Analysis

  • max time kernel
    142s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 23:44

General

  • Target

    pivot_v5-2.exe

  • Size

    660KB

  • MD5

    f577fc68521d8ca399edd72ac913255d

  • SHA1

    8ff05351f4d8f3c4c80ed4985590e8ab1b989ea1

  • SHA256

    ae9e4974652dc907c017d94d511f1c4cbab72b8c440c052f38acac86279eb509

  • SHA512

    ce2497db91582a1d21093e1e08fd33bb91d7f93081045e716cc46c2b4b24f65ec4dbe8ce7149109c4a713b55a13706cfda967fdbd466d3c1c00024f4761f0e38

  • SSDEEP

    12288:zymCv84Lnka4eec2ZZEhl3qgi4JpXBLUbBinP7:zIv84Lnk5LEhl3qZs1P7

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks for any installed AV software in registry 1 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 53 IoCs
  • Modifies system certificate store 2 TTPs 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pivot_v5-2.exe
    "C:\Users\Admin\AppData\Local\Temp\pivot_v5-2.exe"
    1⤵
    • Checks for any installed AV software in registry
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Program Files (x86)\Pivot Animator v5\pivot.exe
      "C:\Program Files (x86)\Pivot Animator v5\pivot.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:560
  • C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe" /VERYSILENT
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Users\Admin\AppData\Local\Temp\is-KL8R5.tmp\pivotsetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KL8R5.tmp\pivotsetup.tmp" /SL5="$30186,18433013,58368,C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe" /VERYSILENT
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Pivot Animator v5\STKPreview.dll"
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:1632

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\cursor.piv

          Filesize

          7KB

          MD5

          2e923d0f7f805c9acb390a85a782d49c

          SHA1

          fb98065c9dc3baa5c3729f9540806075c8bf17fe

          SHA256

          5eaf90001d8e3b867473137e904af9baf29a0cb6dba41caa9242a368c28d0c83

          SHA512

          acba39c54635e2bbf8863da415a52290df64932a2529c0852d28f121cec033c290cce4dc7d007a5a65b8fede938b42a792e6a0c74fe9c7e952517af606014dca

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\dominos.piv

          Filesize

          4KB

          MD5

          08557c8776d979a1143cc674a5fafb32

          SHA1

          bac5104bd62594892404b61b5bd0e96f6c7f153e

          SHA256

          d8e45cdcd53ec9ad56fba89575c66701b01e009c4d371db092deecb1604a087f

          SHA512

          5b0cc057cecee04beb080fa44eea6657dff3e7b43a5032035ebe1554ef6f166aae6ef8ea189b829855eb2db7503e6195a9f6965f9c65b5cc9c4a0d1c25357a41

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\horse_revenge.piv

          Filesize

          7KB

          MD5

          834bb56ece2ec9942d38013d3bb60a18

          SHA1

          2025dea0b5bd24703ab641feabc716add70bd66c

          SHA256

          703046dd6742dc3e04113ef1c2beb8547c0f42501549372b8a17f954ace2b5a5

          SHA512

          c28f92c969e90247c733d80f7f676b8c63b6cf89ae9dd12d412e550bae2b2cd15e8fdd36d3d2321bfdbb65abc03c5168a8344cbd68dfa2a57d0fb3a16ad620f0

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\run.piv

          Filesize

          604B

          MD5

          8af3f2f0668a79696fd82f8be2eda937

          SHA1

          25240129f6d07c81e0c6b7bafd9455ec9ed4677d

          SHA256

          06cd354fd29a8d1a3ea697d0bf9d5b8f29cf413554cfd995b2111bdd21c1c4da

          SHA512

          785b18ed83af595f7e405c29cf11d2a4939f1d9ddfec1c042cbb5d35590cf4c76c0b90fc85a6a2c87549d614b145b38dd8ff9989caf78069c8c8527bfb100395

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\sprite_demo.piv

          Filesize

          226KB

          MD5

          8fcdedbaba257eadd8be3cab322a9251

          SHA1

          6cfce653c35e3d9dada31d2f95a60f6783e6b680

          SHA256

          07e2827109f791ea15f3dc095593bbf9f8b04d897b84f20d721b0b12e0123d0c

          SHA512

          3e9eb3ca2f4cdc63552c989d0780a06174b6e4e9979b69224df89b61f94933bf7b6709ec14cc5bcd59dc671451af37cf128d181f9bd3c47a475c77ad4ce1c34d

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\tower_fall.piv

          Filesize

          24KB

          MD5

          62b0d70606a4007449fe4b874fe5439a

          SHA1

          0320443ba131e16e7082e7630335137920e6843e

          SHA256

          1af0fef50894c5aff61c2a521c872715105f25d2039aa37b1a048aa628373cff

          SHA512

          b3eda7099348978899b699897969f095b2d18184f9e0b1574c3eca5806f49ef2c8b43112f3ee94ec93c2809c097d52fb68f0afbf7fe703dcc42cfd4ac2986438

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\tumble.piv

          Filesize

          8KB

          MD5

          f93b4710781fa8957a8cc3c86929025a

          SHA1

          efa94134deac0e9edcfc028bdfc120d7ce58cb91

          SHA256

          c57ebe624a4cf08eb72783f7aa5f7f1f511fcea84791908be722398a69d8f7b3

          SHA512

          3224c1ceb84923a92788ae09a21fc202fb33b84c1ad9a81124cd9bdbe7335e19d2d16044ac1979518cd8124c593e888d4ccd4762bfb190df8178045320c128c1

        • C:\Program Files (x86)\Pivot Animator v5\Animations\Legacy\walking.piv

          Filesize

          2KB

          MD5

          b2eda498c427624b00b8dd1a03939afa

          SHA1

          578d03967c0eb86a1f8dacf5ade9e16bbb09e24d

          SHA256

          525e4ad75a58ba9d20c3950878f27b2c55277e4d59757aa980a5b6260d2f16d0

          SHA512

          a2f1520839d3e0934bf7a5f7197cdda5321013e81471debf0cf89274f66b96a9d96b8611391474f2ce5fbded653dd6e19f88cd492a80f13a6b2d413e63ad3b76

        • C:\Program Files (x86)\Pivot Animator v5\Animations\archer.piv

          Filesize

          17KB

          MD5

          55ee1cc860856d8edfb175139fbc0cd6

          SHA1

          9ef9d5f35446b2a081f6f91002dfe09301f6d4cf

          SHA256

          1f7255a15e09dadb3a35e9a07b60dc48c681605de35a7473a5fef5bfc75bdd35

          SHA512

          2324d95472a231df3a9a75a72524c9c90412878ee2b7b06fe47bfa09382d38a4fc418911651f21b3c79486fa29af0f113f8ad4321e24940c961534eb7b24375a

        • C:\Program Files (x86)\Pivot Animator v5\Animations\deformation_demo.piv

          Filesize

          1KB

          MD5

          b810f7a219611f4ce7c078005683474b

          SHA1

          ea63273b1fafdc3a57c15c0070f7e1eadbfe3f4c

          SHA256

          2ed6a7c53c65ec762d9d9b0ebadf64e02e22b5c5a0f507627d062db661a00b68

          SHA512

          7eff076b226970d4c98c1b448b7a78fccb7600a2ad524f2aeb485f5d5242b910f357f1ce40e423bc1f09e52557ba738e2b6356df5eece22afb61fa2dcda4fda4

        • C:\Program Files (x86)\Pivot Animator v5\Animations\gear wheels.piv

          Filesize

          19KB

          MD5

          0db372ae4af1f4df6a104dc98d9acf0a

          SHA1

          1961172d58f6849ef5378fee930c0387a9af2eb6

          SHA256

          5ab8f2911c6c7610729134a1543926b8c4c4964c080da9fdc3ad35a27626cf99

          SHA512

          3941326649de80060a975d37648e234b7a2b14aa2bd265364f4f2ced79d42bde601702b6195ec96bb41f033bf9e75c489f8365c74c870244731d241cc261e435

        • C:\Program Files (x86)\Pivot Animator v5\Animations\pythagoras proof.piv

          Filesize

          9KB

          MD5

          12ae5f64729cb7edb9b1713dd53da83d

          SHA1

          e801787b3f2158710d516512933f387cd863b081

          SHA256

          933073be25c12e6d089ae9413230630804dd830742ee2e8114d621278055816b

          SHA512

          d386f5b6f4d6f2a8ffef981023013b25d96228df79e79220ceb7e7922db14934a02f0343394465870c4123069f7a913cba814ee539b4be981d0e3a620a579d1b

        • C:\Program Files (x86)\Pivot Animator v5\Animations\run_demo.piv

          Filesize

          1KB

          MD5

          42803149c1f956a427f150d0905be563

          SHA1

          1384465e3b7ebf64d98e6fdf35476cbf9aebf2e4

          SHA256

          f2783753894ad376681f370247314c1377ff6724145501635c7a7c8682155023

          SHA512

          902afa28a5566edc029fd2d288d9a119a54760946f27a9ee80d6e8c42dc84f305e5c7dc4e052df79fa7678a1ff2c639ca82d7163922b12710903fa558390fe5b

        • C:\Program Files (x86)\Pivot Animator v5\Animations\square wheels.piv

          Filesize

          7KB

          MD5

          5ec681f762df42f824781509b07a8197

          SHA1

          2a6bf546c4f7d1b9e6556b3548fad2d9361a46ca

          SHA256

          96c0eda02adc1f87d89bc0996da0b50935efd3cdb36475748753b02c5a362d43

          SHA512

          35a9cb148ed9d6ebc86a1c7269ebdfac1e0bc56ff0817b70d2a771eb96814eab83d2e7844ad22549abc2bba7f7852c636d5593092c55f73c2d48880486dbbf8d

        • C:\Program Files (x86)\Pivot Animator v5\Animations\text_abc.piv

          Filesize

          2KB

          MD5

          e90984f43f77778062a574baeffc3d56

          SHA1

          60ab52b15adf4d832e19606685272f5073d3878e

          SHA256

          198d25ddc7fe0c87166aa6225811be28b341df8493404d5f32247b25774bc5ee

          SHA512

          bee3c26e1cd9bbc51dcaa7c7f83d66712959f09b07f3fe89610f32282ad857d22ba04ebec9cb43bfdf99dd593d5a16a06ca0b44fd677c71b6a883bad3508c06a

        • C:\Program Files (x86)\Pivot Animator v5\Animations\text_bike.piv

          Filesize

          1KB

          MD5

          de938ed1fca12777739e6720aa846370

          SHA1

          5ee6765b2046c3f58f823405eb9e3c1d3b2f5c4c

          SHA256

          4f83a5ba94aa5fefff5faaa6747077d424792023407e7795d68e98ed91e72326

          SHA512

          94edf47fa47695b48516a9a8f115142aad8c9b4424a4284da4ddd37e13aeafa95f8c3f7acea9a26fdebe4c55f32ceacd3b532a871ec8bd0596cbefa33d763187

        • C:\Program Files (x86)\Pivot Animator v5\Animations\text_speech_bubble.piv

          Filesize

          5KB

          MD5

          c0da29c6c68e6b07b3c3663bccdef12f

          SHA1

          e32b0af30900a51294a6eb0fbaf739648045b7cc

          SHA256

          a98e443c17047e009ce0b40d868597b49dbd09cc64f1a73991c59dfddc1cd2ec

          SHA512

          7c6b7800a341b1b75559c7f2620b9587ecdaaf597bca83f089d65147b03b8681a5fb5b8b6d798f435119263601d36023e451a0a2bcc034c368d766773ac6355c

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_NY_day-night.piv

          Filesize

          83KB

          MD5

          4cef79aec9863cc101d772a7b6ff21df

          SHA1

          b8326019886275ea2e58ce1e3bcbb09fc3e594d3

          SHA256

          16578bb0a7e1187e40e1cbb0e16c196889a17829dd449c5b6f32e238f0a628b2

          SHA512

          2b06440714074543b7540d30e210c49b9ed6bb595dd22f9ac51f21198501ccd944b0c4e96adf906a44c0c9ef6adcfa22b2fbca9f67fdfb159073fc83506d80c3

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_camera.piv

          Filesize

          356B

          MD5

          a0c7825383dfd56f8448654563e2d3f1

          SHA1

          9e26723e9a46301d5e7eedd02fcfe17f7d298739

          SHA256

          d2059b69914b3342fd2f0e62eb659cf84b6ee5faf9d09a760bb63a70b36599db

          SHA512

          c4e2988098141dae9d8d6ecb8f03dcc2b725f58496f15ccb030661b767f6b05efec2d9a565f4c5083523ae29f13b24bb56151f3ba6673a16350d3bf148bcd6ef

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_demo.piv

          Filesize

          181KB

          MD5

          75e011d607a4fe83e19c858f68d09709

          SHA1

          03d9185fdfb437f9bc5cb4b4ebbcb1816148a032

          SHA256

          822610840dc2da27ae1587916bea90aa731b1cc7a99210e5fc91c27d2db0973a

          SHA512

          0cae9e6a2dafc7a34b812db177335709f1e98714031aa51c13df3abcc39dfed71642faa22d95d4cb4847995dc0a8683e1f76270664aa88560b1035fe412152b9

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_falling_object.piv

          Filesize

          195B

          MD5

          cc39ef21859d52916fa65a8b21a27d22

          SHA1

          0f56f99f45f30ad80484e7f192767b7b7182bdca

          SHA256

          7f2ad7f786867bd68469017e04a905ae07688053bd04d1ec513bee83a9442f58

          SHA512

          81161126e5216646132d6bb872781c8d423d44862c50d3d6738720a5cda4778536bf240426da14d204564a23ccc6ca7a4b6a145003fa25cf0e6c8f31376568da

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_football_bounce.piv

          Filesize

          2KB

          MD5

          f02c84a7f5e47a7af3950336841d0af7

          SHA1

          a88989811682ecaed505ad4133e6710c8bad67ae

          SHA256

          7df392188c1ed7b740ae292a734af4c53dafb62f82169d680f389a1e51a41d90

          SHA512

          a20f0dfdc42c9b044bc755830a06217548c411c6cb33da9a340ee88030cd0d941311e0bb449694fda9ae85620a10d0f7bdaacd1a03bf80a7db05dfc823eb9419

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_infinite_zoom.piv

          Filesize

          456B

          MD5

          e91c14d26679408d6d0bf7a4408f6ec1

          SHA1

          0c8ec865b6c530dddafb7e2ca6a4998d9deb48c3

          SHA256

          4820460534d37a46e5714f5aec130320cab5e4bd6a59fc670a3f6a19d177780c

          SHA512

          69b24e7e59a2c2d784eb06d410227b84d4b65bc272d86b7cb8e3c4a6ee25441cbd2248fd8c1f88f421a1487993de15d4b0c534350deef272bba0ce36cb7048a2

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_pendulum.piv

          Filesize

          616B

          MD5

          7de0ea14391f0dd75363cee75a691c30

          SHA1

          333264a4010ffc56e71d7d969eacbc00d792a106

          SHA256

          2a7e63a4936e43b0e85d0803a8eff196e138ee08c8eb337d80c73dd49b825895

          SHA512

          2573e77fd052402cec3fd8bcdcc14435d680ef56f6c1f4b6737032753d454c658b8b26a6aaeb39f412765159729f6d129c575bee428c175353dd360f682f03ec

        • C:\Program Files (x86)\Pivot Animator v5\Animations\tween_water_bottle_flip.piv

          Filesize

          3KB

          MD5

          83d80e1843a022e3f6c2eeb798fc77cd

          SHA1

          4d54af3502321f409aafe56813afa5d78d5e91cd

          SHA256

          8b4d754c5a800f6270aaead4ab39d20e5b8ed229034213e3f42f560f3706faaf

          SHA512

          b1a3d4a1c0ce97722d3c3a49c539342233e1b49b31972395d3a75a3f9aa2e7a94e62d3588b33ec38ced55e772b48c33caf887470ce0d51f3ecffb81a5c33c015

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\clock.stk

          Filesize

          674B

          MD5

          bf204760449e39d33efa312a2f027ecb

          SHA1

          c57203280b902425c6b9243a7f645b74d2a9bd00

          SHA256

          93babe694a9e14b3aefe3a900ddc8623d4a8fe938a671323bf5cfdf68bd81afa

          SHA512

          85d4ac1b80e2c31dca3efb2a1a920649f410a38cbaab4e623761eca0cbcfc74eacf55fbd894d484f03715d491472343f1422da218ec459fa7f37326965d6a29f

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\cowboy.stk

          Filesize

          410B

          MD5

          44207f61be6cbecb2e942fa214ab7ce3

          SHA1

          f05ecf61b19ce943513916aba67823d8e6ac63e4

          SHA256

          2914177d015fb201b423485522df207efe680fabeaf811f1cd59362374344563

          SHA512

          4393917897ab29024919a03702f397f73deb38c0ced1576d74b32e751a3d9bc4f0ccc19c69a5ebd97346759df25df5f22cf4408403ad17b096bd5bb6d9d415de

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\default_pivot2.stk

          Filesize

          242B

          MD5

          8d61ed789696fb6fc57460c903f6bcd1

          SHA1

          8fb0ac3f02cd1d5a1430f6c892b23779d2362af9

          SHA256

          91a2d8f040f4566f8c50ccbe7faf800463cfab72b77315f112170db0fe953dbd

          SHA512

          07e063e56a68a19b5faf9df56ef0eb83a36bcf94674e03f5d9c1ea7606e7624be850ebb8caccfd1b192cf90f180112841b17768413c882f3f0b67dbaeacb0768

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\elephant.stk

          Filesize

          458B

          MD5

          4003994633de0353b135ec2117f4cfbc

          SHA1

          b637213dfdd99aea0eeedd54818c713d4543bed6

          SHA256

          7f58987b2a7fea67ba767a67519e23408001755ec11b764304f41ae86b47d8a1

          SHA512

          71579e0290b7f72fb7a036f1b9b3bd69bee55977152069bfcaf8298e9cc00b0c71f6a80e95923cbb2be8c012ea7ae651d19b1442e3cf48e6c9c392ae6f8784e1

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\horse.stk

          Filesize

          386B

          MD5

          e7bfc2164ed2cc976eb0e6a03ba1666e

          SHA1

          2f07b80e72d9efe4f2be07d66376149b88d84162

          SHA256

          1e92f7a981c1530ae9d779505c37e663f13b487fdf3e76e39a380c815ca653ed

          SHA512

          aa56543ff08b2239abeaa5616be67270aeb415b5d6bb4de96439b4cc9de139529872411dd46fe7d06f0f9a32efff6c26029e5ea07c096a58ce33397d1f6109ec

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\ladder.stk

          Filesize

          506B

          MD5

          890e0b71d7bb2ecc2e8ab582142a6dea

          SHA1

          9df816c4b27c9d3ebd8efa60105b286e18d55817

          SHA256

          928db977e9d6403467a28f3b27daf6e8d5d014b7cc24da5a49bad32a71f7b521

          SHA512

          9844dbf4fd4d1338c65e036bbe79792dabaeb1a0be1044d52d80ecf0c30a14473b8a028244916dd39c7ce4008008b0e5190696e898184ebb302b920d1dcf8174

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\man.stk

          Filesize

          290B

          MD5

          bc38e45306c140bfd2cca0f0e429a711

          SHA1

          51b71da52da155bbfe36a31aab59f4ac6c54de03

          SHA256

          402482091dc89f95a39e4114b2051d0b62b51b23436d984604fe722d816cedff

          SHA512

          62b80f1860573cdcd63f9ad604a5b073f7bb39c244a348a3c5b3eab800c4c0086b2c6d5fc340faace6c4eeae50eb2c411546ebdc4e2d4d4cb67fff9ae442c55b

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\man_evolved.stk

          Filesize

          440B

          MD5

          43c05d8c2be77c118572b875abb9b062

          SHA1

          96799226803a2c1e4adb0b3524a42bf4b92e6b3d

          SHA256

          e829d27438a81d7d81581853ba2cf01393257151aedda00d19bbb5d154f3bc46

          SHA512

          2b618f17376503474981e4f70a79683780b49542920996692b10aedb55b1fa1f2a88e0317f1b08c7fcc382cb998742af415fcdb7c782c157c590937e772e9a61

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\man_rotate.stk

          Filesize

          266B

          MD5

          64e43db5b1accf836f361ec1f1b552dc

          SHA1

          ff09eefd7153d73fc05b09f10e78a1dc989b0ef1

          SHA256

          b58b11b3aeda16a1d8b03dcdd00a90b1ea4551e55a9063cc5b197034f65cef1e

          SHA512

          3f6a48c17ca813c77e27e7f24a4d9a457503c51a2f834783e67b88538cbcfdb1d7e811cf88f91209e6664b7a7ee673fd4dd8052ffef27c97092913d8aa853adc

        • C:\Program Files (x86)\Pivot Animator v5\Figures\Legacy\realistic_man.stk

          Filesize

          362B

          MD5

          1a1c27977e828b5791821dbed308939b

          SHA1

          ceb455f00c1d5c81c4391f35a3b22cf3df55816a

          SHA256

          37d2d982ef098dc2a0f04da28cc155132d9350693db9b593107370da1d643a4a

          SHA512

          2142ebc80fa6d8abd5a22f4304713a64ab9ce459b5722e8ddeead91f4a1e2e84dfb8ac2fefbc6d1f995b9724c806aef6a9316546166bb0ea84dcc771c657520f

        • C:\Program Files (x86)\Pivot Animator v5\Figures\archer_man.stk

          Filesize

          150B

          MD5

          e1a8a087812e4a1f5cfd61a14254c8c7

          SHA1

          36ab08c6bbcd35e900fa27a2a7956c30d0b8fb73

          SHA256

          230e0ed1dc21c2f8fbd878fb3c190a549fb73c15c2336e89a521b3dfc5c1795c

          SHA512

          9a962f649c7180eddd763820a173ea338aebe9caeaf72d8c7451dcb1c4ad94ba1c926bc6fcd8fefc337e216e5f276f2674348d7d17bc9e5b798e1cd059bb6fb1

        • C:\Program Files (x86)\Pivot Animator v5\Figures\dino.stk

          Filesize

          83KB

          MD5

          fe75a23b8ea25a62edb48bb06d586398

          SHA1

          a0ffdbef6a999c22a8db12595387799b1ca32cd9

          SHA256

          f0df8bba81d23f0321746ce67e90b000e36d4e89e7b224ed2239f2148ceb1716

          SHA512

          248b1a48b2e8dc7653f8d772b1a377c53fc272ee20de20c75379e3a5752ff1a6cf43585ffb649bb66be87807980e46dcce28ac150788001c4180717acde41b8d

        • C:\Program Files (x86)\Pivot Animator v5\Figures\outline.stk

          Filesize

          156B

          MD5

          67466293e74baedf75f3d5fdc4c08688

          SHA1

          8d18148240f507f98e43b6634b3fcf1f044454a1

          SHA256

          7a12852655abde3227b5c81dce1d1c1e9c20227a24e40c8dcadf2852b0a01ba9

          SHA512

          b493236a840ec9584faa75e2e18360de84fffaeebfb9ba753ec5e3ed7bb16e7230862772bd9a5c1e0722e5421f449af7e8fcb3359506601df3e1e8594248b223

        • C:\Program Files (x86)\Pivot Animator v5\Figures\poly_skirt.stk

          Filesize

          370B

          MD5

          e791a9f7be703bde42039b2af8e62695

          SHA1

          cf4c3f295f5b61dab08338286ed142466f824890

          SHA256

          e405b5b49f4038628cb81c08fea740f062f3f5c63a42496c778e3d3a86439485

          SHA512

          247a4a758d67765bcf7b8bf3c8f218b408ff91140cbbca8e03e4618d6d59b2ac883e75bbcb702541457393fdf12799662dedc8fbcb6bf8aefae990334b622e93

        • C:\Program Files (x86)\Pivot Animator v5\Figures\speech_bubble.stk

          Filesize

          301B

          MD5

          3a2b48a8ef460ad903cda4e9ed848a5d

          SHA1

          2437db80ab776fe1e362df0228336cceba0a15ba

          SHA256

          6a27b3d4c34264feb12fad3030933227ad9f4130a87d9aee2a3e27fd4b4d76a7

          SHA512

          42ecc719620f202445540170f7ac0b6cdf2e21986122193db8905a0a1110f27af50738369c7677b801ff4eccb9b16a7cb6ccad2776b00f40036bc9fdd837fbf9

        • C:\Program Files (x86)\Pivot Animator v5\Figures\sprites_pete.stk

          Filesize

          52KB

          MD5

          6640003c7850cd3d6e55772e314a8573

          SHA1

          0f95311d7224a6cd45f2f7567152de7cac68d7b5

          SHA256

          c8dc70b37e3e756d972b441cd7894f195074d04aee49701382764c5e24d1b7c8

          SHA512

          a47b2318a1d68d0dd2a5b423bb6336fda45f2465ab84cf24c7651278db0cd5c29b7b6b96dba0b926b42e13cbfb1e27f6be37b91aed5c9b972a9a386a87dde240

        • C:\Program Files (x86)\Pivot Animator v5\Figures\thought_bubble.stk

          Filesize

          319B

          MD5

          d139c79626f7b8235c0c12adbaa5eada

          SHA1

          2a538c99bf72defbb29900ecfa4b1c75c8abd39b

          SHA256

          74259c84cb6638a71d7567b5bb162d85e37689750449532a0a897afd1011596e

          SHA512

          3d249150baec42e1b81540ff7ab7a080e21e3feef58170822c77984171d57a64f9904fd14cd4fc3a8289d1a6035b94cf4f5c7bb66920574aa3fb4c1421bd8ee4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a157699b26ae65043b4f62c9ad7428e0

          SHA1

          44118a3f9e234754c4cbf3937ff76eec34a432cf

          SHA256

          9f2470110193982986e7c0920e087d2495cf4b948983049b5085511eb5320f40

          SHA512

          a1b90968a20472300ea41002bf1c17b7404ad42437fd52f82fd0644de9dcfd1bcae8cf9ca119f06903f86e624c104d5db7b85ec2b2a7d6539b322d12ae6cc918

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3125689eb0782eed57c99ae665d6d55c

          SHA1

          3b63a4c3f2cc5d672c0230f711e417465fb01dee

          SHA256

          3360b621db793dbe6ba70a026659f20d9b16836a2c84e9f80834509b4289980a

          SHA512

          e9519b9dfdf1bd8abef681875c1fc531e750d1dc4af9fdd7392e9bcc053d5bd6841fba9587eac643aaaf478faf4ebcf54cb252b64450fd9aa22056d55d869e71

        • C:\Users\Admin\AppData\Local\Temp\Cab1E1D.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivotsetup.exe

          Filesize

          17.8MB

          MD5

          a52c104395773710fab7f6264aced388

          SHA1

          87bf5c40fbac501bc272cb5343e7ae09b13bfdb1

          SHA256

          2852267832c4338f9ab2488add87c71be9e9b6fac50f3395915e7b9b6ab5cd11

          SHA512

          47eb7a1bd1c78961a8ab5a90896df6be0d57e253798033ba6caafaef6826414a08f6f8fe085faee7601d06acc00bec26c8c9e8da0da97168370e69fa27cf829f

        • C:\Users\Admin\AppData\Local\Temp\Tar1E3F.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Roaming\Pivot Animator\Pivot.ini

          Filesize

          1KB

          MD5

          803d46ed61650aa30d4ca4ba8bcbad90

          SHA1

          4a30078e23358809e0c067ac872e49fc01aafc8d

          SHA256

          f022958d46e5ffb2a716600057b18988dd762d8fb64b688b114e6aa4038ba057

          SHA512

          7998af503ba90bb4065c123df9e28964df80c8c2a8a68aabe7ab95fb588cd2865aa3ad1d3e44b51c94964eebc91a58b2b064844730d177c33fdb3b3bc9508c0e

        • C:\WINDOWS\FONTS\PIVOTCLASSICFONT.TTF

          Filesize

          12KB

          MD5

          32965780e3c3b53b1e2f8b82eb96da05

          SHA1

          85f817ef5d3150f4bf69e967d56a032f4521f79a

          SHA256

          f22de79fe47abd955f05c0ea0cc1586eb549c956f22616c051142f448fcd8f23

          SHA512

          046d7f36faff39650b29a7198dc3b4a5af1a94efa2cc807c5981023010c448ae5421be1055d0a5bf4c1b7d23214c5cf19e122be21eee49b11a774694be788605

        • \Program Files (x86)\Pivot Animator v5\STKPreview.dll

          Filesize

          2.5MB

          MD5

          2c639820b502df57891e7c4ee805f4b7

          SHA1

          d90ecab78c86152c31f6963096107fbb115f7bae

          SHA256

          dcdaf630b7a42bb9d6b1693e159175d68569f20f3ab034af4124d3c775436458

          SHA512

          afd96af844d30256e9fe1983e82317ace56d6741bf3f2647fee6ef6870b610a4b71560aca95a62ed5b54a2e1ab0ef1487a536124328f4ac327a0b86b1c1900a4

        • \Program Files (x86)\Pivot Animator v5\pivot.exe

          Filesize

          13.1MB

          MD5

          ab3c884e603de1d2d9d4bb9edeac8762

          SHA1

          123e87c326a39d641571c5f5d54e9b1f42926cc3

          SHA256

          af38da271a7fb34617b094b3832af8f016168d0923dabbfb297633fb22e49036

          SHA512

          ecf3474372d1af6f4e93fe655b188b03744f07166fe2ae3947650fec8afabd2bb721270d8e3ef97d52cd4071e6a94ca1c1f5ecf304ed0711bb932bfce133982f

        • \Program Files (x86)\Pivot Animator v5\unins000.exe

          Filesize

          713KB

          MD5

          6341d7c8365a68edfa370476a6de9262

          SHA1

          08ca9e3631bc815b7c3afd4fe461385f4667710d

          SHA256

          5cc26edaa9445ff84e9d118245f07e4ff740ca72788a7b8d2c32d52d68f36afb

          SHA512

          51ab8057a974fa227084756311d5fe8d3e9bb6d5ac785d405a3f9914a0066adb5cd753a0e844109ccf711c2b34ccfa001f2ab3b05587848519ec5b74f71861eb

        • \Users\Admin\AppData\Local\Temp\is-KL8R5.tmp\pivotsetup.tmp

          Filesize

          702KB

          MD5

          1afbd25db5c9a90fe05309f7c4fbcf09

          SHA1

          baf330b5c249ca925b4ea19a52fe8b2c27e547fa

          SHA256

          3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

          SHA512

          3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

        • memory/560-658-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/560-653-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/560-652-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/560-649-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/560-648-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/560-578-0x000000007EF80000-0x000000007EF90000-memory.dmp

          Filesize

          64KB

        • memory/560-659-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/560-660-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/560-661-0x0000000000EA0000-0x0000000001BF3000-memory.dmp

          Filesize

          13.3MB

        • memory/1268-272-0x0000000000401000-0x000000000040C000-memory.dmp

          Filesize

          44KB

        • memory/1268-270-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/1268-457-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/1632-453-0x00000000022E0000-0x000000000256C000-memory.dmp

          Filesize

          2.5MB

        • memory/1788-10-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-8-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-3-0x0000000000C40000-0x0000000000C5A000-memory.dmp

          Filesize

          104KB

        • memory/1788-2-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-22-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-24-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-1-0x0000000001330000-0x00000000013D8000-memory.dmp

          Filesize

          672KB

        • memory/1788-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

          Filesize

          4KB

        • memory/1788-25-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-461-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-458-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-5-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-21-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-6-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-7-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-4-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-9-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-20-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-23-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-11-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-12-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-13-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-268-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-14-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

          Filesize

          4KB

        • memory/1788-16-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-15-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-17-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-18-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/1788-19-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

          Filesize

          9.9MB

        • memory/2268-278-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB

        • memory/2268-456-0x0000000000400000-0x00000000004BF000-memory.dmp

          Filesize

          764KB