp" /SL5="$140156,45154291,301056,C:\Users\Admin\Downloads\pdr-free-x64.exe" /progress="C:\Users\Admin\AppData\Local\Temp\progress.txt" /VERYSILENT /LOG="C:\Program Files (x86)\MiniToolPowerDataRecovery\Innosetuplog.txt" /NORESTART /DIR="C:\Program Files (x86)\MiniToolPowerDataRecovery" /LANG=english /agreeImprove=1 /online
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1528

C:\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe
"C:\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe" http://tracking.minitool.com/pdr/installation.php?mt_lang=en&mt_edition=free&mt_ver=115
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:836

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.minitool.com/feedback/pdr/install-power-data-recovery.html?mt_lang=en&mt_edition=free&mt_ver=115
5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:748

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:748 CREDAT:275457 /prefetch:2
6⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:860

C:\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
"C:\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe"
3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MiniToolPowerDataRecovery\MSVCP120.dll
Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\MSVCR120.dll
Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Core.dll
Filesize
5.3MB

MD5
a7e479e3fb8c45b4b572a301588c0de0

SHA1
a254d7e90a27196a6e40b9daacc1f72748ccc155

SHA256
a71c5a226fbb4334353cc1d0f4abacba8a509f8544f286d352e1ec29c86c0742

SHA512
92c4303df4967d48a957d258dc2502eedd50a39c7d5d2120f69233f53d67dde13be7112309dd71c0ba9b005951e59a416c5139861522c73cfba3bd49e6b370ae

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Gui.dll
Filesize
5.7MB

MD5
89c68c9d29d7c527097eb4a1317f71ad

SHA1
58add7d0d991931ac92eb144e007894412ae570a

SHA256
be00d70e40813e1a8ae4715b8e3cdbfb6470dbffc7d591459bb4afc30e77f715

SHA512
bfe224dec896857ebe32e75e52823f821b3791312d9629d63b565e2cd12e1854aff5e66cc416555dfbe08887a6171dfb6393e9084a0adaa2ee3528aaf0e2617f

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Widgets.dll
Filesize
5.3MB

MD5
d654ed44099c61cf7ddc07dabeca28d3

SHA1
1acf0f22f3cb15585fe8ec97dad00eda8ac30d51

SHA256
3bc64a69dc06e7a12442c04225630ba57c779d6e9e4e1aff9f986c3e68883f27

SHA512
9012f71a8dd27c56b46b341c97a8ac964bdf399f1f9d8740763be34bc4d179db5bb4fbee153e715990a37c2b1391b2622bcacffe32756abfaceb45183bf7f0ea

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe
Filesize
253KB

MD5
8c5b514a3ae6a317399f4ee7cbc344d1

SHA1
937ec712ffdc6b27279f4b41b64886c29c8a1eb4

SHA256
ef40a5a019a3c381437374ae344a016398915dca23b7ab2db28c0908834b469b

SHA512
8046c099012d2a318a2c94594a96db3e73bd84ddca541bc0c29f1755af0cca7d3c64ebda3ccfccba9ec04a82878ffe89a174e585b534919e0f8db8e49e663eca

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\unins000.exe
Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\js[2].js
Filesize
221KB

MD5
7657000c3175133cf34dcb5d2cb67410

SHA1
dea3112de3a6306af928a8d326dad2a92fec34cb

SHA256
125367f3774598bcefb4a78efb2d91b77bd215133265bab6d7ebbd43117ea573

SHA512
cb2e776aa724c9a63bf0c8bd6c827e6a28e800267f7cfc4f32690ffb9dc6b60027321aa79f5c7f1f85e232e1dd6464c9d8155ff20a8049fcb9d79598b0736592

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe
Filesize
3.7MB

MD5
acd95bc2b8f21000b98f953f21f38791

SHA1
b5fbe22af3d46615dafd7150e11c45ecbe62fbb9

SHA256
014526bbaa2611ab1ee45d5fb480f5d1516a46d4381e3cc6feb9b305a3c53abe

SHA512
4b93dc5f1424679c1bcf39cd9672b9674ec387fda99d922d987b065ed954423d03c73a3260ebd8d937239ac6e1304e9cbd5c3be53cf8d18a4d8d0e6068391b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe
Filesize
3.7MB

MD5
acd95bc2b8f21000b98f953f21f38791

SHA1
b5fbe22af3d46615dafd7150e11c45ecbe62fbb9

SHA256
014526bbaa2611ab1ee45d5fb480f5d1516a46d4381e3cc6feb9b305a3c53abe

SHA512
4b93dc5f1424679c1bcf39cd9672b9674ec387fda99d922d987b065ed954423d03c73a3260ebd8d937239ac6e1304e9cbd5c3be53cf8d18a4d8d0e6068391b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Check_Selected.png
Filesize
1KB

MD5
6d116dccaac5056d7d1f4a593d5ac0db

SHA1
242a6a198c7e1e22bda176065cf0b26a276b6f72

SHA256
0946efee104652f084c6fb2f271b06fcdfb50de893d64cd4287cc8e64deced92

SHA512
037c4cb011492a27da3f7a6d2e7e75cabac8c58eca3607d57df248491b4786247c08a2f9ffd5fe49d3ef0b9f862b3ecb4a4783e04b1801c13935f271df224e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Close_Nomal.png
Filesize
1KB

MD5
99fcff2aca703823e083cb90a3192146

SHA1
376158f2e3e6c4f42e67415f180539d562bd27fb

SHA256
cbe96210dc6c28e21625c01db80e510152eecbf4ddbc75a30feeefb9ffa318ef

SHA512
86b51f428a34f7de88f8aa5268028c86dee41a894ec3704c7ba10c0c8f7ef065af9c18d8d1999c903c5aa062abb2910630477b3b11db02f33c6e77373cff3d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Config.ini
Filesize
427B

MD5
ed7078bf5a5d7a2a5a01763389066a04

SHA1
b86c9954cb0bb330d3dd22d85aaee1859c85e1ce

SHA256
d4e4f01a23e254d4c78db1b9840957b3aed0dcf444bdbccc7571997d55668b0a

SHA512
558448f4fa80ee21ffd6bf32b5dcab18f465a9cd826de0e98727bf9984498ceffd60fda8eb577ddedb7ebde3de1c6ebf166cab6e62cb2679331db593cc4d85f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\DownloadUI.xml
Filesize
11KB

MD5
5adef493e35de97bf278a573aafcafbf

SHA1
bc401770e4b09a14ad98f8054cfda37d47035aa7

SHA256
d8f2323aea9b999b3aeff5ad5846fe526119447abdb9b5c1de33628f85fd071f

SHA512
05f04856dd10665045447008e6cf5f130f072155cc566bc8874025acc3943666279c63eae7a330f0eaff723232c4c64ae0b68b78fcb8424fe7c6ea7dc4fb09b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_Pic1.png
Filesize
33KB

MD5
4dbaf66d473f122574ed13758d8e60b6

SHA1
634af21cb9ac0d5f0492b911cb832a183ddb9cd0

SHA256
348285cd7c16870481ce337142436452f3c644724ab5246a57914c7f20eff527

SHA512
f3029f361b7d7a9615daf8100940c93771b68e07068884cf28d6bdf258af9c128286891fd7a482f282da709276b21b41e64e834f1b45c848a0efbc1ee9db7605

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_Pic2.png
Filesize
37KB

MD5
3325f323e6df04ce3a6a2f2594943730

SHA1
80aa8625ae59575978afd9b0b8b7aff08476715d

SHA256
68dbfd83f88f67f163c9240cb00c141aa8e2334f846c13e4370b9b32634179d0

SHA512
a63b5eee0dbf1a6f4f4cc7d89e7cd9dcf9fd5e623a6cd058ec8509c01acd72f7954d23cbc5d453d38ea9fd56523ee98865b47c24df5c99bd60ee263f9ff0de2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_Pic3.png
Filesize
91KB

MD5
33c43e8e8d3192b6065303881e838850

SHA1
d078a3f71f26f28765ace3d29ba2626e4a27a476

SHA256
94d5acd2036d0b4dc040e6cda3a8552131c38425fd08295a4debc8f4bff8e47d

SHA512
0f0b18648745eb9a597ccf153ea0176d689f2246e8be433969b44dc8b9c7d010f7294e84999a45679b766c49bad18531416db4f589bc1dac580473b0441f374e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_SubUI.xml
Filesize
1KB

MD5
9f811e49c25c095d3710ce2a2c726ecc

SHA1
2fe09b749a6109aa58e4f14e936ad9bfd1fc727a

SHA256
6fb7b310c0673be802156ebb19a44f8a841654d99f56c8d03444c159a0a486d9

SHA512
5430dfbff533ce804f03ca31bc7fee71576f48844cb78eb4639628ea6fa6d51ecb53b50199db967abb855ca1e2a7afe92a770029a355c9b56b6296d31f40b42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Dropdown_Nomal.png
Filesize
1KB

MD5
79a297af3cc5d3501558bfc2344f250a

SHA1
7cae747038212afaf6ac69ae57e99cdf9a7ee97d

SHA256
0f8ed5fdb53a8895e0159855268e0b8bb084766473ceb3ced8b96209844e359f

SHA512
e5e4a5feb042725564885be76d8a6bf7d1e68fcd8734822c8f5b5653f1cef9065dfa7d07e57df24332a95567020bb9135ae2233b9d7fbe0a6caa4cd5691b0c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Installnow_hot.png
Filesize
1KB

MD5
c897aced408ce92278f3ca7b506e8661

SHA1
2af7822dda6e2df6a4260fa482e5393ff2cd1cbf

SHA256
9b796444a10eb0454d7b5a31ec5f8fa2e5261386d569c032ec163cae89659e26

SHA512
6fd9ba6e27be168ef1a66e8ab5b7fd174f975f48e84e84d75de908058d51425c04ab70d539653d7b20a8bf79820e30e75131f4d20db43e586585e6074ef18716

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Installnow_nomal.png
Filesize
1KB

MD5
5a02fb88141286b03e5c96bfab807c11

SHA1
4639a647d31d267cf08f4d3e92d62e61749ca1fa

SHA256
7a668d959b0c980edb8fa1b1a359e881f7865a4ec78f879afb2460f99c45367c

SHA512
f6d8b34e7c60ec8ad8d43b6cdb449dd608d29efd2abe377b2439e8fbdb70b72b048948fb17a65dd8b4469c2c65bbfb2e7c583cb880441e26a0d41b14f1e27c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Installnow_selected.png
Filesize
1KB

MD5
eaad4ec876e6acf007ddbe287c4e85ed

SHA1
6fc8faada1480888ec3f3aead9a63057172a3be5

SHA256
18760948ae9aeb7ffe9155a03df8ee84867923fab85cbdce450774149940d724

SHA512
223be241cbcf871d867696e3de353c31170197a5ad61dc3ca9d8d5363ec915179da8e9e3ac189f16eacf18fa31fd885d73a03f127a3415c3c6f12134e1f839f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Language.ini
Filesize
158B

MD5
744e81128518f39cc8340538760560fd

SHA1
24feea905d4369015bcdd0520f613794b2d8a2d9

SHA256
6b4e7667e8b84e680ebdacf2e711381cf2eba5b32de3c1080b423534080ff3fc

SHA512
b5ab1886142327dfb0399bec273c22563da6690bf8e0c4c7cd03be4d9ec86ad082164a3c473c5df3a820b58c27c70b4e6743ff8ad1b32d1b92465970348ce3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Main.png
Filesize
24KB

MD5
8153f9a62b01c741674d040a7f683a9b

SHA1
3a15d8bd17162877640f359e12425e0f8acbaf6d

SHA256
87bac2a006645790930419ac06287d450dcebf8d5ebe3edc349f27fcaa5b2943

SHA512
b9bfa18dafae1cd69c3382c40230090c8936e8715449a7b2e9da9687de940ba4f51e43b52b3f2cccc99cb59e8d94f398737c6f90526051725b8e827d1b783ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\MainUI.xml
Filesize
9KB

MD5
c0162b75ce5a6f74926d55f3ea013d73

SHA1
966a81b06a67dc03f036060fb6518c0d75c7a035

SHA256
0d911063529f8ad80f4ede366081bd731e925021bed369a0b20c05f182a4e676

SHA512
b79cf704efac5c73797538915d086e3489579142c7f34349486e8723eba537f815642c7233a762b7e30bef9fa6543e318730ed713522620769273535b8792239

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Min_Nomal.png
Filesize
1KB

MD5
cec7303d0563442f004e14ee00e7c266

SHA1
9933da818587ed882c93c5812847a89a624ff883

SHA256
7f684e9916e99e872a42a8b334f83c41fb3610b93a666faec7eba034e689319f

SHA512
af33dd3905b24a9f23a726ce32684970358b4000ad3b7e74a29dcbce1456b00ea5d3953d3fde13feca3c28cef0b34d64b08e08717d290aa387228bef6359ca4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Offlinedownload_Hot.png
Filesize
1KB

MD5
cc19eb652aa30fb158de18ac13486e2d

SHA1
4e2d504fd872d4359d19d3443423eccb85168686

SHA256
b83c7ddc7f1f75b1a91ee34403b941f09113cd4687b870c478b74f78f6825182

SHA512
3f1abcc16ba401eb91f6bc8c71e50401635add811ea8ce13cca8e9400901c4118257bd151a1cd77075cb8197f66e7f7dbf68c196389f4e61854b0ea66f2806ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Offlinedownload_Nomal.png
Filesize
1KB

MD5
73478a1ebb457fabbf3de6a0f9907029

SHA1
5762c8de76330a6a955306e10763f0b9443e7fab

SHA256
3f24ce32c8a0a1a5ba2f739269bf8e4b2ff9e37a8c265b70e5b2ea8157be5790

SHA512
a02f24f1efa0da275dbca33d84a1565e2d71f4693a77620438b5a838b4a8058fc648c9c2ca38ca2554ef780bd7476eb00e89c9d8134e070b173a0e95cb2ccb15

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\START_NOW_Hot.png
Filesize
1KB

MD5
df9a1e7c3d40b443f635e99fc5d3a7b5

SHA1
fc94156caced796613b897ef736d3d462aefbe66

SHA256
9907fd8beea3575e1113bd1f4a31704834423e668cae8868b134939e384f587f

SHA512
3cb901525dfe92e8fb32a9136aa2c3841a4f7373e2c01d8e3786d981f4864b79fd39a9212037aae6af2289c37c2929638695cc62f4abfc2ab821262c02d4ec3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\START_NOW_Nomal.png
Filesize
1KB

MD5
fad8b57435177bd5eb7b322b7fb7cf79

SHA1
9c72c40041bd62ea22a2921ad827b6a331d2ac10

SHA256
21a0efc12471ff02da1fb12e6cbedf32e256a22140307935ec9fcd5f67d872a1

SHA512
c44bcb2d4527ec024acd1f33c4b560be5808bda9633b0cbb1240334c53c0083a703d3b61392ac948a9e3cf0ffa37da34bce89d841c5f0c2127ca0df708547a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\START_NOW_Selected.png
Filesize
1KB

MD5
75694871ccee557089379161181981fd

SHA1
09c879685d92d3b097386130e578983207c08cbf

SHA256
aee7b56a49827654993460635b136e0de03968600c73eac2bcbd4b3754620683

SHA512
d7f73bd425061629c9f01c60b5fc78cf3b42de35e45ec02ca6379ca25520aafba9d0bb88723a8610a15d4d1d8f033e5ac5a8505a37801330b05a334a59e68ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Sub_Close_Nomal.png
Filesize
1KB

MD5
fcc0c32c21a402e1cd65aaa77ab64581

SHA1
0fb078d396534b4b257bc910bb9f251e0d41b0ea

SHA256
668920e35d57571aac5ab009740662e39f830dada1db5fddcce3b8a693b9105a

SHA512
2de7306dedc2f058eedb4eefe122a34d0478c68cf0416f7a4cf7df62b7b3bfa96ebf6c7e3688ef99da36a223c7abdefb724616e78a2914fc73cc439f8f7a8b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\WarnUI.xml
Filesize
2KB

MD5
049ad9e4a494a578ff8d17a19baae622

SHA1
0f73e765a9cd793ca0d9e30580ec164ab23a7dee

SHA256
091b9e77050c07600b9996b62762b32a627204f24edd849125ff1d937d91012f

SHA512
1a712f2b111b32e488fda8779f96db0ac5816bc73a7496f1e3f7a3959ea0773fe3a0a9468b3e8fb756c9ccc39deec6e31913dd27bd76fc9cc4718cadc61f4649

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\inquiry.png
Filesize
2KB

MD5
3ae508b7f2ae96bd15db1ac95b8f9b11

SHA1
590dc0996789f3b015978567a03380743b21e2ee

SHA256
093328c46674b9871bb42b51b4bf85cf17c230a6fd1eafed30f4cfaff1e6bbfb

SHA512
06d9594bf37431ff6af4fda57fa7d802a011387369f638c2c3813bbb1098ade58206f83ac7293f9638c49bab5f92091e09691bf9991052fdb455ffe45380f69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\pro1.png
Filesize
1019B

MD5
cb08c0b8de0d0d24211f11ead4d56766

SHA1
01ea0820df1ec081755ab7d7fb30681722b876d9

SHA256
3e3ea167ca42350f96f379c4ee628abe4ab09bbd8f9bd00de4cff1dc9ca62eee

SHA512
e10c72cf708f41a7a43542df50f54f0f6338dea62893af3798ba346f9091884f84f2806ae1a408f74174df6e94d4331c9107160bfdd49cf4fd64424252da079d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\pro2.png
Filesize
1KB

MD5
a7b631b24b7209528e29931625ce6417

SHA1
051ce0d551a041b87f776af6c59745500da718e5

SHA256
a8e2e387664d507b38fec7b614bf35d863b70253c743a2475d69e468c19b35ae

SHA512
05acfeed0f37b8f8c00eee44c479dc9403e39ce9df29ee1b0ed3e64fbed7265e461d92acd0512d12c337e53d2d297520b4acd596c163c9882677d8f08941cfa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8F55.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8F77.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DQHL4.tmp\pdr-free-x64.tmp
Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DQHL4.tmp\pdr-free-x64.tmp
Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
aab3238922bcc25a6f606eb525ffdc56

SHA1
fa35e192121eabf3dabf9f5ea6abdbcbc107ac3b

SHA256
8527a891e224136950ff32ca212b45bc93f69fbb801c3b1ebedac52775f99e61

SHA512
5f3a799ba20c20a225f75d4fe2acab79912dfcd2f2b333bf062b37acbb6463388c344430d5ba1e9fd318d3ed8263074e999e2b2e811bc51c5e2dfea4e2f32e58

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
1ff1de774005f8da13f42943881c655f

SHA1
4d134bc072212ace2df385dae143139da74ec0ef

SHA256
c2356069e9d1e79ca924378153cfbbfb4d4416b1f99d41a2940bfdb66c5319db

SHA512
c0033b5f5a4815a172984d64037dd49a8663fb8b3a71e47f11ecd332c8c3819c57e1631fdf46d66c6ff0e58763a61529fefcfa2a6675e186ee901e5452fedd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
1c383cd30b7c298ab50293adfecb7b18

SHA1
972a67c48192728a34979d9a35164c1295401b71

SHA256
9f14025af0065b30e47e23ebb3b491d39ae8ed17d33739e5ff3827ffb3634953

SHA512
7a4f07ef7ac81ec31e04d55faffe33bdde93ec2398c338760e0d98adab7ba5acf2c39b2da1782f45e8a5a4d337dedcc647afebddd531782af42bafae98ce7ed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
f457c545a9ded88f18ecee47145a72c0

SHA1
2e01e17467891f7c933dbaa00e1459d23db3fe4f

SHA256
0e17daca5f3e175f448bacace3bc0da47d0655a74c8dd0dc497a3afbdad95f1f

SHA512
d7901dac15fda6c4d45a19f8057bde312161d25520c32e96565b96460fc609054808b4ea6f65e6e6bb987f2e19f51ae0ed849dafaaed30739dd2cc67074b4d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
fc490ca45c00b1249bbe3554a4fdf6fb

SHA1
2a459380709e2fe4ac2dae5733c73225ff6cfee1

SHA256
108c995b953c8a35561103e2014cf828eb654a99e310f87fab94c2f4b7d2a04f

SHA512
ac7ee5c6be94adc321477d6cd10c8d156d1b521fc8fbb8557e78667b4182f428a2d1e4fcc89b460e1c1f5b08d8539b9c5c0e5e357cd605d9687fb0687ff63b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
35f4a8d465e6e1edc05f3d8ab658c551

SHA1
eb4ac3033e8ab3591e0fcefa8c26ce3fd36d5a0f

SHA256
349c41201b62db851192665c504b350ff98c6b45fb62a8a2161f78b6534d8de9

SHA512
487aa97588681f77efd212a31b59c45d0871f4064eb170ed995bbe47bfb6f45b2ed4fba770668bdc6d5a46a9a689625d4bc86612dceb617560d2c7957a264125

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
2a38a4a9316c49e5a833517c45d31070

SHA1
b37f6ddcefad7e8657837d3177f9ef2462f98acf

SHA256
8b940be7fb78aaa6b6567dd7a3987996947460df1c668e698eb92ca77e425349

SHA512
bb90b23776dfde3333f63a924ebd2a039d80fc9280a7d1e9418529ced428930b69a95d55c4d9238f30b73789b4ebe0356bb9b8707025e3c527ca34825a160e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
2B

MD5
f4b9ec30ad9f68f89b29639786cb62ef

SHA1
215bb47da8fac3342b858ac3db09b033c6c46e0b

SHA256
e3d6c4d4599e00882384ca981ee287ed961fa5f3828e2adb5e9ea890ab0d0525

SHA512
85eb108b7e36af2b00ba3e0bc2e2ece782fbf86ef4946df5f91b8ddd978a559f4a6e4f8896b4dc7deb1ba22703ffc5dcefb650c54c60bc8d98b2411a5c2191f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt
Filesize
3B

MD5
f899139df5e1059396431415e770c6dd

SHA1
310b86e0b62b828562fc91c7be5380a992b2786a

SHA256
ad57366865126e55649ecb23ae1d48887544976efea46a48eb5d85a6eeb4d306

SHA512
643c30f73a3017050b287794fc8c5bb9ab06b9ce38a1fc58df402a8b66ff58f69bf0a606ae17585352a0306f0e9752de8c5c064aed7003f52808b43ff992a603

Download Submit
C:\Users\Admin\Downloads\pdr-free-x64.exe
Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
C:\Users\Admin\Downloads\pdr-free-x64.exe
Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
C:\Users\Admin\Downloads\pdr-free-x64.exe
Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Core.dll
Filesize
5.3MB

MD5
a7e479e3fb8c45b4b572a301588c0de0

SHA1
a254d7e90a27196a6e40b9daacc1f72748ccc155

SHA256
a71c5a226fbb4334353cc1d0f4abacba8a509f8544f286d352e1ec29c86c0742

SHA512
92c4303df4967d48a957d258dc2502eedd50a39c7d5d2120f69233f53d67dde13be7112309dd71c0ba9b005951e59a416c5139861522c73cfba3bd49e6b370ae

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Gui.dll
Filesize
5.7MB

MD5
89c68c9d29d7c527097eb4a1317f71ad

SHA1
58add7d0d991931ac92eb144e007894412ae570a

SHA256
be00d70e40813e1a8ae4715b8e3cdbfb6470dbffc7d591459bb4afc30e77f715

SHA512
bfe224dec896857ebe32e75e52823f821b3791312d9629d63b565e2cd12e1854aff5e66cc416555dfbe08887a6171dfb6393e9084a0adaa2ee3528aaf0e2617f

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Widgets.dll
Filesize
5.3MB

MD5
d654ed44099c61cf7ddc07dabeca28d3

SHA1
1acf0f22f3cb15585fe8ec97dad00eda8ac30d51

SHA256
3bc64a69dc06e7a12442c04225630ba57c779d6e9e4e1aff9f986c3e68883f27

SHA512
9012f71a8dd27c56b46b341c97a8ac964bdf399f1f9d8740763be34bc4d179db5bb4fbee153e715990a37c2b1391b2622bcacffe32756abfaceb45183bf7f0ea

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe
Filesize
253KB

MD5
8c5b514a3ae6a317399f4ee7cbc344d1

SHA1
937ec712ffdc6b27279f4b41b64886c29c8a1eb4

SHA256
ef40a5a019a3c381437374ae344a016398915dca23b7ab2db28c0908834b469b

SHA512
8046c099012d2a318a2c94594a96db3e73bd84ddca541bc0c29f1755af0cca7d3c64ebda3ccfccba9ec04a82878ffe89a174e585b534919e0f8db8e49e663eca

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\msvcp120.dll
Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe
Filesize
3.7MB

MD5
acd95bc2b8f21000b98f953f21f38791

SHA1
b5fbe22af3d46615dafd7150e11c45ecbe62fbb9

SHA256
014526bbaa2611ab1ee45d5fb480f5d1516a46d4381e3cc6feb9b305a3c53abe

SHA512
4b93dc5f1424679c1bcf39cd9672b9674ec387fda99d922d987b065ed954423d03c73a3260ebd8d937239ac6e1304e9cbd5c3be53cf8d18a4d8d0e6068391b62

Download Submit
\Users\Admin\AppData\Local\Temp\is-DQHL4.tmp\pdr-free-x64.tmp
Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
\Users\Admin\AppData\Local\Temp\is-JNBR8.tmp\innocallback.dll
Filesize
71KB

MD5
620a17c7645622184f9ab49752f69976

SHA1
428c45a7adfe271326cd036b35b91da1177e5510

SHA256
1fc556924686e9f0c762a95a2fcdc297c46c6ee15cd2bfd0bab9a53bfbc00dd3

SHA512
9909e307bef504b3b16f6f79f8a5fd4a9f5543b560811a14b9f8a23bf83a170820e1616092fcd1b1e1d62e0db233e328cf0ef4428b242db6f44088e2fd167fc3

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe
Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe
Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe
Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe
Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
memory/836-570-0x0000000072E70000-0x00000000733BA000-memory.dmp

Filesize
5.3MB

Download
memory/1152-226-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1152-321-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1152-575-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1308-642-0x000000013F190000-0x000000013F821000-memory.dmp

Filesize
6.6MB

Download
memory/1528-239-0x0000000002D90000-0x0000000002DA5000-memory.dmp

Filesize
84KB

Download
memory/1528-574-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1528-236-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download