91c7c3e1ac15cb9d320a6386e43e77ca7473ba3db708f45776869d85bbde3adc

Analysis

max time kernel
719s
max time network
716s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28/05/2023, 01:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pdr-free-online.exe
Size

2.2MB
MD5

8e938b9dc68c347110e57a8086662bd5
SHA1

33e65b0ea45bc0496897288a37ef2492c69307d1
SHA256

91c7c3e1ac15cb9d320a6386e43e77ca7473ba3db708f45776869d85bbde3adc
SHA512

28fd1371638c108c77bbf7bd189c09a8eee53e4c40957748ddaf02eb4a1b40ad824ea94b170e8ed50d5a40c6d3656a12347d67837221eb23d56c4f0f0cfa0ac1
SSDEEP

49152:9tJEra8kaXpfLZyTiikVd4vSq8Fk5M76LPDgTSjZShK:9tc9kOpfLZyTyuvzZi6LPDgeZShK

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	PowerDataRecovery.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	PowerDataRecovery.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	PowerDataRecovery.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-MQD4T.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-GU66F.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-VB1F4.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\unins000.dat	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\dbghelp.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\opengl32sw.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-9E5B0.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-QNN0K.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-MNAUA.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-JUDQG.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-7PFMP.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-09A6A.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\msvcr120.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-RQBEE.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-3SC2Q.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\fvformatsupport.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-QVR41.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-1RJRD.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-P7SAA.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-C9RUL.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\position\qtposition_positionpoll.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\qicns.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-4NR34.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Svg.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-E4S7D.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-VUN72.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-8Q791.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-58Q7D.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-7E32O.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\position\is-JF13C.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-BJEG3.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\QtWebEngineProcess.exe	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\qico.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\position\qtposition_serialnmea.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\is-KMJK1.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-GF5CM.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-40JVH.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\bearer\is-CHP9E.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\is-MDV1E.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\is-NAKJ3.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-M2J6T.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-R4MTI.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\qtiff.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\bearer\qgenericbearer.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\libeay32.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-OR8AE.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\lang.ini	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\is-1R9CF.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\resources\is-2EMIH.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\resources\is-6K816.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-PBSPJ.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-GJA4V.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\iconengines\qsvgicon.dll	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\unins000.dat	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-T6RQ3.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-KAH2I.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\unins000.msg	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\imageformats\is-Q7E05.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-Q7O3H.tmp	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\translations\qtwebengine_locales\is-3G6GC.tmp	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecoveryCore.dll	pdr-free-x64.tmp
File opened for modification	C:\Program Files (x86)\MiniToolPowerDataRecovery\7z.exe	pdr-free-x64.tmp
File created	C:\Program Files (x86)\MiniToolPowerDataRecovery\is-CH9PT.tmp	pdr-free-x64.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	PowerDataRecovery.exe

Executes dropped EXE 5 IoCs

pid	Process
1736	OnlineInstall.exe
944	pdr-free-x64.exe
1656	pdr-free-x64.tmp
1768	experience.exe
1272	PowerDataRecovery.exe

Loads dropped DLL 58 IoCs

pid	Process
1380	pdr-free-online.exe
1736	OnlineInstall.exe
1736	OnlineInstall.exe
1736	OnlineInstall.exe
1736	OnlineInstall.exe
944	pdr-free-x64.exe
1656	pdr-free-x64.tmp
1656	pdr-free-x64.tmp
1656	pdr-free-x64.tmp
1264	Process not Found
1264	Process not Found
1264	Process not Found
1264	Process not Found
1656	pdr-free-x64.tmp
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1768	experience.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1264	Process not Found
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\15	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\32	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\34	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\49	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\13	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\19	PowerDataRecovery.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\16	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\23	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\40	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\28	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\24	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\31	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\57	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\62	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\14	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\20	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\39	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\46	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\58	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\8	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\10	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\45	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\60	PowerDataRecovery.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\12	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\37	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\47	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\48	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\53	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\17	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\44	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\63	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\9	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\26	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\33	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\35	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\38	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\18	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\52	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\54	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\61	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\30	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\42	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\11	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\50	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\51	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\55	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\56	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\59	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\21	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\22	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\25	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\27	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\36	PowerDataRecovery.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\29	PowerDataRecovery.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	experience.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	pdr-free-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	PowerDataRecovery.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	PowerDataRecovery.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	PowerDataRecovery.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7109BB1-FD05-11ED-8F8B-F2E58DC6BB35} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\experience.exe = "11000"	pdr-free-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	experience.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	experience.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\PowerDataRecovery.exe = "11000"	pdr-free-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1768	experience.exe
1272	PowerDataRecovery.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1736	OnlineInstall.exe
1656	pdr-free-x64.tmp
1656	pdr-free-x64.tmp
1272	PowerDataRecovery.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1272	PowerDataRecovery.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	1272	PowerDataRecovery.exe
Token: SeBackupPrivilege	1272	PowerDataRecovery.exe
Token: SeRestorePrivilege	1272	PowerDataRecovery.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1736	OnlineInstall.exe
1656	pdr-free-x64.tmp
584	iexplore.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
1768	experience.exe
1768	experience.exe
1768	experience.exe
584	iexplore.exe
584	iexplore.exe
1120	IEXPLORE.EXE
1120	IEXPLORE.EXE
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe
1272	PowerDataRecovery.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1736	1380	pdr-free-online.exe	28
PID 1380 wrote to memory of 1736	1380	pdr-free-online.exe	28
PID 1380 wrote to memory of 1736	1380	pdr-free-online.exe	28
PID 1380 wrote to memory of 1736	1380	pdr-free-online.exe	28
PID 1380 wrote to memory of 1736	1380	pdr-free-online.exe	28
PID 1380 wrote to memory of 1736	1380	pdr-free-online.exe	28
PID 1380 wrote to memory of 1736	1380	pdr-free-online.exe	28
PID 1736 wrote to memory of 944	1736	OnlineInstall.exe	29
PID 1736 wrote to memory of 944	1736	OnlineInstall.exe	29
PID 1736 wrote to memory of 944	1736	OnlineInstall.exe	29
PID 1736 wrote to memory of 944	1736	OnlineInstall.exe	29
PID 1736 wrote to memory of 944	1736	OnlineInstall.exe	29
PID 1736 wrote to memory of 944	1736	OnlineInstall.exe	29
PID 1736 wrote to memory of 944	1736	OnlineInstall.exe	29
PID 944 wrote to memory of 1656	944	pdr-free-x64.exe	30
PID 944 wrote to memory of 1656	944	pdr-free-x64.exe	30
PID 944 wrote to memory of 1656	944	pdr-free-x64.exe	30
PID 944 wrote to memory of 1656	944	pdr-free-x64.exe	30
PID 944 wrote to memory of 1656	944	pdr-free-x64.exe	30
PID 944 wrote to memory of 1656	944	pdr-free-x64.exe	30
PID 944 wrote to memory of 1656	944	pdr-free-x64.exe	30
PID 1656 wrote to memory of 1768	1656	pdr-free-x64.tmp	31
PID 1656 wrote to memory of 1768	1656	pdr-free-x64.tmp	31
PID 1656 wrote to memory of 1768	1656	pdr-free-x64.tmp	31
PID 1656 wrote to memory of 1768	1656	pdr-free-x64.tmp	31
PID 1656 wrote to memory of 584	1656	pdr-free-x64.tmp	34
PID 1656 wrote to memory of 584	1656	pdr-free-x64.tmp	34
PID 1656 wrote to memory of 584	1656	pdr-free-x64.tmp	34
PID 1656 wrote to memory of 584	1656	pdr-free-x64.tmp	34
PID 584 wrote to memory of 1120	584	iexplore.exe	35
PID 584 wrote to memory of 1120	584	iexplore.exe	35
PID 584 wrote to memory of 1120	584	iexplore.exe	35
PID 584 wrote to memory of 1120	584	iexplore.exe	35
PID 1736 wrote to memory of 1272	1736	OnlineInstall.exe	37
PID 1736 wrote to memory of 1272	1736	OnlineInstall.exe	37
PID 1736 wrote to memory of 1272	1736	OnlineInstall.exe	37
PID 1736 wrote to memory of 1272	1736	OnlineInstall.exe	37

C:\Users\Admin\AppData\Local\Temp\pdr-free-online.exe
"C:\Users\Admin\AppData\Local\Temp\pdr-free-online.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Users\Admin\Downloads\pdr-free-x64.exe
    "C:\Users\Admin\Downloads\pdr-free-x64.exe" /progress="C:\Users\Admin\AppData\Local\Temp\progress.txt" /VERYSILENT /LOG="C:\Program Files (x86)\MiniToolPowerDataRecovery\Innosetuplog.txt" /NORESTART /DIR="C:\Program Files (x86)\MiniToolPowerDataRecovery" /LANG=english /agreeImprove=1 /online
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\is-8A1H7.tmp\pdr-free-x64.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8A1H7.tmp\pdr-free-x64.tmp" /SL5="$5010A,45154291,301056,C:\Users\Admin\Downloads\pdr-free-x64.exe" /progress="C:\Users\Admin\AppData\Local\Temp\progress.txt" /VERYSILENT /LOG="C:\Program Files (x86)\MiniToolPowerDataRecovery\Innosetuplog.txt" /NORESTART /DIR="C:\Program Files (x86)\MiniToolPowerDataRecovery" /LANG=english /agreeImprove=1 /online
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Modifies Internet Explorer settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:1656
    - - C:\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe
        
        "C:\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe" http://tracking.minitool.com/pdr/installation.php?mt_lang=en&mt_edition=free&mt_ver=115
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies Internet Explorer settings
        Suspicious behavior: AddClipboardFormatListener
        Suspicious use of SetWindowsHookEx
        
        PID:1768
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.minitool.com/feedback/pdr/install-power-data-recovery.html?mt_lang=en&mt_edition=free&mt_ver=115
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:584
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:275457 /prefetch:2
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1120
- - C:\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe
    "C:\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe"
    3⤵
    - Checks BIOS information in registry
    - Writes to the Master Boot Record (MBR)
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1272

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MiniToolPowerDataRecovery\MSVCP120.dll

Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe

Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Core.dll

Filesize
5.3MB

MD5
a7e479e3fb8c45b4b572a301588c0de0

SHA1
a254d7e90a27196a6e40b9daacc1f72748ccc155

SHA256
a71c5a226fbb4334353cc1d0f4abacba8a509f8544f286d352e1ec29c86c0742

SHA512
92c4303df4967d48a957d258dc2502eedd50a39c7d5d2120f69233f53d67dde13be7112309dd71c0ba9b005951e59a416c5139861522c73cfba3bd49e6b370ae

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Gui.dll

Filesize
5.7MB

MD5
89c68c9d29d7c527097eb4a1317f71ad

SHA1
58add7d0d991931ac92eb144e007894412ae570a

SHA256
be00d70e40813e1a8ae4715b8e3cdbfb6470dbffc7d591459bb4afc30e77f715

SHA512
bfe224dec896857ebe32e75e52823f821b3791312d9629d63b565e2cd12e1854aff5e66cc416555dfbe08887a6171dfb6393e9084a0adaa2ee3528aaf0e2617f

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Widgets.dll

Filesize
5.3MB

MD5
d654ed44099c61cf7ddc07dabeca28d3

SHA1
1acf0f22f3cb15585fe8ec97dad00eda8ac30d51

SHA256
3bc64a69dc06e7a12442c04225630ba57c779d6e9e4e1aff9f986c3e68883f27

SHA512
9012f71a8dd27c56b46b341c97a8ac964bdf399f1f9d8740763be34bc4d179db5bb4fbee153e715990a37c2b1391b2622bcacffe32756abfaceb45183bf7f0ea

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe

Filesize
253KB

MD5
8c5b514a3ae6a317399f4ee7cbc344d1

SHA1
937ec712ffdc6b27279f4b41b64886c29c8a1eb4

SHA256
ef40a5a019a3c381437374ae344a016398915dca23b7ab2db28c0908834b469b

SHA512
8046c099012d2a318a2c94594a96db3e73bd84ddca541bc0c29f1755af0cca7d3c64ebda3ccfccba9ec04a82878ffe89a174e585b534919e0f8db8e49e663eca

Download Submit
C:\Program Files (x86)\MiniToolPowerDataRecovery\unins000.exe

Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\js[2].js

Filesize
224KB

MD5
074afc43b9d2cf7f2527e9b56804c462

SHA1
96ec16e6682e791b12f8511e0b9c3369109e1bed

SHA256
530445c6856882b239117d40a55dcef30cb18e9614499bcb6b45f8e055b2b505

SHA512
1df03cf03afeec6781c9865126106a6d4b870f016f9269084605c0b6e292b11dd2e244813ac55d5be7d9aed42ba0621ec546586a939ac0c56eceb19310223c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe

Filesize
3.7MB

MD5
acd95bc2b8f21000b98f953f21f38791

SHA1
b5fbe22af3d46615dafd7150e11c45ecbe62fbb9

SHA256
014526bbaa2611ab1ee45d5fb480f5d1516a46d4381e3cc6feb9b305a3c53abe

SHA512
4b93dc5f1424679c1bcf39cd9672b9674ec387fda99d922d987b065ed954423d03c73a3260ebd8d937239ac6e1304e9cbd5c3be53cf8d18a4d8d0e6068391b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe

Filesize
3.7MB

MD5
acd95bc2b8f21000b98f953f21f38791

SHA1
b5fbe22af3d46615dafd7150e11c45ecbe62fbb9

SHA256
014526bbaa2611ab1ee45d5fb480f5d1516a46d4381e3cc6feb9b305a3c53abe

SHA512
4b93dc5f1424679c1bcf39cd9672b9674ec387fda99d922d987b065ed954423d03c73a3260ebd8d937239ac6e1304e9cbd5c3be53cf8d18a4d8d0e6068391b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Check_Selected.png

Filesize
1KB

MD5
6d116dccaac5056d7d1f4a593d5ac0db

SHA1
242a6a198c7e1e22bda176065cf0b26a276b6f72

SHA256
0946efee104652f084c6fb2f271b06fcdfb50de893d64cd4287cc8e64deced92

SHA512
037c4cb011492a27da3f7a6d2e7e75cabac8c58eca3607d57df248491b4786247c08a2f9ffd5fe49d3ef0b9f862b3ecb4a4783e04b1801c13935f271df224e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Close_Nomal.png

Filesize
1KB

MD5
99fcff2aca703823e083cb90a3192146

SHA1
376158f2e3e6c4f42e67415f180539d562bd27fb

SHA256
cbe96210dc6c28e21625c01db80e510152eecbf4ddbc75a30feeefb9ffa318ef

SHA512
86b51f428a34f7de88f8aa5268028c86dee41a894ec3704c7ba10c0c8f7ef065af9c18d8d1999c903c5aa062abb2910630477b3b11db02f33c6e77373cff3d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Config.ini

Filesize
427B

MD5
ed7078bf5a5d7a2a5a01763389066a04

SHA1
b86c9954cb0bb330d3dd22d85aaee1859c85e1ce

SHA256
d4e4f01a23e254d4c78db1b9840957b3aed0dcf444bdbccc7571997d55668b0a

SHA512
558448f4fa80ee21ffd6bf32b5dcab18f465a9cd826de0e98727bf9984498ceffd60fda8eb577ddedb7ebde3de1c6ebf166cab6e62cb2679331db593cc4d85f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\DownloadUI.xml

Filesize
11KB

MD5
5adef493e35de97bf278a573aafcafbf

SHA1
bc401770e4b09a14ad98f8054cfda37d47035aa7

SHA256
d8f2323aea9b999b3aeff5ad5846fe526119447abdb9b5c1de33628f85fd071f

SHA512
05f04856dd10665045447008e6cf5f130f072155cc566bc8874025acc3943666279c63eae7a330f0eaff723232c4c64ae0b68b78fcb8424fe7c6ea7dc4fb09b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_Pic1.png

Filesize
33KB

MD5
4dbaf66d473f122574ed13758d8e60b6

SHA1
634af21cb9ac0d5f0492b911cb832a183ddb9cd0

SHA256
348285cd7c16870481ce337142436452f3c644724ab5246a57914c7f20eff527

SHA512
f3029f361b7d7a9615daf8100940c93771b68e07068884cf28d6bdf258af9c128286891fd7a482f282da709276b21b41e64e834f1b45c848a0efbc1ee9db7605

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_Pic2.png

Filesize
37KB

MD5
3325f323e6df04ce3a6a2f2594943730

SHA1
80aa8625ae59575978afd9b0b8b7aff08476715d

SHA256
68dbfd83f88f67f163c9240cb00c141aa8e2334f846c13e4370b9b32634179d0

SHA512
a63b5eee0dbf1a6f4f4cc7d89e7cd9dcf9fd5e623a6cd058ec8509c01acd72f7954d23cbc5d453d38ea9fd56523ee98865b47c24df5c99bd60ee263f9ff0de2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_Pic3.png

Filesize
91KB

MD5
33c43e8e8d3192b6065303881e838850

SHA1
d078a3f71f26f28765ace3d29ba2626e4a27a476

SHA256
94d5acd2036d0b4dc040e6cda3a8552131c38425fd08295a4debc8f4bff8e47d

SHA512
0f0b18648745eb9a597ccf153ea0176d689f2246e8be433969b44dc8b9c7d010f7294e84999a45679b766c49bad18531416db4f589bc1dac580473b0441f374e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_Pic4.png

Filesize
30KB

MD5
f2a69c1a4221ff57bad74975590c8787

SHA1
ca0787c251117ba053deb09728c3d5f4d20a9662

SHA256
b199f54ac3b5f08bffc497930d5ba25f2c7e2582564e70758c1f5e181a0fc30c

SHA512
ed74403d7fad737c7890a385bd88b1129e13386e91f9474e1d3f211c24df3331b994dd6bfb67b0c896ae7cb9a92a15cb622ba18233fdc9d33038ec9a3a414144

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Download_SubUI.xml

Filesize
1KB

MD5
9f811e49c25c095d3710ce2a2c726ecc

SHA1
2fe09b749a6109aa58e4f14e936ad9bfd1fc727a

SHA256
6fb7b310c0673be802156ebb19a44f8a841654d99f56c8d03444c159a0a486d9

SHA512
5430dfbff533ce804f03ca31bc7fee71576f48844cb78eb4639628ea6fa6d51ecb53b50199db967abb855ca1e2a7afe92a770029a355c9b56b6296d31f40b42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Dropdown_Nomal.png

Filesize
1KB

MD5
79a297af3cc5d3501558bfc2344f250a

SHA1
7cae747038212afaf6ac69ae57e99cdf9a7ee97d

SHA256
0f8ed5fdb53a8895e0159855268e0b8bb084766473ceb3ced8b96209844e359f

SHA512
e5e4a5feb042725564885be76d8a6bf7d1e68fcd8734822c8f5b5653f1cef9065dfa7d07e57df24332a95567020bb9135ae2233b9d7fbe0a6caa4cd5691b0c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Installnow_hot.png

Filesize
1KB

MD5
c897aced408ce92278f3ca7b506e8661

SHA1
2af7822dda6e2df6a4260fa482e5393ff2cd1cbf

SHA256
9b796444a10eb0454d7b5a31ec5f8fa2e5261386d569c032ec163cae89659e26

SHA512
6fd9ba6e27be168ef1a66e8ab5b7fd174f975f48e84e84d75de908058d51425c04ab70d539653d7b20a8bf79820e30e75131f4d20db43e586585e6074ef18716

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Installnow_nomal.png

Filesize
1KB

MD5
5a02fb88141286b03e5c96bfab807c11

SHA1
4639a647d31d267cf08f4d3e92d62e61749ca1fa

SHA256
7a668d959b0c980edb8fa1b1a359e881f7865a4ec78f879afb2460f99c45367c

SHA512
f6d8b34e7c60ec8ad8d43b6cdb449dd608d29efd2abe377b2439e8fbdb70b72b048948fb17a65dd8b4469c2c65bbfb2e7c583cb880441e26a0d41b14f1e27c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Installnow_selected.png

Filesize
1KB

MD5
eaad4ec876e6acf007ddbe287c4e85ed

SHA1
6fc8faada1480888ec3f3aead9a63057172a3be5

SHA256
18760948ae9aeb7ffe9155a03df8ee84867923fab85cbdce450774149940d724

SHA512
223be241cbcf871d867696e3de353c31170197a5ad61dc3ca9d8d5363ec915179da8e9e3ac189f16eacf18fa31fd885d73a03f127a3415c3c6f12134e1f839f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Language.ini

Filesize
158B

MD5
744e81128518f39cc8340538760560fd

SHA1
24feea905d4369015bcdd0520f613794b2d8a2d9

SHA256
6b4e7667e8b84e680ebdacf2e711381cf2eba5b32de3c1080b423534080ff3fc

SHA512
b5ab1886142327dfb0399bec273c22563da6690bf8e0c4c7cd03be4d9ec86ad082164a3c473c5df3a820b58c27c70b4e6743ff8ad1b32d1b92465970348ce3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Main.png

Filesize
24KB

MD5
8153f9a62b01c741674d040a7f683a9b

SHA1
3a15d8bd17162877640f359e12425e0f8acbaf6d

SHA256
87bac2a006645790930419ac06287d450dcebf8d5ebe3edc349f27fcaa5b2943

SHA512
b9bfa18dafae1cd69c3382c40230090c8936e8715449a7b2e9da9687de940ba4f51e43b52b3f2cccc99cb59e8d94f398737c6f90526051725b8e827d1b783ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\MainUI.xml

Filesize
9KB

MD5
c0162b75ce5a6f74926d55f3ea013d73

SHA1
966a81b06a67dc03f036060fb6518c0d75c7a035

SHA256
0d911063529f8ad80f4ede366081bd731e925021bed369a0b20c05f182a4e676

SHA512
b79cf704efac5c73797538915d086e3489579142c7f34349486e8723eba537f815642c7233a762b7e30bef9fa6543e318730ed713522620769273535b8792239

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Min_Nomal.png

Filesize
1KB

MD5
cec7303d0563442f004e14ee00e7c266

SHA1
9933da818587ed882c93c5812847a89a624ff883

SHA256
7f684e9916e99e872a42a8b334f83c41fb3610b93a666faec7eba034e689319f

SHA512
af33dd3905b24a9f23a726ce32684970358b4000ad3b7e74a29dcbce1456b00ea5d3953d3fde13feca3c28cef0b34d64b08e08717d290aa387228bef6359ca4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Offlinedownload_Hot.png

Filesize
1KB

MD5
cc19eb652aa30fb158de18ac13486e2d

SHA1
4e2d504fd872d4359d19d3443423eccb85168686

SHA256
b83c7ddc7f1f75b1a91ee34403b941f09113cd4687b870c478b74f78f6825182

SHA512
3f1abcc16ba401eb91f6bc8c71e50401635add811ea8ce13cca8e9400901c4118257bd151a1cd77075cb8197f66e7f7dbf68c196389f4e61854b0ea66f2806ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Offlinedownload_Nomal.png

Filesize
1KB

MD5
73478a1ebb457fabbf3de6a0f9907029

SHA1
5762c8de76330a6a955306e10763f0b9443e7fab

SHA256
3f24ce32c8a0a1a5ba2f739269bf8e4b2ff9e37a8c265b70e5b2ea8157be5790

SHA512
a02f24f1efa0da275dbca33d84a1565e2d71f4693a77620438b5a838b4a8058fc648c9c2ca38ca2554ef780bd7476eb00e89c9d8134e070b173a0e95cb2ccb15

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\START_NOW_Hot.png

Filesize
1KB

MD5
df9a1e7c3d40b443f635e99fc5d3a7b5

SHA1
fc94156caced796613b897ef736d3d462aefbe66

SHA256
9907fd8beea3575e1113bd1f4a31704834423e668cae8868b134939e384f587f

SHA512
3cb901525dfe92e8fb32a9136aa2c3841a4f7373e2c01d8e3786d981f4864b79fd39a9212037aae6af2289c37c2929638695cc62f4abfc2ab821262c02d4ec3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\START_NOW_Nomal.png

Filesize
1KB

MD5
fad8b57435177bd5eb7b322b7fb7cf79

SHA1
9c72c40041bd62ea22a2921ad827b6a331d2ac10

SHA256
21a0efc12471ff02da1fb12e6cbedf32e256a22140307935ec9fcd5f67d872a1

SHA512
c44bcb2d4527ec024acd1f33c4b560be5808bda9633b0cbb1240334c53c0083a703d3b61392ac948a9e3cf0ffa37da34bce89d841c5f0c2127ca0df708547a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\START_NOW_Selected.png

Filesize
1KB

MD5
75694871ccee557089379161181981fd

SHA1
09c879685d92d3b097386130e578983207c08cbf

SHA256
aee7b56a49827654993460635b136e0de03968600c73eac2bcbd4b3754620683

SHA512
d7f73bd425061629c9f01c60b5fc78cf3b42de35e45ec02ca6379ca25520aafba9d0bb88723a8610a15d4d1d8f033e5ac5a8505a37801330b05a334a59e68ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\Sub_Close_Nomal.png

Filesize
1KB

MD5
fcc0c32c21a402e1cd65aaa77ab64581

SHA1
0fb078d396534b4b257bc910bb9f251e0d41b0ea

SHA256
668920e35d57571aac5ab009740662e39f830dada1db5fddcce3b8a693b9105a

SHA512
2de7306dedc2f058eedb4eefe122a34d0478c68cf0416f7a4cf7df62b7b3bfa96ebf6c7e3688ef99da36a223c7abdefb724616e78a2914fc73cc439f8f7a8b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\WarnUI.xml

Filesize
2KB

MD5
049ad9e4a494a578ff8d17a19baae622

SHA1
0f73e765a9cd793ca0d9e30580ec164ab23a7dee

SHA256
091b9e77050c07600b9996b62762b32a627204f24edd849125ff1d937d91012f

SHA512
1a712f2b111b32e488fda8779f96db0ac5816bc73a7496f1e3f7a3959ea0773fe3a0a9468b3e8fb756c9ccc39deec6e31913dd27bd76fc9cc4718cadc61f4649

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\inquiry.png

Filesize
2KB

MD5
3ae508b7f2ae96bd15db1ac95b8f9b11

SHA1
590dc0996789f3b015978567a03380743b21e2ee

SHA256
093328c46674b9871bb42b51b4bf85cf17c230a6fd1eafed30f4cfaff1e6bbfb

SHA512
06d9594bf37431ff6af4fda57fa7d802a011387369f638c2c3813bbb1098ade58206f83ac7293f9638c49bab5f92091e09691bf9991052fdb455ffe45380f69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\pro1.png

Filesize
1019B

MD5
cb08c0b8de0d0d24211f11ead4d56766

SHA1
01ea0820df1ec081755ab7d7fb30681722b876d9

SHA256
3e3ea167ca42350f96f379c4ee628abe4ab09bbd8f9bd00de4cff1dc9ca62eee

SHA512
e10c72cf708f41a7a43542df50f54f0f6338dea62893af3798ba346f9091884f84f2806ae1a408f74174df6e94d4331c9107160bfdd49cf4fd64424252da079d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\skin_anima\pro2.png

Filesize
1KB

MD5
a7b631b24b7209528e29931625ce6417

SHA1
051ce0d551a041b87f776af6c59745500da718e5

SHA256
a8e2e387664d507b38fec7b614bf35d863b70253c743a2475d69e468c19b35ae

SHA512
05acfeed0f37b8f8c00eee44c479dc9403e39ce9df29ee1b0ed3e64fbed7265e461d92acd0512d12c337e53d2d297520b4acd596c163c9882677d8f08941cfa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE7A2.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB8E.tmp

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE7D4.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8A1H7.tmp\pdr-free-x64.tmp

Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8A1H7.tmp\pdr-free-x64.tmp

Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
1B

MD5
1679091c5a880faf6fb5e6087eb1b2dc

SHA1
c1dfd96eea8cc2b62785275bca38ac261256e278

SHA256
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

SHA512
3c9ad55147a7144f6067327c3b82ea70e7c5426add9ceea4d07dc2902239bf9e049b88625eb65d014a7718f79354608cab0921782c643f0208983fffa3582e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
1f0e3dad99908345f7439f8ffabdffc4

SHA1
b3f0c7f6bb763af1be91d9e74eabfeb199dc1f1f

SHA256
9400f1b21cb527d7fa3d3eabba93557a18ebe7a2ca4e471cfe5e4c5b4ca7f767

SHA512
8d89aa701de5a35b24cfadbd2088986ae13311d1a7c63abe5c780c62bc939a0577c3a78cf7ee4951c1b09f6849074c21ca1f7023e89bee683c1dbb2134a984d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
33e75ff09dd601bbe69f351039152189

SHA1
0a57cb53ba59c46fc4b692527a38a87c78d84028

SHA256
59e19706d51d39f66711c2653cd7eb1291c94d9b55eb14bda74ce4dc636d015a

SHA512
edbd48c836f826b5ed8d62b401cd19674ef1b8627b9c68a4639819a8564f57426c632b7c1d3dee8209c48c2396da0a3a08d160617f7291a1186ca6d9de5db272

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
d645920e395fedad7bbbed0eca3fe2e0

SHA1
af3e133428b9e25c55bc59fe534248e6a0c0f17b

SHA256
d59eced1ded07f84c145592f65bdf854358e009c5cd705f5215bf18697fed103

SHA512
5e108bc2842d7716815913af0b3d5cb59563fa9116f71b9a17b37d6d445fe778a071b6abcf9b1c5bac2be00800c74e29d69774a66570908d5ea848dcc0abfa76

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
2838023a778dfaecdc212708f721b788

SHA1
b7eb6c689c037217079766fdb77c3bac3e51cb4c

SHA256
031b4af5197ec30a926f48cf40e11a7dbc470048a21e4003b7a3c07c5dab1baa

SHA512
861522120d559ea5f94622f81393cb5528d880e8c8c238fb50d5ce95b3ae94ca868f1aef1b803c887b13c09490b4532160623e59a3f1ee3749e9d80695a43f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
ea5d2f1c4608232e07d3aa3d998e5135

SHA1
c66c65175fecc3103b3b587be9b5b230889c8628

SHA256
a68b412c4282555f15546cf6e1fc42893b7e07f271557ceb021821098dd66c1b

SHA512
e559aefac6fe1b006d3497abee2649ceb71fcceea73fd223782338ab29c08e5b887836b806349d5ace9030c69ca91850b01c468825d02359a5faee7261de415e

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
3295c76acbf4caaed33c36b1b5fc2cb1

SHA1
59129aacfb6cebbe2c52f30ef3424209f7252e82

SHA256
3ada92f28b4ceda38562ebf047c6ff05400d4c572352a1142eedfef67d21e662

SHA512
3673a16a5983f5f5e04bf88d2c08e39631efe619726c5879d2d6907c00acb5d5689061b28cea52edab7c79dbfb450c961709c36c0d599b526c856e924f57e803

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
c7e1249ffc03eb9ded908c236bd1996d

SHA1
e62d7f1eb43d87c202d2f164ba61297e71be80f4

SHA256
bdd2d3af3a5a1213497d4f1f7bfcda898274fe9cb5401bbc0190885664708fc2

SHA512
838eb538a86499c61ee2f47a4d94114a03a623c8f70b95dd0d74e552c8448de53aa3a53b3682cff76022a3edb8f08dd2fd48a2c3614e7fb3b8a3ce1d1e5662bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
2B

MD5
98dce83da57b0395e163467c9dae521b

SHA1
08a35293e09f508494096c1c1b3819edb9df50db

SHA256
6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d

SHA512
bb85a0a8c0de7fcd6034177952d6affe0785c0d7760b921239b1b0749fbeacc3176729196e1c53f0aee0056daa96245eca6c01966aaad811519e514edfaa883c

Download Submit
C:\Users\Admin\AppData\Local\Temp\progress.txt

Filesize
3B

MD5
f899139df5e1059396431415e770c6dd

SHA1
310b86e0b62b828562fc91c7be5380a992b2786a

SHA256
ad57366865126e55649ecb23ae1d48887544976efea46a48eb5d85a6eeb4d306

SHA512
643c30f73a3017050b287794fc8c5bb9ab06b9ce38a1fc58df402a8b66ff58f69bf0a606ae17585352a0306f0e9752de8c5c064aed7003f52808b43ff992a603

Download Submit
C:\Users\Admin\Downloads\pdr-free-x64.exe

Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
C:\Users\Admin\Downloads\pdr-free-x64.exe

Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
C:\Users\Admin\Downloads\pdr-free-x64.exe

Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe

Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe

Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe

Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe

Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe

Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\PowerDataRecovery.exe

Filesize
6.6MB

MD5
472cd4fa25005f265d2613985a85d7aa

SHA1
51d7b18d36a0dd5ff59715148908ad34ad834abf

SHA256
8ea215d1d871c31dde5d2fe80fe7a564c7a3fc2c1ca2430bd5b9440a83f0c44d

SHA512
9306853774c76338b5ce2db8339d0c4d7accfe6f13337c7f2867d4af7d09cb76b89692fca128d72111bbe67c783919de144e9ad332fd8aabf6110f992d05fea3

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Core.dll

Filesize
5.3MB

MD5
a7e479e3fb8c45b4b572a301588c0de0

SHA1
a254d7e90a27196a6e40b9daacc1f72748ccc155

SHA256
a71c5a226fbb4334353cc1d0f4abacba8a509f8544f286d352e1ec29c86c0742

SHA512
92c4303df4967d48a957d258dc2502eedd50a39c7d5d2120f69233f53d67dde13be7112309dd71c0ba9b005951e59a416c5139861522c73cfba3bd49e6b370ae

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Gui.dll

Filesize
5.7MB

MD5
89c68c9d29d7c527097eb4a1317f71ad

SHA1
58add7d0d991931ac92eb144e007894412ae570a

SHA256
be00d70e40813e1a8ae4715b8e3cdbfb6470dbffc7d591459bb4afc30e77f715

SHA512
bfe224dec896857ebe32e75e52823f821b3791312d9629d63b565e2cd12e1854aff5e66cc416555dfbe08887a6171dfb6393e9084a0adaa2ee3528aaf0e2617f

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\Qt5Widgets.dll

Filesize
5.3MB

MD5
d654ed44099c61cf7ddc07dabeca28d3

SHA1
1acf0f22f3cb15585fe8ec97dad00eda8ac30d51

SHA256
3bc64a69dc06e7a12442c04225630ba57c779d6e9e4e1aff9f986c3e68883f27

SHA512
9012f71a8dd27c56b46b341c97a8ac964bdf399f1f9d8740763be34bc4d179db5bb4fbee153e715990a37c2b1391b2622bcacffe32756abfaceb45183bf7f0ea

Download Submit
\Program Files (x86)\MiniToolPowerDataRecovery\experience.exe

Filesize
253KB

MD5
8c5b514a3ae6a317399f4ee7cbc344d1

SHA1
937ec712ffdc6b27279f4b41b64886c29c8a1eb4

SHA256
ef40a5a019a3c381437374ae344a016398915dca23b7ab2db28c0908834b469b

SHA512
8046c099012d2a318a2c94594a96db3e73bd84ddca541bc0c29f1755af0cca7d3c64ebda3ccfccba9ec04a82878ffe89a174e585b534919e0f8db8e49e663eca

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Free-Release\OnlineInstall.exe

Filesize
3.7MB

MD5
acd95bc2b8f21000b98f953f21f38791

SHA1
b5fbe22af3d46615dafd7150e11c45ecbe62fbb9

SHA256
014526bbaa2611ab1ee45d5fb480f5d1516a46d4381e3cc6feb9b305a3c53abe

SHA512
4b93dc5f1424679c1bcf39cd9672b9674ec387fda99d922d987b065ed954423d03c73a3260ebd8d937239ac6e1304e9cbd5c3be53cf8d18a4d8d0e6068391b62

Download Submit
\Users\Admin\AppData\Local\Temp\is-8A1H7.tmp\pdr-free-x64.tmp

Filesize
1.3MB

MD5
cbae4af7720f9a4a6df05a495d5a8bb6

SHA1
87e476a5975f93b52dc645487d29db6992c93451

SHA256
3d26edb48e8106188e32a4de585d09cb050b49543982cfd30ddf5f2152dacc3e

SHA512
e2c96820bb24370c9cd6deffd9a4f6b1dab9e33573db1a10e430fc6c39f82acf1dbaa410b66c7b967a7ff7dba6b6d26e4cc6cec34fd599181907cd61be774a6d

Download Submit
\Users\Admin\AppData\Local\Temp\is-BFSAV.tmp\innocallback.dll

Filesize
71KB

MD5
620a17c7645622184f9ab49752f69976

SHA1
428c45a7adfe271326cd036b35b91da1177e5510

SHA256
1fc556924686e9f0c762a95a2fcdc297c46c6ee15cd2bfd0bab9a53bfbc00dd3

SHA512
9909e307bef504b3b16f6f79f8a5fd4a9f5543b560811a14b9f8a23bf83a170820e1616092fcd1b1e1d62e0db233e328cf0ef4428b242db6f44088e2fd167fc3

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe

Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe

Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe

Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
\Users\Admin\Downloads\pdr-free-x64.exe

Filesize
43.6MB

MD5
95375be04f348d8c48f6de92484201e4

SHA1
9041419741e42b6eda81b81b8dae8fd446b9d5fb

SHA256
882949222a855f9084206400685f048d37a170cba0056cdeae65c6ddb6e47111

SHA512
d057b6bb4d0e0d422af0031d14a4daf72a7c664591e4aca3bc9aa6da0b830b1f39313c5aa90d407b96304e151858f303897a401ea828f902a5fa6c193f87ab50

Download Submit
memory/944-227-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/944-583-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/944-306-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1272-713-0x00000000747C0000-0x0000000074D0A000-memory.dmp

Filesize
5.3MB

Download
memory/1272-716-0x000000013F050000-0x000000013F6E1000-memory.dmp

Filesize
6.6MB

Download
memory/1656-582-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1656-238-0x00000000020E0000-0x00000000020F5000-memory.dmp

Filesize
84KB

Download
memory/1656-239-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1656-377-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1656-337-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1656-321-0x00000000020E0000-0x00000000020F5000-memory.dmp

Filesize
84KB

Download
memory/1656-318-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1768-578-0x0000000073240000-0x000000007378A000-memory.dmp

Filesize
5.3MB

Download