ae9e4974652dc907c017d94d511f1c4cbab72b8c440c052f38acac86279eb509

Resubmissions

20-04-2024 16:09

240420-tlylsscg9z 8

20-04-2024 16:04

240420-th885acg7z 10

Analysis

max time kernel
52s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240412-fr
resource tags

arch:x64arch:x86image:win10v2004-20240412-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
20-04-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pivot_v5-2.exe
Size

660KB
MD5

f577fc68521d8ca399edd72ac913255d
SHA1

8ff05351f4d8f3c4c80ed4985590e8ab1b989ea1
SHA256

ae9e4974652dc907c017d94d511f1c4cbab72b8c440c052f38acac86279eb509
SHA512

ce2497db91582a1d21093e1e08fd33bb91d7f93081045e716cc46c2b4b24f65ec4dbe8ce7149109c4a713b55a13706cfda967fdbd466d3c1c00024f4761f0e38
SSDEEP

12288:zymCv84Lnka4eec2ZZEhl3qgi4JpXBLUbBinP7:zIv84Lnk5LEhl3qZs1P7

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

pivot_v5-2.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	pivot_v5-2.exe

Executes dropped EXE 3 IoCs

Processes:

pivotsetup.exepivotsetup.tmppivot.exe

pid process

4332 pivotsetup.exe
3320 pivotsetup.tmp
3712 pivot.exe
Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

3300 regsvr32.exe
Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery
T1518.001

Processes:

pivot_v5-2.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV pivot_v5-2.exe
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV pivot_v5-2.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
4332	pivotsetup.exe
3320	pivotsetup.tmp
3712	pivot.exe

pid	process
3300	regsvr32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	pivot_v5-2.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	pivot_v5-2.exe

Drops file in Program Files directory 64 IoCs

Processes:

pivotsetup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Pivot Animator v5\LibAV\is-86K2J.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-ABEIL.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-MVSFU.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-KDBSC.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-AMDTA.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-EL1S4.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-NND6F.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-B35C8.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-4GDS1.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-N80H7.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-6Q7PF.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-ETPCH.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-0IH0H.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-12C54.tmp	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\LibAV\avutil-56.dll	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\is-4V6BR.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-COLME.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-HO1O5.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-EAIJA.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-TDU4P.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-HP9JB.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-J32MM.tmp	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\unins000.dat	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\is-U8VOL.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-4D5NE.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\is-CFLN2.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\is-2B5AL.tmp	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\LibAV\avdevice-58.dll	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\LibAV\is-EHF82.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-4PDQI.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-B7ND9.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-RUUKH.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-F74BT.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-Q20T5.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-6VH7K.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-5C557.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\is-V3J41.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\is-R1366.tmp	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\pivot.exe	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\LibAV\avfilter-7.dll	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-7M39N.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-FIJ0O.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-TU23O.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-2A0H8.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-8LJ05.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-35OMD.tmp	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\LibAV\avcodec-58.dll	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\LibAV\is-G6T5F.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-HF1FL.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-5BPE4.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-I1TU0.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-MIKE9.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-G4289.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-5IJKQ.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-V57BH.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\is-RAOUA.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-18BAK.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\Figures\is-TLDRA.tmp	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\STKPreview.dll	pivotsetup.tmp
File opened for modification	C:\Program Files (x86)\Pivot Animator v5\LibAV\swscale-5.dll	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\LibAV\is-8RIMT.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\LibAV\is-9Q42G.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-J5RJI.tmp	pivotsetup.tmp
File created	C:\Program Files (x86)\Pivot Animator v5\languages\is-LF68Q.tmp	pivotsetup.tmp

Drops file in Windows directory 1 IoCs

Processes:

pivotsetup.tmp

description ioc process

File created C:\Windows\Fonts\is-SPBS9.tmp pivotsetup.tmp
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\Fonts\is-SPBS9.tmp	pivotsetup.tmp

Modifies registry class 53 IoCs

Processes:

regsvr32.exepivotsetup.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.stk\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PivotFigure.stk	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\DefaultIcon\ = "C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe,2"	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell\open\command	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe\SupportedTypes\.stk	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\ = "STK Pivot Figure Preview Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\VersionIndependentProgID = "STKPreview.stkfile"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.piv\OpenWithProgids	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\DefaultIcon\ = "C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe,1"	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell\open	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe\SupportedTypes	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.stk\shellex\{8895B1C6-B41F-4C1C-A562-0D564250836F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.piv\OpenWithProgids\PivotFile.piv	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PivotFile.piv\DefaultIcon	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.stk\OpenWithProgids	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell\open\command\ = "\"C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe\" \"%1\""	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.piv\OpenWithProgids	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\ = "Pivot Animator File"	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.stk\OpenWithProgids\PivotFigure.stk	pivotsetup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\DisableLowILProcessIsolation = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PivotFile.piv\shell\open\command	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\ = "Pivot Animator Figure"	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\ = "C:\\PROGRA~2\\PIVOTA~1\\STKPRE~1.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile\ = "STK Pivot Figure Preview Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile\Clsid\ = "{64644512-C345-469F-B5FB-EB351E20129D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PivotFile.piv	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe\SupportedTypes\.piv	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PivotFigure.stk\DefaultIcon	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\pivot.exe\SupportedTypes	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PivotFigure.stk\shell\open\command	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\AppID = "{534A1E02-D58F-44f0-B58B-36CBED287C7C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.piv	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell\open\command	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.stk	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\ProgID\ = "STKPreview.stkfile"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\ProgID = "STKPreview.stkfile"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell\open\command\ = "\"C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe\" \"%1\""	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.stk\OpenWithProgids	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell\open	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	pivotsetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.stk	pivotsetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.stk\shellex\{8895B1C6-B41F-4C1C-A562-0D564250836F}\ = "{64644512-C345-469F-B5FB-EB351E20129D}"	regsvr32.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

pivot_v5-2.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	pivot_v5-2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	pivot_v5-2.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

pivot_v5-2.exepivotsetup.tmp

pid	process
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
2752	pivot_v5-2.exe
3320	pivotsetup.tmp
3320	pivotsetup.tmp

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

pivot_v5-2.exe

description	pid	process
Token: SeDebugPrivilege	2752	pivot_v5-2.exe
Token: SeShutdownPrivilege	2752	pivot_v5-2.exe
Token: SeCreatePagefilePrivilege	2752	pivot_v5-2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

pivotsetup.tmp

pid process

3320 pivotsetup.tmp
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

pivot.exe

pid process

3712 pivot.exe
3712 pivot.exe

pid	process
3320	pivotsetup.tmp

pid	process
3712	pivot.exe
3712	pivot.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

pivotsetup.exepivotsetup.tmppivot_v5-2.exe

description	pid	process	target process
PID 4332 wrote to memory of 3320	4332	pivotsetup.exe	pivotsetup.tmp
PID 4332 wrote to memory of 3320	4332	pivotsetup.exe	pivotsetup.tmp
PID 4332 wrote to memory of 3320	4332	pivotsetup.exe	pivotsetup.tmp
PID 3320 wrote to memory of 3300	3320	pivotsetup.tmp	regsvr32.exe
PID 3320 wrote to memory of 3300	3320	pivotsetup.tmp	regsvr32.exe
PID 3320 wrote to memory of 3300	3320	pivotsetup.tmp	regsvr32.exe
PID 2752 wrote to memory of 3712	2752	pivot_v5-2.exe	pivot.exe
PID 2752 wrote to memory of 3712	2752	pivot_v5-2.exe	pivot.exe
PID 2752 wrote to memory of 3712	2752	pivot_v5-2.exe	pivot.exe

C:\Users\Admin\AppData\Local\Temp\pivot_v5-2.exe
"C:\Users\Admin\AppData\Local\Temp\pivot_v5-2.exe"
1⤵
- Checks computer location settings
- Checks for any installed AV software in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2752

C:\Program Files (x86)\Pivot Animator v5\pivot.exe
"C:\Program Files (x86)\Pivot Animator v5\pivot.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3712

C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe
"C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe" /VERYSILENT
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4332

C:\Users\Admin\AppData\Local\Temp\is-LVCVV.tmp\pivotsetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LVCVV.tmp\pivotsetup.tmp" /SL5="$10256,18433013,58368,C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe" /VERYSILENT
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3320

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Pivot Animator v5\STKPreview.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:3300

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Software Discovery

T1518

Security Software Discovery

T1518.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\cursor.piv
Filesize
7KB

MD5
2e923d0f7f805c9acb390a85a782d49c

SHA1
fb98065c9dc3baa5c3729f9540806075c8bf17fe

SHA256
5eaf90001d8e3b867473137e904af9baf29a0cb6dba41caa9242a368c28d0c83

SHA512
acba39c54635e2bbf8863da415a52290df64932a2529c0852d28f121cec033c290cce4dc7d007a5a65b8fede938b42a792e6a0c74fe9c7e952517af606014dca

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\dominos.piv
Filesize
4KB

MD5
08557c8776d979a1143cc674a5fafb32

SHA1
bac5104bd62594892404b61b5bd0e96f6c7f153e

SHA256
d8e45cdcd53ec9ad56fba89575c66701b01e009c4d371db092deecb1604a087f

SHA512
5b0cc057cecee04beb080fa44eea6657dff3e7b43a5032035ebe1554ef6f166aae6ef8ea189b829855eb2db7503e6195a9f6965f9c65b5cc9c4a0d1c25357a41

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\horse_revenge.piv
Filesize
7KB

MD5
834bb56ece2ec9942d38013d3bb60a18

SHA1
2025dea0b5bd24703ab641feabc716add70bd66c

SHA256
703046dd6742dc3e04113ef1c2beb8547c0f42501549372b8a17f954ace2b5a5

SHA512
c28f92c969e90247c733d80f7f676b8c63b6cf89ae9dd12d412e550bae2b2cd15e8fdd36d3d2321bfdbb65abc03c5168a8344cbd68dfa2a57d0fb3a16ad620f0

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\run.piv
Filesize
604B

MD5
8af3f2f0668a79696fd82f8be2eda937

SHA1
25240129f6d07c81e0c6b7bafd9455ec9ed4677d

SHA256
06cd354fd29a8d1a3ea697d0bf9d5b8f29cf413554cfd995b2111bdd21c1c4da

SHA512
785b18ed83af595f7e405c29cf11d2a4939f1d9ddfec1c042cbb5d35590cf4c76c0b90fc85a6a2c87549d614b145b38dd8ff9989caf78069c8c8527bfb100395

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\sprite_demo.piv
Filesize
226KB

MD5
8fcdedbaba257eadd8be3cab322a9251

SHA1
6cfce653c35e3d9dada31d2f95a60f6783e6b680

SHA256
07e2827109f791ea15f3dc095593bbf9f8b04d897b84f20d721b0b12e0123d0c

SHA512
3e9eb3ca2f4cdc63552c989d0780a06174b6e4e9979b69224df89b61f94933bf7b6709ec14cc5bcd59dc671451af37cf128d181f9bd3c47a475c77ad4ce1c34d

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\tower_fall.piv
Filesize
24KB

MD5
62b0d70606a4007449fe4b874fe5439a

SHA1
0320443ba131e16e7082e7630335137920e6843e

SHA256
1af0fef50894c5aff61c2a521c872715105f25d2039aa37b1a048aa628373cff

SHA512
b3eda7099348978899b699897969f095b2d18184f9e0b1574c3eca5806f49ef2c8b43112f3ee94ec93c2809c097d52fb68f0afbf7fe703dcc42cfd4ac2986438

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\tumble.piv
Filesize
8KB

MD5
f93b4710781fa8957a8cc3c86929025a

SHA1
efa94134deac0e9edcfc028bdfc120d7ce58cb91

SHA256
c57ebe624a4cf08eb72783f7aa5f7f1f511fcea84791908be722398a69d8f7b3

SHA512
3224c1ceb84923a92788ae09a21fc202fb33b84c1ad9a81124cd9bdbe7335e19d2d16044ac1979518cd8124c593e888d4ccd4762bfb190df8178045320c128c1

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\walking.piv
Filesize
2KB

MD5
b2eda498c427624b00b8dd1a03939afa

SHA1
578d03967c0eb86a1f8dacf5ade9e16bbb09e24d

SHA256
525e4ad75a58ba9d20c3950878f27b2c55277e4d59757aa980a5b6260d2f16d0

SHA512
a2f1520839d3e0934bf7a5f7197cdda5321013e81471debf0cf89274f66b96a9d96b8611391474f2ce5fbded653dd6e19f88cd492a80f13a6b2d413e63ad3b76

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\archer.piv
Filesize
17KB

MD5
55ee1cc860856d8edfb175139fbc0cd6

SHA1
9ef9d5f35446b2a081f6f91002dfe09301f6d4cf

SHA256
1f7255a15e09dadb3a35e9a07b60dc48c681605de35a7473a5fef5bfc75bdd35

SHA512
2324d95472a231df3a9a75a72524c9c90412878ee2b7b06fe47bfa09382d38a4fc418911651f21b3c79486fa29af0f113f8ad4321e24940c961534eb7b24375a

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\deformation_demo.piv
Filesize
1KB

MD5
b810f7a219611f4ce7c078005683474b

SHA1
ea63273b1fafdc3a57c15c0070f7e1eadbfe3f4c

SHA256
2ed6a7c53c65ec762d9d9b0ebadf64e02e22b5c5a0f507627d062db661a00b68

SHA512
7eff076b226970d4c98c1b448b7a78fccb7600a2ad524f2aeb485f5d5242b910f357f1ce40e423bc1f09e52557ba738e2b6356df5eece22afb61fa2dcda4fda4

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\gear wheels.piv
Filesize
19KB

MD5
0db372ae4af1f4df6a104dc98d9acf0a

SHA1
1961172d58f6849ef5378fee930c0387a9af2eb6

SHA256
5ab8f2911c6c7610729134a1543926b8c4c4964c080da9fdc3ad35a27626cf99

SHA512
3941326649de80060a975d37648e234b7a2b14aa2bd265364f4f2ced79d42bde601702b6195ec96bb41f033bf9e75c489f8365c74c870244731d241cc261e435

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\pythagoras proof.piv
Filesize
9KB

MD5
12ae5f64729cb7edb9b1713dd53da83d

SHA1
e801787b3f2158710d516512933f387cd863b081

SHA256
933073be25c12e6d089ae9413230630804dd830742ee2e8114d621278055816b

SHA512
d386f5b6f4d6f2a8ffef981023013b25d96228df79e79220ceb7e7922db14934a02f0343394465870c4123069f7a913cba814ee539b4be981d0e3a620a579d1b

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\run_demo.piv
Filesize
1KB

MD5
42803149c1f956a427f150d0905be563

SHA1
1384465e3b7ebf64d98e6fdf35476cbf9aebf2e4

SHA256
f2783753894ad376681f370247314c1377ff6724145501635c7a7c8682155023

SHA512
902afa28a5566edc029fd2d288d9a119a54760946f27a9ee80d6e8c42dc84f305e5c7dc4e052df79fa7678a1ff2c639ca82d7163922b12710903fa558390fe5b

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\square wheels.piv
Filesize
7KB

MD5
5ec681f762df42f824781509b07a8197

SHA1
2a6bf546c4f7d1b9e6556b3548fad2d9361a46ca

SHA256
96c0eda02adc1f87d89bc0996da0b50935efd3cdb36475748753b02c5a362d43

SHA512
35a9cb148ed9d6ebc86a1c7269ebdfac1e0bc56ff0817b70d2a771eb96814eab83d2e7844ad22549abc2bba7f7852c636d5593092c55f73c2d48880486dbbf8d

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\text_abc.piv
Filesize
2KB

MD5
e90984f43f77778062a574baeffc3d56

SHA1
60ab52b15adf4d832e19606685272f5073d3878e

SHA256
198d25ddc7fe0c87166aa6225811be28b341df8493404d5f32247b25774bc5ee

SHA512
bee3c26e1cd9bbc51dcaa7c7f83d66712959f09b07f3fe89610f32282ad857d22ba04ebec9cb43bfdf99dd593d5a16a06ca0b44fd677c71b6a883bad3508c06a

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\text_bike.piv
Filesize
1KB

MD5
de938ed1fca12777739e6720aa846370

SHA1
5ee6765b2046c3f58f823405eb9e3c1d3b2f5c4c

SHA256
4f83a5ba94aa5fefff5faaa6747077d424792023407e7795d68e98ed91e72326

SHA512
94edf47fa47695b48516a9a8f115142aad8c9b4424a4284da4ddd37e13aeafa95f8c3f7acea9a26fdebe4c55f32ceacd3b532a871ec8bd0596cbefa33d763187

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\text_speech_bubble.piv
Filesize
5KB

MD5
c0da29c6c68e6b07b3c3663bccdef12f

SHA1
e32b0af30900a51294a6eb0fbaf739648045b7cc

SHA256
a98e443c17047e009ce0b40d868597b49dbd09cc64f1a73991c59dfddc1cd2ec

SHA512
7c6b7800a341b1b75559c7f2620b9587ecdaaf597bca83f089d65147b03b8681a5fb5b8b6d798f435119263601d36023e451a0a2bcc034c368d766773ac6355c

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_NY_day-night.piv
Filesize
83KB

MD5
4cef79aec9863cc101d772a7b6ff21df

SHA1
b8326019886275ea2e58ce1e3bcbb09fc3e594d3

SHA256
16578bb0a7e1187e40e1cbb0e16c196889a17829dd449c5b6f32e238f0a628b2

SHA512
2b06440714074543b7540d30e210c49b9ed6bb595dd22f9ac51f21198501ccd944b0c4e96adf906a44c0c9ef6adcfa22b2fbca9f67fdfb159073fc83506d80c3

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_camera.piv
Filesize
356B

MD5
a0c7825383dfd56f8448654563e2d3f1

SHA1
9e26723e9a46301d5e7eedd02fcfe17f7d298739

SHA256
d2059b69914b3342fd2f0e62eb659cf84b6ee5faf9d09a760bb63a70b36599db

SHA512
c4e2988098141dae9d8d6ecb8f03dcc2b725f58496f15ccb030661b767f6b05efec2d9a565f4c5083523ae29f13b24bb56151f3ba6673a16350d3bf148bcd6ef

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_demo.piv
Filesize
181KB

MD5
75e011d607a4fe83e19c858f68d09709

SHA1
03d9185fdfb437f9bc5cb4b4ebbcb1816148a032

SHA256
822610840dc2da27ae1587916bea90aa731b1cc7a99210e5fc91c27d2db0973a

SHA512
0cae9e6a2dafc7a34b812db177335709f1e98714031aa51c13df3abcc39dfed71642faa22d95d4cb4847995dc0a8683e1f76270664aa88560b1035fe412152b9

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_falling_object.piv
Filesize
195B

MD5
cc39ef21859d52916fa65a8b21a27d22

SHA1
0f56f99f45f30ad80484e7f192767b7b7182bdca

SHA256
7f2ad7f786867bd68469017e04a905ae07688053bd04d1ec513bee83a9442f58

SHA512
81161126e5216646132d6bb872781c8d423d44862c50d3d6738720a5cda4778536bf240426da14d204564a23ccc6ca7a4b6a145003fa25cf0e6c8f31376568da

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_football_bounce.piv
Filesize
2KB

MD5
f02c84a7f5e47a7af3950336841d0af7

SHA1
a88989811682ecaed505ad4133e6710c8bad67ae

SHA256
7df392188c1ed7b740ae292a734af4c53dafb62f82169d680f389a1e51a41d90

SHA512
a20f0dfdc42c9b044bc755830a06217548c411c6cb33da9a340ee88030cd0d941311e0bb449694fda9ae85620a10d0f7bdaacd1a03bf80a7db05dfc823eb9419

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_infinite_zoom.piv
Filesize
456B

MD5
e91c14d26679408d6d0bf7a4408f6ec1

SHA1
0c8ec865b6c530dddafb7e2ca6a4998d9deb48c3

SHA256
4820460534d37a46e5714f5aec130320cab5e4bd6a59fc670a3f6a19d177780c

SHA512
69b24e7e59a2c2d784eb06d410227b84d4b65bc272d86b7cb8e3c4a6ee25441cbd2248fd8c1f88f421a1487993de15d4b0c534350deef272bba0ce36cb7048a2

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_pendulum.piv
Filesize
616B

MD5
7de0ea14391f0dd75363cee75a691c30

SHA1
333264a4010ffc56e71d7d969eacbc00d792a106

SHA256
2a7e63a4936e43b0e85d0803a8eff196e138ee08c8eb337d80c73dd49b825895

SHA512
2573e77fd052402cec3fd8bcdcc14435d680ef56f6c1f4b6737032753d454c658b8b26a6aaeb39f412765159729f6d129c575bee428c175353dd360f682f03ec

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Animations\tween_water_bottle_flip.piv
Filesize
3KB

MD5
83d80e1843a022e3f6c2eeb798fc77cd

SHA1
4d54af3502321f409aafe56813afa5d78d5e91cd

SHA256
8b4d754c5a800f6270aaead4ab39d20e5b8ed229034213e3f42f560f3706faaf

SHA512
b1a3d4a1c0ce97722d3c3a49c539342233e1b49b31972395d3a75a3f9aa2e7a94e62d3588b33ec38ced55e772b48c33caf887470ce0d51f3ecffb81a5c33c015

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\clock.stk
Filesize
674B

MD5
bf204760449e39d33efa312a2f027ecb

SHA1
c57203280b902425c6b9243a7f645b74d2a9bd00

SHA256
93babe694a9e14b3aefe3a900ddc8623d4a8fe938a671323bf5cfdf68bd81afa

SHA512
85d4ac1b80e2c31dca3efb2a1a920649f410a38cbaab4e623761eca0cbcfc74eacf55fbd894d484f03715d491472343f1422da218ec459fa7f37326965d6a29f

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\cowboy.stk
Filesize
410B

MD5
44207f61be6cbecb2e942fa214ab7ce3

SHA1
f05ecf61b19ce943513916aba67823d8e6ac63e4

SHA256
2914177d015fb201b423485522df207efe680fabeaf811f1cd59362374344563

SHA512
4393917897ab29024919a03702f397f73deb38c0ced1576d74b32e751a3d9bc4f0ccc19c69a5ebd97346759df25df5f22cf4408403ad17b096bd5bb6d9d415de

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\default_pivot2.stk
Filesize
242B

MD5
8d61ed789696fb6fc57460c903f6bcd1

SHA1
8fb0ac3f02cd1d5a1430f6c892b23779d2362af9

SHA256
91a2d8f040f4566f8c50ccbe7faf800463cfab72b77315f112170db0fe953dbd

SHA512
07e063e56a68a19b5faf9df56ef0eb83a36bcf94674e03f5d9c1ea7606e7624be850ebb8caccfd1b192cf90f180112841b17768413c882f3f0b67dbaeacb0768

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\elephant.stk
Filesize
458B

MD5
4003994633de0353b135ec2117f4cfbc

SHA1
b637213dfdd99aea0eeedd54818c713d4543bed6

SHA256
7f58987b2a7fea67ba767a67519e23408001755ec11b764304f41ae86b47d8a1

SHA512
71579e0290b7f72fb7a036f1b9b3bd69bee55977152069bfcaf8298e9cc00b0c71f6a80e95923cbb2be8c012ea7ae651d19b1442e3cf48e6c9c392ae6f8784e1

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\horse.stk
Filesize
386B

MD5
e7bfc2164ed2cc976eb0e6a03ba1666e

SHA1
2f07b80e72d9efe4f2be07d66376149b88d84162

SHA256
1e92f7a981c1530ae9d779505c37e663f13b487fdf3e76e39a380c815ca653ed

SHA512
aa56543ff08b2239abeaa5616be67270aeb415b5d6bb4de96439b4cc9de139529872411dd46fe7d06f0f9a32efff6c26029e5ea07c096a58ce33397d1f6109ec

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\ladder.stk
Filesize
506B

MD5
890e0b71d7bb2ecc2e8ab582142a6dea

SHA1
9df816c4b27c9d3ebd8efa60105b286e18d55817

SHA256
928db977e9d6403467a28f3b27daf6e8d5d014b7cc24da5a49bad32a71f7b521

SHA512
9844dbf4fd4d1338c65e036bbe79792dabaeb1a0be1044d52d80ecf0c30a14473b8a028244916dd39c7ce4008008b0e5190696e898184ebb302b920d1dcf8174

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\man.stk
Filesize
290B

MD5
bc38e45306c140bfd2cca0f0e429a711

SHA1
51b71da52da155bbfe36a31aab59f4ac6c54de03

SHA256
402482091dc89f95a39e4114b2051d0b62b51b23436d984604fe722d816cedff

SHA512
62b80f1860573cdcd63f9ad604a5b073f7bb39c244a348a3c5b3eab800c4c0086b2c6d5fc340faace6c4eeae50eb2c411546ebdc4e2d4d4cb67fff9ae442c55b

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\man_evolved.stk
Filesize
440B

MD5
43c05d8c2be77c118572b875abb9b062

SHA1
96799226803a2c1e4adb0b3524a42bf4b92e6b3d

SHA256
e829d27438a81d7d81581853ba2cf01393257151aedda00d19bbb5d154f3bc46

SHA512
2b618f17376503474981e4f70a79683780b49542920996692b10aedb55b1fa1f2a88e0317f1b08c7fcc382cb998742af415fcdb7c782c157c590937e772e9a61

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\man_rotate.stk
Filesize
266B

MD5
64e43db5b1accf836f361ec1f1b552dc

SHA1
ff09eefd7153d73fc05b09f10e78a1dc989b0ef1

SHA256
b58b11b3aeda16a1d8b03dcdd00a90b1ea4551e55a9063cc5b197034f65cef1e

SHA512
3f6a48c17ca813c77e27e7f24a4d9a457503c51a2f834783e67b88538cbcfdb1d7e811cf88f91209e6664b7a7ee673fd4dd8052ffef27c97092913d8aa853adc

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\realistic_man.stk
Filesize
362B

MD5
1a1c27977e828b5791821dbed308939b

SHA1
ceb455f00c1d5c81c4391f35a3b22cf3df55816a

SHA256
37d2d982ef098dc2a0f04da28cc155132d9350693db9b593107370da1d643a4a

SHA512
2142ebc80fa6d8abd5a22f4304713a64ab9ce459b5722e8ddeead91f4a1e2e84dfb8ac2fefbc6d1f995b9724c806aef6a9316546166bb0ea84dcc771c657520f

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\archer_man.stk
Filesize
150B

MD5
e1a8a087812e4a1f5cfd61a14254c8c7

SHA1
36ab08c6bbcd35e900fa27a2a7956c30d0b8fb73

SHA256
230e0ed1dc21c2f8fbd878fb3c190a549fb73c15c2336e89a521b3dfc5c1795c

SHA512
9a962f649c7180eddd763820a173ea338aebe9caeaf72d8c7451dcb1c4ad94ba1c926bc6fcd8fefc337e216e5f276f2674348d7d17bc9e5b798e1cd059bb6fb1

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\dino.stk
Filesize
83KB

MD5
fe75a23b8ea25a62edb48bb06d586398

SHA1
a0ffdbef6a999c22a8db12595387799b1ca32cd9

SHA256
f0df8bba81d23f0321746ce67e90b000e36d4e89e7b224ed2239f2148ceb1716

SHA512
248b1a48b2e8dc7653f8d772b1a377c53fc272ee20de20c75379e3a5752ff1a6cf43585ffb649bb66be87807980e46dcce28ac150788001c4180717acde41b8d

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\outline.stk
Filesize
156B

MD5
67466293e74baedf75f3d5fdc4c08688

SHA1
8d18148240f507f98e43b6634b3fcf1f044454a1

SHA256
7a12852655abde3227b5c81dce1d1c1e9c20227a24e40c8dcadf2852b0a01ba9

SHA512
b493236a840ec9584faa75e2e18360de84fffaeebfb9ba753ec5e3ed7bb16e7230862772bd9a5c1e0722e5421f449af7e8fcb3359506601df3e1e8594248b223

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\poly_skirt.stk
Filesize
370B

MD5
e791a9f7be703bde42039b2af8e62695

SHA1
cf4c3f295f5b61dab08338286ed142466f824890

SHA256
e405b5b49f4038628cb81c08fea740f062f3f5c63a42496c778e3d3a86439485

SHA512
247a4a758d67765bcf7b8bf3c8f218b408ff91140cbbca8e03e4618d6d59b2ac883e75bbcb702541457393fdf12799662dedc8fbcb6bf8aefae990334b622e93

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\speech_bubble.stk
Filesize
301B

MD5
3a2b48a8ef460ad903cda4e9ed848a5d

SHA1
2437db80ab776fe1e362df0228336cceba0a15ba

SHA256
6a27b3d4c34264feb12fad3030933227ad9f4130a87d9aee2a3e27fd4b4d76a7

SHA512
42ecc719620f202445540170f7ac0b6cdf2e21986122193db8905a0a1110f27af50738369c7677b801ff4eccb9b16a7cb6ccad2776b00f40036bc9fdd837fbf9

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\sprites_pete.stk
Filesize
52KB

MD5
6640003c7850cd3d6e55772e314a8573

SHA1
0f95311d7224a6cd45f2f7567152de7cac68d7b5

SHA256
c8dc70b37e3e756d972b441cd7894f195074d04aee49701382764c5e24d1b7c8

SHA512
a47b2318a1d68d0dd2a5b423bb6336fda45f2465ab84cf24c7651278db0cd5c29b7b6b96dba0b926b42e13cbfb1e27f6be37b91aed5c9b972a9a386a87dde240

Download Submit
C:\Program Files (x86)\Pivot Animator v5\Figures\thought_bubble.stk
Filesize
319B

MD5
d139c79626f7b8235c0c12adbaa5eada

SHA1
2a538c99bf72defbb29900ecfa4b1c75c8abd39b

SHA256
74259c84cb6638a71d7567b5bb162d85e37689750449532a0a897afd1011596e

SHA512
3d249150baec42e1b81540ff7ab7a080e21e3feef58170822c77984171d57a64f9904fd14cd4fc3a8289d1a6035b94cf4f5c7bb66920574aa3fb4c1421bd8ee4

Download Submit
C:\Program Files (x86)\Pivot Animator v5\STKPreview.dll
Filesize
2.5MB

MD5
2c639820b502df57891e7c4ee805f4b7

SHA1
d90ecab78c86152c31f6963096107fbb115f7bae

SHA256
dcdaf630b7a42bb9d6b1693e159175d68569f20f3ab034af4124d3c775436458

SHA512
afd96af844d30256e9fe1983e82317ace56d6741bf3f2647fee6ef6870b610a4b71560aca95a62ed5b54a2e1ab0ef1487a536124328f4ac327a0b86b1c1900a4

Download Submit
C:\Program Files (x86)\Pivot Animator v5\languages\Francais.ini
Filesize
13KB

MD5
e1e316760064401fbd9167deefd3c0a8

SHA1
0b01faadfd9e8da5f8cbdddf13fcc70227eb3cc5

SHA256
f74e88a6556282d526ae33c23b0ff1c976622238485aea9374af6625231ad3e6

SHA512
77ec64427a04c9908132cd9fe13c3498c55ac7d7fcbf45487bc5e4bd4702366dacb12fd15b2f22ad15bcbb652ebd2b548227b2e9ad0d47e2e32e02d957b675db

Download Submit
C:\Program Files (x86)\Pivot Animator v5\pivot.exe
Filesize
13.1MB

MD5
ab3c884e603de1d2d9d4bb9edeac8762

SHA1
123e87c326a39d641571c5f5d54e9b1f42926cc3

SHA256
af38da271a7fb34617b094b3832af8f016168d0923dabbfb297633fb22e49036

SHA512
ecf3474372d1af6f4e93fe655b188b03744f07166fe2ae3947650fec8afabd2bb721270d8e3ef97d52cd4071e6a94ca1c1f5ecf304ed0711bb932bfce133982f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe
Filesize
17.8MB

MD5
a52c104395773710fab7f6264aced388

SHA1
87bf5c40fbac501bc272cb5343e7ae09b13bfdb1

SHA256
2852267832c4338f9ab2488add87c71be9e9b6fac50f3395915e7b9b6ab5cd11

SHA512
47eb7a1bd1c78961a8ab5a90896df6be0d57e253798033ba6caafaef6826414a08f6f8fe085faee7601d06acc00bec26c8c9e8da0da97168370e69fa27cf829f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LVCVV.tmp\pivotsetup.tmp
Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
C:\Users\Admin\AppData\Roaming\Pivot Animator\Pivot.ini
Filesize
1KB

MD5
0c03fe1f58915b039d4bd5966d8165ef

SHA1
7f77bb623de23af53f5ad58499d9340e9c30e035

SHA256
6aedbbc6ddecefc0c371435d50382c27566c8912cd4ca3bf0399c6ff9b6ed9cf

SHA512
9333e6112759bd82b6f45713ec3f4ec38707dfbb9238812e4e184f3fa797338666a8e8e38eb0e022de363822310375a6829ca0982c2b1d3edf9397ada68fe483

Download Submit
C:\Users\Admin\AppData\Roaming\Pivot Animator\Pivot.ini
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Pivot Animator\Pivot.ini
Filesize
1KB

MD5
4f2db2abad3d01f650bcef8e2b15b893

SHA1
a82bb861a089dfc63b4e3ae3030a8dacd48b79a0

SHA256
6383aeb0d3cf4adc5d716aa3bc0f22a185e1b2f58d178552b65e221e0e070a3e

SHA512
cf83d663456e2f5c7643379f957ba1efda485b078b332b4e9cdcc88ddd5415f0e42ece0194213d28140906bec893fe1efe5b14771d703187852b5371c5fd83ab

Download Submit
C:\WINDOWS\FONTS\PIVOTCLASSICFONT.TTF
Filesize
12KB

MD5
32965780e3c3b53b1e2f8b82eb96da05

SHA1
85f817ef5d3150f4bf69e967d56a032f4521f79a

SHA256
f22de79fe47abd955f05c0ea0cc1586eb549c956f22616c051142f448fcd8f23

SHA512
046d7f36faff39650b29a7198dc3b4a5af1a94efa2cc807c5981023010c448ae5421be1055d0a5bf4c1b7d23214c5cf19e122be21eee49b11a774694be788605

Download Submit
memory/2752-0-0x0000000000CF0000-0x0000000000D98000-memory.dmp

Filesize
672KB

Download
memory/2752-3-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/2752-40-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2752-14-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2752-39-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2752-15-0x000000001D690000-0x000000001D6D2000-memory.dmp

Filesize
264KB

Download
memory/2752-1-0x00007FF94D620000-0x00007FF94E0E1000-memory.dmp

Filesize
10.8MB

Download
memory/2752-227-0x00007FF94D620000-0x00007FF94E0E1000-memory.dmp

Filesize
10.8MB

Download
memory/2752-2-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2752-35-0x00007FF94D620000-0x00007FF94E0E1000-memory.dmp

Filesize
10.8MB

Download
memory/2752-12-0x000000001C0E0000-0x000000001C0FA000-memory.dmp

Filesize
104KB

Download
memory/2752-11-0x000000001C0C0000-0x000000001C0DE000-memory.dmp

Filesize
120KB

Download
memory/2752-9-0x000000001BB70000-0x000000001BB90000-memory.dmp

Filesize
128KB

Download
memory/2752-10-0x000000001C550000-0x000000001C582000-memory.dmp

Filesize
200KB

Download
memory/2752-8-0x000000001BB50000-0x000000001BB62000-memory.dmp

Filesize
72KB

Download
memory/2752-7-0x000000001C610000-0x000000001C6C2000-memory.dmp

Filesize
712KB

Download
memory/2752-36-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2752-37-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2752-38-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2752-6-0x000000001C110000-0x000000001C160000-memory.dmp

Filesize
320KB

Download
memory/2752-5-0x000000001C440000-0x000000001C542000-memory.dmp

Filesize
1.0MB

Download
memory/2752-4-0x000000001C820000-0x000000001CD48000-memory.dmp

Filesize
5.2MB

Download
memory/2752-13-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/3300-219-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/3320-222-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3320-47-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/3712-228-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

Filesize
4KB

Download
memory/3712-383-0x0000000000BD0000-0x0000000001923000-memory.dmp

Filesize
13.3MB

Download
memory/3712-470-0x0000000000BD0000-0x0000000001923000-memory.dmp

Filesize
13.3MB

Download
memory/4332-223-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4332-42-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download