Analysis
-
max time kernel
142s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 23:44
Static task
static1
Behavioral task
behavioral1
Sample
pivot_v5-2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
pivot_v5-2.exe
Resource
win10v2004-20241007-en
General
-
Target
pivot_v5-2.exe
-
Size
660KB
-
MD5
f577fc68521d8ca399edd72ac913255d
-
SHA1
8ff05351f4d8f3c4c80ed4985590e8ab1b989ea1
-
SHA256
ae9e4974652dc907c017d94d511f1c4cbab72b8c440c052f38acac86279eb509
-
SHA512
ce2497db91582a1d21093e1e08fd33bb91d7f93081045e716cc46c2b4b24f65ec4dbe8ce7149109c4a713b55a13706cfda967fdbd466d3c1c00024f4761f0e38
-
SSDEEP
12288:zymCv84Lnka4eec2ZZEhl3qgi4JpXBLUbBinP7:zIv84Lnk5LEhl3qZs1P7
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
pid Process 1268 pivotsetup.exe 2268 pivotsetup.tmp 560 pivot.exe -
Loads dropped DLL 5 IoCs
pid Process 1268 pivotsetup.exe 2268 pivotsetup.tmp 2268 pivotsetup.tmp 2268 pivotsetup.tmp 1632 regsvr32.exe -
Checks for any installed AV software in registry 1 TTPs 4 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV pivot_v5-2.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV pivot_v5-2.exe Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast pivot_v5-2.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast pivot_v5-2.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Pivot Animator v5\LibAV\is-VIUL5.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-O29S5.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-CC402.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-GL901.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-5QFI9.tmp pivotsetup.tmp File opened for modification C:\Program Files (x86)\Pivot Animator v5\pivot.exe pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\LibAV\is-SHF2U.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-JSKIC.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-OTBDQ.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\LibAV\is-CJKDT.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-TC50E.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-0DUGJ.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-0AU11.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\is-2O68H.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-4QVJI.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-EAVNR.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-GQI8P.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-T0LBI.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\is-761N1.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-PVFUO.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\is-PDI6B.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-FH6J3.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\LibAV\is-HMVA0.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\is-UCR6C.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-IBV2N.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-OQGQQ.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-P48BK.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-DQL4N.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-8KM8M.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-SVTSA.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\LibAV\is-K07UD.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\LibAV\is-CTBRU.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-F9VUE.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-2VJ1F.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-MH4E8.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-I5ASA.tmp pivotsetup.tmp File opened for modification C:\Program Files (x86)\Pivot Animator v5\LibAV\swresample-3.dll pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\unins000.dat pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-L5DVK.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-J4AQ5.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-H9B7A.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-DFAL2.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-MIO5D.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-E1KD9.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-DCP5T.tmp pivotsetup.tmp File opened for modification C:\Program Files (x86)\Pivot Animator v5\LibAV\avcodec-58.dll pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-H592K.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-C0VN8.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-1M6OE.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-K16N8.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\is-T1324.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-DVQMP.tmp pivotsetup.tmp File opened for modification C:\Program Files (x86)\Pivot Animator v5\LibAV\avformat-58.dll pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\is-L64F5.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-UQ10K.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\is-OHND6.tmp pivotsetup.tmp File opened for modification C:\Program Files (x86)\Pivot Animator v5\LibAV\avutil-56.dll pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Figures\is-VT28D.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\LibAV\is-SFEGL.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-HDCO2.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\languages\is-1K2GP.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-RKI9S.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\is-C5ECI.tmp pivotsetup.tmp File created C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\is-JQ8G8.tmp pivotsetup.tmp -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Fonts\is-K9QQ1.tmp pivotsetup.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pivot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pivotsetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pivotsetup.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Modifies registry class 53 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\PivotFigure.stk\shell\open\command pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.piv pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe\SupportedTypes pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.stk\shellex regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\.piv\OpenWithProgids pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.stk\OpenWithProgids pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\ = "Pivot Animator Figure" pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\ = "STK Pivot Figure Preview Handler" regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\PivotFile.piv pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\DefaultIcon\ = "C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe,2" pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell\open pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\ = "C:\\PROGRA~2\\PIVOTA~1\\STKPRE~1.DLL" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\ = "Pivot Animator File" pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.stk\shellex\{8895B1C6-B41F-4C1C-A562-0D564250836F}\ = "{64644512-C345-469F-B5FB-EB351E20129D}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\PivotFile.piv\shell\open\command pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell\open\command\ = "\"C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe\" \"%1\"" pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\VersionIndependentProgID = "STKPreview.stkfile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell\open\command pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell\open\command\ = "\"C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe\" \"%1\"" pivotsetup.tmp Key created \REGISTRY\MACHINE\Software\Classes\.stk\OpenWithProgids pivotsetup.tmp Key created \REGISTRY\MACHINE\Software\Classes\PivotFigure.stk\DefaultIcon pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe\SupportedTypes\.piv pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe\SupportedTypes\.stk pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.piv\OpenWithProgids pivotsetup.tmp Key created \REGISTRY\MACHINE\Software\Classes\PivotFile.piv\DefaultIcon pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile\Clsid regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.stk\OpenWithProgids\PivotFigure.stk pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\ProgID\ = "STKPreview.stkfile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\shell\open pivotsetup.tmp Key created \REGISTRY\MACHINE\Software\Classes\Applications\pivot.exe\SupportedTypes pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\pivot.exe pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.piv\OpenWithProgids\PivotFile.piv pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile\Clsid\ = "{64644512-C345-469F-B5FB-EB351E20129D}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\InprocServer32\ProgID = "STKPreview.stkfile" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\DisableLowILProcessIsolation = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile\ = "STK Pivot Figure Preview Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.stk\shellex\{8895B1C6-B41F-4C1C-A562-0D564250836F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.stk regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.stk pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell pivotsetup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFigure.stk\shell\open\command pivotsetup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64644512-C345-469F-B5FB-EB351E20129D}\AppID = "{534A1E02-D58F-44f0-B58B-36CBED287C7C}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\STKPreview.stkfile regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PivotFile.piv\DefaultIcon\ = "C:\\Program Files (x86)\\Pivot Animator v5\\pivot.exe,1" pivotsetup.tmp Key created \REGISTRY\MACHINE\Software\Classes\PivotFigure.stk pivotsetup.tmp -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A pivot_v5-2.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C pivot_v5-2.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 pivot_v5-2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e pivot_v5-2.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e pivot_v5-2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 pivot_v5-2.exe -
Suspicious behavior: EnumeratesProcesses 27 IoCs
pid Process 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 1788 pivot_v5-2.exe 2268 pivotsetup.tmp 2268 pivotsetup.tmp -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1788 pivot_v5-2.exe Token: SeShutdownPrivilege 1788 pivot_v5-2.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 1788 pivot_v5-2.exe 2268 pivotsetup.tmp 560 pivot.exe 560 pivot.exe 560 pivot.exe 560 pivot.exe 560 pivot.exe 560 pivot.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 560 pivot.exe 560 pivot.exe 560 pivot.exe 560 pivot.exe 560 pivot.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 1268 wrote to memory of 2268 1268 pivotsetup.exe 32 PID 1268 wrote to memory of 2268 1268 pivotsetup.exe 32 PID 1268 wrote to memory of 2268 1268 pivotsetup.exe 32 PID 1268 wrote to memory of 2268 1268 pivotsetup.exe 32 PID 1268 wrote to memory of 2268 1268 pivotsetup.exe 32 PID 1268 wrote to memory of 2268 1268 pivotsetup.exe 32 PID 1268 wrote to memory of 2268 1268 pivotsetup.exe 32 PID 2268 wrote to memory of 1632 2268 pivotsetup.tmp 33 PID 2268 wrote to memory of 1632 2268 pivotsetup.tmp 33 PID 2268 wrote to memory of 1632 2268 pivotsetup.tmp 33 PID 2268 wrote to memory of 1632 2268 pivotsetup.tmp 33 PID 2268 wrote to memory of 1632 2268 pivotsetup.tmp 33 PID 2268 wrote to memory of 1632 2268 pivotsetup.tmp 33 PID 2268 wrote to memory of 1632 2268 pivotsetup.tmp 33 PID 1788 wrote to memory of 560 1788 pivot_v5-2.exe 35 PID 1788 wrote to memory of 560 1788 pivot_v5-2.exe 35 PID 1788 wrote to memory of 560 1788 pivot_v5-2.exe 35 PID 1788 wrote to memory of 560 1788 pivot_v5-2.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\pivot_v5-2.exe"C:\Users\Admin\AppData\Local\Temp\pivot_v5-2.exe"1⤵
- Checks for any installed AV software in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1788 -
C:\Program Files (x86)\Pivot Animator v5\pivot.exe"C:\Program Files (x86)\Pivot Animator v5\pivot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:560
-
-
C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe"C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe" /VERYSILENT1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1268 -
C:\Users\Admin\AppData\Local\Temp\is-KL8R5.tmp\pivotsetup.tmp"C:\Users\Admin\AppData\Local\Temp\is-KL8R5.tmp\pivotsetup.tmp" /SL5="$30186,18433013,58368,C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe" /VERYSILENT2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Pivot Animator v5\STKPreview.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1632
-
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD52e923d0f7f805c9acb390a85a782d49c
SHA1fb98065c9dc3baa5c3729f9540806075c8bf17fe
SHA2565eaf90001d8e3b867473137e904af9baf29a0cb6dba41caa9242a368c28d0c83
SHA512acba39c54635e2bbf8863da415a52290df64932a2529c0852d28f121cec033c290cce4dc7d007a5a65b8fede938b42a792e6a0c74fe9c7e952517af606014dca
-
Filesize
4KB
MD508557c8776d979a1143cc674a5fafb32
SHA1bac5104bd62594892404b61b5bd0e96f6c7f153e
SHA256d8e45cdcd53ec9ad56fba89575c66701b01e009c4d371db092deecb1604a087f
SHA5125b0cc057cecee04beb080fa44eea6657dff3e7b43a5032035ebe1554ef6f166aae6ef8ea189b829855eb2db7503e6195a9f6965f9c65b5cc9c4a0d1c25357a41
-
Filesize
7KB
MD5834bb56ece2ec9942d38013d3bb60a18
SHA12025dea0b5bd24703ab641feabc716add70bd66c
SHA256703046dd6742dc3e04113ef1c2beb8547c0f42501549372b8a17f954ace2b5a5
SHA512c28f92c969e90247c733d80f7f676b8c63b6cf89ae9dd12d412e550bae2b2cd15e8fdd36d3d2321bfdbb65abc03c5168a8344cbd68dfa2a57d0fb3a16ad620f0
-
Filesize
604B
MD58af3f2f0668a79696fd82f8be2eda937
SHA125240129f6d07c81e0c6b7bafd9455ec9ed4677d
SHA25606cd354fd29a8d1a3ea697d0bf9d5b8f29cf413554cfd995b2111bdd21c1c4da
SHA512785b18ed83af595f7e405c29cf11d2a4939f1d9ddfec1c042cbb5d35590cf4c76c0b90fc85a6a2c87549d614b145b38dd8ff9989caf78069c8c8527bfb100395
-
Filesize
226KB
MD58fcdedbaba257eadd8be3cab322a9251
SHA16cfce653c35e3d9dada31d2f95a60f6783e6b680
SHA25607e2827109f791ea15f3dc095593bbf9f8b04d897b84f20d721b0b12e0123d0c
SHA5123e9eb3ca2f4cdc63552c989d0780a06174b6e4e9979b69224df89b61f94933bf7b6709ec14cc5bcd59dc671451af37cf128d181f9bd3c47a475c77ad4ce1c34d
-
Filesize
24KB
MD562b0d70606a4007449fe4b874fe5439a
SHA10320443ba131e16e7082e7630335137920e6843e
SHA2561af0fef50894c5aff61c2a521c872715105f25d2039aa37b1a048aa628373cff
SHA512b3eda7099348978899b699897969f095b2d18184f9e0b1574c3eca5806f49ef2c8b43112f3ee94ec93c2809c097d52fb68f0afbf7fe703dcc42cfd4ac2986438
-
Filesize
8KB
MD5f93b4710781fa8957a8cc3c86929025a
SHA1efa94134deac0e9edcfc028bdfc120d7ce58cb91
SHA256c57ebe624a4cf08eb72783f7aa5f7f1f511fcea84791908be722398a69d8f7b3
SHA5123224c1ceb84923a92788ae09a21fc202fb33b84c1ad9a81124cd9bdbe7335e19d2d16044ac1979518cd8124c593e888d4ccd4762bfb190df8178045320c128c1
-
Filesize
2KB
MD5b2eda498c427624b00b8dd1a03939afa
SHA1578d03967c0eb86a1f8dacf5ade9e16bbb09e24d
SHA256525e4ad75a58ba9d20c3950878f27b2c55277e4d59757aa980a5b6260d2f16d0
SHA512a2f1520839d3e0934bf7a5f7197cdda5321013e81471debf0cf89274f66b96a9d96b8611391474f2ce5fbded653dd6e19f88cd492a80f13a6b2d413e63ad3b76
-
Filesize
17KB
MD555ee1cc860856d8edfb175139fbc0cd6
SHA19ef9d5f35446b2a081f6f91002dfe09301f6d4cf
SHA2561f7255a15e09dadb3a35e9a07b60dc48c681605de35a7473a5fef5bfc75bdd35
SHA5122324d95472a231df3a9a75a72524c9c90412878ee2b7b06fe47bfa09382d38a4fc418911651f21b3c79486fa29af0f113f8ad4321e24940c961534eb7b24375a
-
Filesize
1KB
MD5b810f7a219611f4ce7c078005683474b
SHA1ea63273b1fafdc3a57c15c0070f7e1eadbfe3f4c
SHA2562ed6a7c53c65ec762d9d9b0ebadf64e02e22b5c5a0f507627d062db661a00b68
SHA5127eff076b226970d4c98c1b448b7a78fccb7600a2ad524f2aeb485f5d5242b910f357f1ce40e423bc1f09e52557ba738e2b6356df5eece22afb61fa2dcda4fda4
-
Filesize
19KB
MD50db372ae4af1f4df6a104dc98d9acf0a
SHA11961172d58f6849ef5378fee930c0387a9af2eb6
SHA2565ab8f2911c6c7610729134a1543926b8c4c4964c080da9fdc3ad35a27626cf99
SHA5123941326649de80060a975d37648e234b7a2b14aa2bd265364f4f2ced79d42bde601702b6195ec96bb41f033bf9e75c489f8365c74c870244731d241cc261e435
-
Filesize
9KB
MD512ae5f64729cb7edb9b1713dd53da83d
SHA1e801787b3f2158710d516512933f387cd863b081
SHA256933073be25c12e6d089ae9413230630804dd830742ee2e8114d621278055816b
SHA512d386f5b6f4d6f2a8ffef981023013b25d96228df79e79220ceb7e7922db14934a02f0343394465870c4123069f7a913cba814ee539b4be981d0e3a620a579d1b
-
Filesize
1KB
MD542803149c1f956a427f150d0905be563
SHA11384465e3b7ebf64d98e6fdf35476cbf9aebf2e4
SHA256f2783753894ad376681f370247314c1377ff6724145501635c7a7c8682155023
SHA512902afa28a5566edc029fd2d288d9a119a54760946f27a9ee80d6e8c42dc84f305e5c7dc4e052df79fa7678a1ff2c639ca82d7163922b12710903fa558390fe5b
-
Filesize
7KB
MD55ec681f762df42f824781509b07a8197
SHA12a6bf546c4f7d1b9e6556b3548fad2d9361a46ca
SHA25696c0eda02adc1f87d89bc0996da0b50935efd3cdb36475748753b02c5a362d43
SHA51235a9cb148ed9d6ebc86a1c7269ebdfac1e0bc56ff0817b70d2a771eb96814eab83d2e7844ad22549abc2bba7f7852c636d5593092c55f73c2d48880486dbbf8d
-
Filesize
2KB
MD5e90984f43f77778062a574baeffc3d56
SHA160ab52b15adf4d832e19606685272f5073d3878e
SHA256198d25ddc7fe0c87166aa6225811be28b341df8493404d5f32247b25774bc5ee
SHA512bee3c26e1cd9bbc51dcaa7c7f83d66712959f09b07f3fe89610f32282ad857d22ba04ebec9cb43bfdf99dd593d5a16a06ca0b44fd677c71b6a883bad3508c06a
-
Filesize
1KB
MD5de938ed1fca12777739e6720aa846370
SHA15ee6765b2046c3f58f823405eb9e3c1d3b2f5c4c
SHA2564f83a5ba94aa5fefff5faaa6747077d424792023407e7795d68e98ed91e72326
SHA51294edf47fa47695b48516a9a8f115142aad8c9b4424a4284da4ddd37e13aeafa95f8c3f7acea9a26fdebe4c55f32ceacd3b532a871ec8bd0596cbefa33d763187
-
Filesize
5KB
MD5c0da29c6c68e6b07b3c3663bccdef12f
SHA1e32b0af30900a51294a6eb0fbaf739648045b7cc
SHA256a98e443c17047e009ce0b40d868597b49dbd09cc64f1a73991c59dfddc1cd2ec
SHA5127c6b7800a341b1b75559c7f2620b9587ecdaaf597bca83f089d65147b03b8681a5fb5b8b6d798f435119263601d36023e451a0a2bcc034c368d766773ac6355c
-
Filesize
83KB
MD54cef79aec9863cc101d772a7b6ff21df
SHA1b8326019886275ea2e58ce1e3bcbb09fc3e594d3
SHA25616578bb0a7e1187e40e1cbb0e16c196889a17829dd449c5b6f32e238f0a628b2
SHA5122b06440714074543b7540d30e210c49b9ed6bb595dd22f9ac51f21198501ccd944b0c4e96adf906a44c0c9ef6adcfa22b2fbca9f67fdfb159073fc83506d80c3
-
Filesize
356B
MD5a0c7825383dfd56f8448654563e2d3f1
SHA19e26723e9a46301d5e7eedd02fcfe17f7d298739
SHA256d2059b69914b3342fd2f0e62eb659cf84b6ee5faf9d09a760bb63a70b36599db
SHA512c4e2988098141dae9d8d6ecb8f03dcc2b725f58496f15ccb030661b767f6b05efec2d9a565f4c5083523ae29f13b24bb56151f3ba6673a16350d3bf148bcd6ef
-
Filesize
181KB
MD575e011d607a4fe83e19c858f68d09709
SHA103d9185fdfb437f9bc5cb4b4ebbcb1816148a032
SHA256822610840dc2da27ae1587916bea90aa731b1cc7a99210e5fc91c27d2db0973a
SHA5120cae9e6a2dafc7a34b812db177335709f1e98714031aa51c13df3abcc39dfed71642faa22d95d4cb4847995dc0a8683e1f76270664aa88560b1035fe412152b9
-
Filesize
195B
MD5cc39ef21859d52916fa65a8b21a27d22
SHA10f56f99f45f30ad80484e7f192767b7b7182bdca
SHA2567f2ad7f786867bd68469017e04a905ae07688053bd04d1ec513bee83a9442f58
SHA51281161126e5216646132d6bb872781c8d423d44862c50d3d6738720a5cda4778536bf240426da14d204564a23ccc6ca7a4b6a145003fa25cf0e6c8f31376568da
-
Filesize
2KB
MD5f02c84a7f5e47a7af3950336841d0af7
SHA1a88989811682ecaed505ad4133e6710c8bad67ae
SHA2567df392188c1ed7b740ae292a734af4c53dafb62f82169d680f389a1e51a41d90
SHA512a20f0dfdc42c9b044bc755830a06217548c411c6cb33da9a340ee88030cd0d941311e0bb449694fda9ae85620a10d0f7bdaacd1a03bf80a7db05dfc823eb9419
-
Filesize
456B
MD5e91c14d26679408d6d0bf7a4408f6ec1
SHA10c8ec865b6c530dddafb7e2ca6a4998d9deb48c3
SHA2564820460534d37a46e5714f5aec130320cab5e4bd6a59fc670a3f6a19d177780c
SHA51269b24e7e59a2c2d784eb06d410227b84d4b65bc272d86b7cb8e3c4a6ee25441cbd2248fd8c1f88f421a1487993de15d4b0c534350deef272bba0ce36cb7048a2
-
Filesize
616B
MD57de0ea14391f0dd75363cee75a691c30
SHA1333264a4010ffc56e71d7d969eacbc00d792a106
SHA2562a7e63a4936e43b0e85d0803a8eff196e138ee08c8eb337d80c73dd49b825895
SHA5122573e77fd052402cec3fd8bcdcc14435d680ef56f6c1f4b6737032753d454c658b8b26a6aaeb39f412765159729f6d129c575bee428c175353dd360f682f03ec
-
Filesize
3KB
MD583d80e1843a022e3f6c2eeb798fc77cd
SHA14d54af3502321f409aafe56813afa5d78d5e91cd
SHA2568b4d754c5a800f6270aaead4ab39d20e5b8ed229034213e3f42f560f3706faaf
SHA512b1a3d4a1c0ce97722d3c3a49c539342233e1b49b31972395d3a75a3f9aa2e7a94e62d3588b33ec38ced55e772b48c33caf887470ce0d51f3ecffb81a5c33c015
-
Filesize
674B
MD5bf204760449e39d33efa312a2f027ecb
SHA1c57203280b902425c6b9243a7f645b74d2a9bd00
SHA25693babe694a9e14b3aefe3a900ddc8623d4a8fe938a671323bf5cfdf68bd81afa
SHA51285d4ac1b80e2c31dca3efb2a1a920649f410a38cbaab4e623761eca0cbcfc74eacf55fbd894d484f03715d491472343f1422da218ec459fa7f37326965d6a29f
-
Filesize
410B
MD544207f61be6cbecb2e942fa214ab7ce3
SHA1f05ecf61b19ce943513916aba67823d8e6ac63e4
SHA2562914177d015fb201b423485522df207efe680fabeaf811f1cd59362374344563
SHA5124393917897ab29024919a03702f397f73deb38c0ced1576d74b32e751a3d9bc4f0ccc19c69a5ebd97346759df25df5f22cf4408403ad17b096bd5bb6d9d415de
-
Filesize
242B
MD58d61ed789696fb6fc57460c903f6bcd1
SHA18fb0ac3f02cd1d5a1430f6c892b23779d2362af9
SHA25691a2d8f040f4566f8c50ccbe7faf800463cfab72b77315f112170db0fe953dbd
SHA51207e063e56a68a19b5faf9df56ef0eb83a36bcf94674e03f5d9c1ea7606e7624be850ebb8caccfd1b192cf90f180112841b17768413c882f3f0b67dbaeacb0768
-
Filesize
458B
MD54003994633de0353b135ec2117f4cfbc
SHA1b637213dfdd99aea0eeedd54818c713d4543bed6
SHA2567f58987b2a7fea67ba767a67519e23408001755ec11b764304f41ae86b47d8a1
SHA51271579e0290b7f72fb7a036f1b9b3bd69bee55977152069bfcaf8298e9cc00b0c71f6a80e95923cbb2be8c012ea7ae651d19b1442e3cf48e6c9c392ae6f8784e1
-
Filesize
386B
MD5e7bfc2164ed2cc976eb0e6a03ba1666e
SHA12f07b80e72d9efe4f2be07d66376149b88d84162
SHA2561e92f7a981c1530ae9d779505c37e663f13b487fdf3e76e39a380c815ca653ed
SHA512aa56543ff08b2239abeaa5616be67270aeb415b5d6bb4de96439b4cc9de139529872411dd46fe7d06f0f9a32efff6c26029e5ea07c096a58ce33397d1f6109ec
-
Filesize
506B
MD5890e0b71d7bb2ecc2e8ab582142a6dea
SHA19df816c4b27c9d3ebd8efa60105b286e18d55817
SHA256928db977e9d6403467a28f3b27daf6e8d5d014b7cc24da5a49bad32a71f7b521
SHA5129844dbf4fd4d1338c65e036bbe79792dabaeb1a0be1044d52d80ecf0c30a14473b8a028244916dd39c7ce4008008b0e5190696e898184ebb302b920d1dcf8174
-
Filesize
290B
MD5bc38e45306c140bfd2cca0f0e429a711
SHA151b71da52da155bbfe36a31aab59f4ac6c54de03
SHA256402482091dc89f95a39e4114b2051d0b62b51b23436d984604fe722d816cedff
SHA51262b80f1860573cdcd63f9ad604a5b073f7bb39c244a348a3c5b3eab800c4c0086b2c6d5fc340faace6c4eeae50eb2c411546ebdc4e2d4d4cb67fff9ae442c55b
-
Filesize
440B
MD543c05d8c2be77c118572b875abb9b062
SHA196799226803a2c1e4adb0b3524a42bf4b92e6b3d
SHA256e829d27438a81d7d81581853ba2cf01393257151aedda00d19bbb5d154f3bc46
SHA5122b618f17376503474981e4f70a79683780b49542920996692b10aedb55b1fa1f2a88e0317f1b08c7fcc382cb998742af415fcdb7c782c157c590937e772e9a61
-
Filesize
266B
MD564e43db5b1accf836f361ec1f1b552dc
SHA1ff09eefd7153d73fc05b09f10e78a1dc989b0ef1
SHA256b58b11b3aeda16a1d8b03dcdd00a90b1ea4551e55a9063cc5b197034f65cef1e
SHA5123f6a48c17ca813c77e27e7f24a4d9a457503c51a2f834783e67b88538cbcfdb1d7e811cf88f91209e6664b7a7ee673fd4dd8052ffef27c97092913d8aa853adc
-
Filesize
362B
MD51a1c27977e828b5791821dbed308939b
SHA1ceb455f00c1d5c81c4391f35a3b22cf3df55816a
SHA25637d2d982ef098dc2a0f04da28cc155132d9350693db9b593107370da1d643a4a
SHA5122142ebc80fa6d8abd5a22f4304713a64ab9ce459b5722e8ddeead91f4a1e2e84dfb8ac2fefbc6d1f995b9724c806aef6a9316546166bb0ea84dcc771c657520f
-
Filesize
150B
MD5e1a8a087812e4a1f5cfd61a14254c8c7
SHA136ab08c6bbcd35e900fa27a2a7956c30d0b8fb73
SHA256230e0ed1dc21c2f8fbd878fb3c190a549fb73c15c2336e89a521b3dfc5c1795c
SHA5129a962f649c7180eddd763820a173ea338aebe9caeaf72d8c7451dcb1c4ad94ba1c926bc6fcd8fefc337e216e5f276f2674348d7d17bc9e5b798e1cd059bb6fb1
-
Filesize
83KB
MD5fe75a23b8ea25a62edb48bb06d586398
SHA1a0ffdbef6a999c22a8db12595387799b1ca32cd9
SHA256f0df8bba81d23f0321746ce67e90b000e36d4e89e7b224ed2239f2148ceb1716
SHA512248b1a48b2e8dc7653f8d772b1a377c53fc272ee20de20c75379e3a5752ff1a6cf43585ffb649bb66be87807980e46dcce28ac150788001c4180717acde41b8d
-
Filesize
156B
MD567466293e74baedf75f3d5fdc4c08688
SHA18d18148240f507f98e43b6634b3fcf1f044454a1
SHA2567a12852655abde3227b5c81dce1d1c1e9c20227a24e40c8dcadf2852b0a01ba9
SHA512b493236a840ec9584faa75e2e18360de84fffaeebfb9ba753ec5e3ed7bb16e7230862772bd9a5c1e0722e5421f449af7e8fcb3359506601df3e1e8594248b223
-
Filesize
370B
MD5e791a9f7be703bde42039b2af8e62695
SHA1cf4c3f295f5b61dab08338286ed142466f824890
SHA256e405b5b49f4038628cb81c08fea740f062f3f5c63a42496c778e3d3a86439485
SHA512247a4a758d67765bcf7b8bf3c8f218b408ff91140cbbca8e03e4618d6d59b2ac883e75bbcb702541457393fdf12799662dedc8fbcb6bf8aefae990334b622e93
-
Filesize
301B
MD53a2b48a8ef460ad903cda4e9ed848a5d
SHA12437db80ab776fe1e362df0228336cceba0a15ba
SHA2566a27b3d4c34264feb12fad3030933227ad9f4130a87d9aee2a3e27fd4b4d76a7
SHA51242ecc719620f202445540170f7ac0b6cdf2e21986122193db8905a0a1110f27af50738369c7677b801ff4eccb9b16a7cb6ccad2776b00f40036bc9fdd837fbf9
-
Filesize
52KB
MD56640003c7850cd3d6e55772e314a8573
SHA10f95311d7224a6cd45f2f7567152de7cac68d7b5
SHA256c8dc70b37e3e756d972b441cd7894f195074d04aee49701382764c5e24d1b7c8
SHA512a47b2318a1d68d0dd2a5b423bb6336fda45f2465ab84cf24c7651278db0cd5c29b7b6b96dba0b926b42e13cbfb1e27f6be37b91aed5c9b972a9a386a87dde240
-
Filesize
319B
MD5d139c79626f7b8235c0c12adbaa5eada
SHA12a538c99bf72defbb29900ecfa4b1c75c8abd39b
SHA25674259c84cb6638a71d7567b5bb162d85e37689750449532a0a897afd1011596e
SHA5123d249150baec42e1b81540ff7ab7a080e21e3feef58170822c77984171d57a64f9904fd14cd4fc3a8289d1a6035b94cf4f5c7bb66920574aa3fb4c1421bd8ee4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a157699b26ae65043b4f62c9ad7428e0
SHA144118a3f9e234754c4cbf3937ff76eec34a432cf
SHA2569f2470110193982986e7c0920e087d2495cf4b948983049b5085511eb5320f40
SHA512a1b90968a20472300ea41002bf1c17b7404ad42437fd52f82fd0644de9dcfd1bcae8cf9ca119f06903f86e624c104d5db7b85ec2b2a7d6539b322d12ae6cc918
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53125689eb0782eed57c99ae665d6d55c
SHA13b63a4c3f2cc5d672c0230f711e417465fb01dee
SHA2563360b621db793dbe6ba70a026659f20d9b16836a2c84e9f80834509b4289980a
SHA512e9519b9dfdf1bd8abef681875c1fc531e750d1dc4af9fdd7392e9bcc053d5bd6841fba9587eac643aaaf478faf4ebcf54cb252b64450fd9aa22056d55d869e71
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
17.8MB
MD5a52c104395773710fab7f6264aced388
SHA187bf5c40fbac501bc272cb5343e7ae09b13bfdb1
SHA2562852267832c4338f9ab2488add87c71be9e9b6fac50f3395915e7b9b6ab5cd11
SHA51247eb7a1bd1c78961a8ab5a90896df6be0d57e253798033ba6caafaef6826414a08f6f8fe085faee7601d06acc00bec26c8c9e8da0da97168370e69fa27cf829f
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1KB
MD5803d46ed61650aa30d4ca4ba8bcbad90
SHA14a30078e23358809e0c067ac872e49fc01aafc8d
SHA256f022958d46e5ffb2a716600057b18988dd762d8fb64b688b114e6aa4038ba057
SHA5127998af503ba90bb4065c123df9e28964df80c8c2a8a68aabe7ab95fb588cd2865aa3ad1d3e44b51c94964eebc91a58b2b064844730d177c33fdb3b3bc9508c0e
-
Filesize
12KB
MD532965780e3c3b53b1e2f8b82eb96da05
SHA185f817ef5d3150f4bf69e967d56a032f4521f79a
SHA256f22de79fe47abd955f05c0ea0cc1586eb549c956f22616c051142f448fcd8f23
SHA512046d7f36faff39650b29a7198dc3b4a5af1a94efa2cc807c5981023010c448ae5421be1055d0a5bf4c1b7d23214c5cf19e122be21eee49b11a774694be788605
-
Filesize
2.5MB
MD52c639820b502df57891e7c4ee805f4b7
SHA1d90ecab78c86152c31f6963096107fbb115f7bae
SHA256dcdaf630b7a42bb9d6b1693e159175d68569f20f3ab034af4124d3c775436458
SHA512afd96af844d30256e9fe1983e82317ace56d6741bf3f2647fee6ef6870b610a4b71560aca95a62ed5b54a2e1ab0ef1487a536124328f4ac327a0b86b1c1900a4
-
Filesize
13.1MB
MD5ab3c884e603de1d2d9d4bb9edeac8762
SHA1123e87c326a39d641571c5f5d54e9b1f42926cc3
SHA256af38da271a7fb34617b094b3832af8f016168d0923dabbfb297633fb22e49036
SHA512ecf3474372d1af6f4e93fe655b188b03744f07166fe2ae3947650fec8afabd2bb721270d8e3ef97d52cd4071e6a94ca1c1f5ecf304ed0711bb932bfce133982f
-
Filesize
713KB
MD56341d7c8365a68edfa370476a6de9262
SHA108ca9e3631bc815b7c3afd4fe461385f4667710d
SHA2565cc26edaa9445ff84e9d118245f07e4ff740ca72788a7b8d2c32d52d68f36afb
SHA51251ab8057a974fa227084756311d5fe8d3e9bb6d5ac785d405a3f9914a0066adb5cd753a0e844109ccf711c2b34ccfa001f2ab3b05587848519ec5b74f71861eb
-
Filesize
702KB
MD51afbd25db5c9a90fe05309f7c4fbcf09
SHA1baf330b5c249ca925b4ea19a52fe8b2c27e547fa
SHA2563bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c
SHA5123a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419