Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll

Latest News
11.18 08:11
IT Sicherheitsnews woc...
11.18 08:11
IT Sicherheitsnews tae...
11.18 08:11
IT Sicherheitsnews stü...
11.18 08:11
[AIS 2024 영상] 최광희 세종 고...
11.18 08:11
Asia’s Richest Man Joi...
11.18 07:11
[AIS 2024 영상] 김기홍 샌즈랩 ...
11.18 07:11
Wall Street Bankers Sp...
11.18 07:11
Vor 40 Jahren: der Btx...
11.18 07:11
IT Sicherheitsnews stü...
11.18 06:11
US’s UFO-Hunting Aeria...

Dropped Files | ZeroBOX

Name	041eb7b8bba06e4f_wait.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\wait.png
Size	4.4KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 25 x 31, 8-bit/color RGBA, non-interlaced
MD5	`33c0d0d6d2baa7e117ccf67afac9a7ed`
SHA1	`3b4fe44ed013b88be14514b377e7ad58c9a398d1`
SHA256	`041eb7b8bba06e4f357c4847e72deab42cebd27dfa5f451879142a18a9250e13`
CRC32	`862D931C`
ssdeep	`96:1SDZ/I09Da01l+gmkyTt6Hk8nTDq9NcoPYVm7TPA/aq5:1SDS0tKg9E05TANciTqaq`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ffae5b58e048bf79_target.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\target.png
Size	310.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
MD5	`dacf614dc0d6524f44616c68ad12c98c`
SHA1	`1cc9dc91851fba6a715d8c6940f40ec449ea281f`
SHA256	`ffae5b58e048bf7920e1dba58d1fa8e58c9e8dd14fa984b31510eb48221e2d77`
CRC32	`70816313`
ssdeep	`6:6v/lhPZNQzFFdKcpywcapQN1gUB7G0C7S5oO3Zng0r11ATp:6v/7R2zFDZpywcPN1JB7G0COmO1rHA9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	08336089e280805c_libgmodule-2.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgmodule-2.0-0.dll
Size	41.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`4d233a220f91de3b1510d017b5481942`
SHA1	`c59f449b0d09127d18268e7b07da3f7d749b2720`
SHA256	`08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0`
CRC32	`53A048B0`
ssdeep	`768:bgaowTgGpoQHcE4UJmcCqr7/rz/WGc4kedF0emlBQQhpjxH:bgsppvHc1Cb7ldnmlBQkdH`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	611a50a838237e67_hilite.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\hilite.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`b4d3f6afe3d6b208e889c165358fdfcc`
SHA1	`43a63f43bf3bd0d97a3abfe0bf9d7930b5aff6d6`
SHA256	`611a50a838237e67ed3c842b5b1f70d0634afa44ed1f805b24cf455b137028dc`
CRC32	`A277133D`
ssdeep	`48:c8vfUU/0BcGGLn3aXqtgbH7t0JTJ7F5BBSOihj7XP6PWUfIzzB//q3r:9vPGGLKXogeFK7XiB3r`
Yara	None matched
VirusTotal	Search for analysis

Name	bf136ab8dc1d65fd_go_up.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\go_up.png
Size	3.5KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
MD5	`9c32ebe05150e4bd8075b0ca2dfcf5bc`
SHA1	`c0faa6a7f3d290a8bfda29ceaa3713caa15c1778`
SHA256	`bf136ab8dc1d65fdd3c281bde4e4eb3b403ba431afaa5e00fbea01033857383f`
CRC32	`24356B24`
ssdeep	`96:uSMllcHitlIxv9vk7C1+I4wWHLihk/xQfADBvVZTa:uSHIIHUCD4waGYDB9ZG`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	0f77c5f591e1a674_cursor-pencil.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\raster\resources\cursor-pencil.png
Size	1.3KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 32, 8-bit colormap, non-interlaced
MD5	`54582157bff9a2501b019eab7dfee24a`
SHA1	`622da645e54ec15837e23eeeeccd1d3bb726fd71`
SHA256	`0f77c5f591e1a67467ceb1116e9af7e347c8a48fc2268f9c64e5b8b1ac2dd4e0`
CRC32	`2F945ED6`
ssdeep	`24:sqdHr2/UCh7Xal6C1fXWxpmBA4Bn/zMYNaUQkWiuigmsw12vDQChvRYgXzHWa:sALW5hc6iIYBA4dznopiuigb8OUCh5YO`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e3e4a67d02e7436f_grays.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\grays.tpal
Size	1.4KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`6d1133fbc427f3da6a9c55ef7e2d7f58`
SHA1	`ef743865a9ff382d2f3821505ca255cba76ce9a6`
SHA256	`e3e4a67d02e7436f6a6c9905598a706e33fd2ebad4ff935fa22db9711b150405`
CRC32	`10E2AE16`
ssdeep	`24:2d8p1kqYeqC7+qP53qYMq/xqUt+qVUyqe+0MpqUIAOqKz+qwtL+qRnnqq+0Ypqvj:c8pGCCqq+e`
Yara	None matched
VirusTotal	Search for analysis

Name	64ac4687a03e9082_l.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\l.bmp
Size	318.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 44 x 2 x 24
MD5	`719c42577f6cfac91a0f78e16a224a1b`
SHA1	`581e4f0db235be6a2b4a2114ebc529398c0b587f`
SHA256	`64ac4687a03e9082179077d92a569bff91eeb2e0150a8d7a9e80195efb812338`
CRC32	`95F5F757`
ssdeep	`6:ZCa/N3twJwJDxtEHcZHFFFFFFFFFFFFFFwnGMI:ZCaBtl/EwFFFFFFFFFFFFFFwnk`
Yara	None matched
VirusTotal	Search for analysis

Name	ab4a58033c23b2c8_messagehandler_xypos.dat Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\templates\messagehandler_xypos.dat
Size	1.6KB
Processes	1976 (hexacyanide.tmp)
Type	data
MD5	`461a5f119f64d261ed1efb04a459cc50`
SHA1	`4eaa9e50909b7c5a2db4cc9eeb21dfbc2306e20e`
SHA256	`ab4a58033c23b2c811231cc59f401ed0fa50b5be8355303218183d53b272a39a`
CRC32	`27663728`
ssdeep	`48:cHQ6JeTQhJeWtKJenJJe8spbhix2Hi4y7QXxXZthx:sheTEe5eXeLesC4b`
Yara	None matched
VirusTotal	Search for analysis

Name	c24f56c93c0bb0d8_page_left.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\page_left.bmp
Size	1.1KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 26 x 24
MD5	`8acd6d733b307f99e156a30dd4257d3b`
SHA1	`3267f047a804f7e87caea5d417d9fcc292db9e81`
SHA256	`c24f56c93c0bb0d89456928f76359e766c19fa6b00ae579862fd1b27b2f4008c`
CRC32	`CD4EEDE4`
ssdeep	`12:KsaEFdqEEEEEEEEE1+BEf1cZqa6AaJazJub/a3yUYj:KYGEf2ZhmU73yUa`
Yara	None matched
VirusTotal	Search for analysis

Name	545e65456068fb05_plasma.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\plasma.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`727a77a194920c12112a37b86bf2016d`
SHA1	`4ebc1ebf20292177cf1748ce06f3e1e7f1b4d313`
SHA256	`545e65456068fb051e3d665de7b7966f29fb92b8dc580486d0080dbbabb4bfe1`
CRC32	`EF5A327A`
ssdeep	`48:c8DeI2flNO3yyNz91Vq8KUW0nIXPmNxweKJnYmk:9Dyfq3yyN5nPKUWoNzWk`
Yara	None matched
VirusTotal	Search for analysis

Name	28f97c5f15df0e77_file.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\file.png
Size	3.7KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`7b41d94d3c19a5fbda32f6a9cec03172`
SHA1	`cc4454a76364c69246d8d410a488fce2c1c41b0b`
SHA256	`28f97c5f15df0e775543852f3e2240a94639312608e73b9c0514dc9e1aad9849`
CRC32	`2C6D06E3`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xVp/OulTUr1:KSHIIHUCD4warpmR1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ec87139e70b4b4fd_greens.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\greens.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`98ffbc8069263e57999786204ebcbe86`
SHA1	`b1babeb3e7554716efc305e40bc04dc4b9c4357b`
SHA256	`ec87139e70b4b4fdd070df210fc671f2cc85395acc8cd2177b3d05bc2e253baa`
CRC32	`248BEDC1`
ssdeep	`48:c8GFFpU3JZqjKEJ3c1ZlboQSUEHHvtNbZixjZa:90iX+Hvncw`
Yara	None matched
VirusTotal	Search for analysis

Name	fc98d0a4e9b7fee9_readme.txt Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\readme.txt
Size	1.3KB
Processes	1976 (hexacyanide.tmp)
Type	ASCII text
MD5	`f4c129780818858fa0411f3ade3b7d04`
SHA1	`0ca16f5b5e0f501006611dcf044e66763dab5f6a`
SHA256	`fc98d0a4e9b7fee983ebb37864560db4d1f76d5940b1f345a4ce3b7685e5f99a`
CRC32	`F9D608E2`
ssdeep	`24:tBxRDDcBaygqieZp6lNA43vWwcONrqT3THAHGaUthE23xDL1Ysx9eV2gi:vfcIygYZpSzDcmmT3THOHUnBNx9eEd`
Yara	None matched
VirusTotal	Search for analysis

Name	59b183e843e15cc1_jxcnv.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\jxcnv.dll
Size	4.3MB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`99423c8feb458ebed3e27e7ab6737b06`
SHA1	`a6397b36e09be8aa4393be9b5626e9b3b697fded`
SHA256	`59b183e843e15cc18973bd6b8a9cc184cca5ea62816df1871225f2d3b8a976e0`
CRC32	`EF6B7A06`
ssdeep	`98304:ONkWpZyYksGdLRCLhIocQe7kMakNRaYj:jYZyY5Glgze7kuNRX`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	8ec16fd9326fde41_script.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\script.png
Size	3.7KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`70fd3f39fdcfd5fa5a78729d8faa4e91`
SHA1	`4389bb10bbd3bd4f112bec9d5df74bddafb60ff9`
SHA256	`8ec16fd9326fde41bcfd20c6a548127e22a0aa65bb9f4f31348556f168c9f8bd`
CRC32	`2BAF8F2A`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/x6Wcaf5AV0xnmVV6pGNc:KSHIIHUCD4waEWcU5AKx2VyGNc`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	14dedbaf57956d1d_var.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\var.png
Size	3.2KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`105bb99935e92150087dfa0af7e7292b`
SHA1	`210d47a055f64459d1599633ee83e2e0e7cc1d57`
SHA256	`14dedbaf57956d1df77d679486addc056806bb9cc836ea17be1cbeaa69c2b7ce`
CRC32	`416826D1`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xN4O/z:KSHIIHUCD4wa74K`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	04630ced6efd631c_press.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\press.png
Size	3.9KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`8daa36090cdf7ecb2ae42e7f7bb76692`
SHA1	`1043ca68381c2bc2fc9a19a9b3cb5dedc80d361f`
SHA256	`04630ced6efd631c034479078bf7a962376633393ae975c4e03101b096f62e9f`
CRC32	`17A28E31`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xStqV2XnXFO/r:lSHIIHUCD4wactqKXA`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9c66ede3736ecc0b_down.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\down.png
Size	2.9KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 8 x 5, 8-bit/color RGBA, non-interlaced
MD5	`9c0dba6fd26d332f95cfeb3183ee0b4a`
SHA1	`de3b3f47f0c0d0f632f22ac7467867cc1d1e0e5f`
SHA256	`9c66ede3736ecc0b26ea1fd3181f12da8cb7e456da1e066b3eb4fed5a91f18b8`
CRC32	`3C9D682F`
ssdeep	`48:1/6qbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7GHuBJ:1SMllcHitlIxv9vk7C1+I4wWHLihk/xx`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3b8faeaac389abd9_libgiognutls.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\gio-modules\libgiognutls.dll
Size	84.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`23b5f97cbe4d3689ee08d0ae6abaf679`
SHA1	`80d7cd7ab23dcc3388531b42b0ee31fcaac16f88`
SHA256	`3b8faeaac389abd97198569f5e0ffa567e495be01e9a24311d128bd76f1dcc6e`
CRC32	`4BFC7840`
ssdeep	`1536:5zSEBW/PJVqqm//tqBTVaHNvGHcFFTdxOPmM2s3EAvbnR9H:gV/xVqqm//OTwHNhF9uPzf3EyTz`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	dfb51545b6d7da25_news3.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\news3.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`c1bdbee2e4b85ca754fbce971caa545c`
SHA1	`454ea1b4af7c2bf4cb91e72913dc1cd8786f8332`
SHA256	`dfb51545b6d7da255cf43d873f91f112e12533c75f3a8571f9e49db2b5f1a22b`
CRC32	`9A54CE79`
ssdeep	`48:c8R6ALzPEU4Hfqlxwmto4w42QJWKmmeGGZZEpppNNNDDkkLfa5CCm77XsgccO:9P/LPo4w42xGGZZBCCm77Xe`
Yara	None matched
VirusTotal	Search for analysis

Name	96910db3f3127093_polyline.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\polyline.png
Size	284.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
MD5	`2f0ff9cfe2d328b387e536c2cfd41c51`
SHA1	`202bc85b2cc1a4b58326d325a7e89ab82d5dee80`
SHA256	`96910db3f31270937ec768c3a72a8e1e0f6d1e3ad733c939e48e1418d080164e`
CRC32	`A7B67F84`
ssdeep	`6:6v/lhPIc5z7aQGfYkUEFlnUXmGmlgIEQD5Fc6I+9VJg6ClHyYv5/bp:6v/7Dt+lfYkvFCXmGSXEQlFcRuVCnN9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	dc1684abc539f789_ssleay32.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\ssleay32.dll
Size	270.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`cb48c0854cf3264c3baa3c2da76ec014`
SHA1	`01152fecaf127f9874ce8c9978bf570aa6309beb`
SHA256	`dc1684abc539f789791ad1518557d5ad654816dee904eaa5021556419ae5325b`
CRC32	`D44141D7`
ssdeep	`6144:Pd8PgTJDF6QSmHFI2bOVh82u4EkbIDXEvrMJ97NMLkeBQ/aOZfr/vRtA0IEvkz2e:Pd8PglDF6QSmHFI2b+h82u4Ekb+XEvIu`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	02b817b6db18db2d_libgthread-2.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgthread-2.0-0.dll
Size	35.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`cf2571c125fa1d2ec55b9977054f380a`
SHA1	`91014dd50f0eeb0d3d1faed77541c76a05b712b8`
SHA256	`02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3`
CRC32	`929A7706`
ssdeep	`768:bKZB2wewH8k43RncCqCbj9zAwLc0N+eD5JemQRR5Q7:bKZr5H8VmuECDGmQRR5Q7`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	7fcdf8ac5b6ea389_pastels.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\pastels.tpal
Size	867.0B
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`812ccbb546d84a825bcd8a903f7e980f`
SHA1	`38b8c6b6b7fa175e55ed32ad03a1fea3449d2036`
SHA256	`7fcdf8ac5b6ea3899330dcf389602c60a83fbaf33ac3b9b370837dcfd74c7417`
CRC32	`0AF515BB`
ssdeep	`24:2d8dZIw+0aPqti0iSXBXWiq4S9nq4qDqVkq8:c8IH+0eZ`
Yara	None matched
VirusTotal	Search for analysis

Name	5940c0a68e8f768c_list_header_left.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\list_header_left.bmp
Size	134.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 1 x 20 x 24
MD5	`8fb28c820634501b1370dd1ce4c15cc2`
SHA1	`b5a706fc4d699a0144b154a8776a86e4a72b688f`
SHA256	`5940c0a68e8f768c8d0918c0d880ef5374044e9d441f4977dd77615b209c1236`
CRC32	`006D8E92`
ssdeep	`3:ulllSl5lllc/lFlxjX2XmyNleISli2XcXyN9kn:u/ol7cNXwmwlXN2sXwqn`
Yara	None matched
VirusTotal	Search for analysis

Name	af31efe3467ebd36_tool_menu_bk.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_menu_bk.bmp
Size	4.1KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 37 x 37 x 24
MD5	`4e9d8c27c95584b9b158eea3b2f00fde`
SHA1	`cde849e86d0ac83a7c0cb9369dd2324bb16eda0b`
SHA256	`af31efe3467ebd368c5598e3a56b63bfcbfa957610c3f509b1837f9395640b26`
CRC32	`14041647`
ssdeep	`96:xmIcnnnnnnnnnkCnnnnnnnnnnnnnnqX8nnnnnnnnnnnnnnnn+9uw8CCCCCCCCC6Q:x8nnnnnnnnnHnnnnnnnnnnnnnny8nnnA`
Yara	None matched
VirusTotal	Search for analysis

Name	330a9ce9b1a5b8e2_list_header.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\list_header.bmp
Size	134.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 1 x 20 x 24
MD5	`1e2eed411a41b173bcd52104d592ec7b`
SHA1	`83001dc6b52cb19dfa5f4f559e8bbe8969fe7cb5`
SHA256	`330a9ce9b1a5b8e21096ea9f74a83c98febffb4acdfae073bc8f9f7a9568a700`
CRC32	`EB21BAFA`
ssdeep	`3:ulllSl5lllc/lFlMS3JpIF7c6/dEePrl9ee39sKNr3q:u/ol7cETL1EmrnbKKh6`
Yara	None matched
VirusTotal	Search for analysis

Name	460960b7a0a0f5f0_libgpg-error-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgpg-error-0.dll
Size	56.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`40f2b954259ff75979920fa7546c89f0`
SHA1	`c93f6bc6c7f68dd02dcf66c57a71fcf8ddbc35e5`
SHA256	`460960b7a0a0f5f0a40b33203a46e840ad01e260afb4540ecd4e6c779d5b041b`
CRC32	`1EC3C997`
ssdeep	`1536:Wztan7pk13bHPH/VDMzp4wpmKBVzOf1JJKDo7wvNyGUC:st29kHVoCwpZBpOf1JJKDo7wvNyJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	73b6cf4dcee1ce46_windows.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\windows.png
Size	3.6KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`11a846cdde616ca25a3f43421b6f792b`
SHA1	`fa4dd8f3ee84107857d02ae97d58341aa3d27983`
SHA256	`73b6cf4dcee1ce46e102c38d26da96f3f5b5f344284aad4f5fbd531ad4daee05`
CRC32	`79D27F08`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xfwLNjI+i9AhD7:KSHIIHUCD4wat8U0t7`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	5f58f06c3e8039e9_visibone2.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\visibone2.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`929bc840f457f02152d76c36b8b3f76c`
SHA1	`8e99e3468f795ab7db375d4765163c8a2dfca471`
SHA256	`5f58f06c3e8039e96b8c7e8501df216a662f1c3676d7070eaf30ee3950f16c2d`
CRC32	`A6802704`
ssdeep	`24:2d8qEyqE87qkKy3sSy3Kk7q8EEyq61KKKKOy1qtqwWKKKKGmty2y83Wy8SoGg1IE:c8H+29i4EDukGyO2c6n+ACYA57IYjAXr`
Yara	None matched
VirusTotal	Search for analysis

Name	a41c993eaf9b27fc_internal_fill.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\internal_fill.png
Size	737.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 17 x 14, 8-bit/color RGBA, non-interlaced
MD5	`2b9ac9bce8e827e3485ec896c2a9f29e`
SHA1	`3d99d126a4c0b0d80463942ee64f2170b0b4206c`
SHA256	`a41c993eaf9b27fcb56ce095873ffd13b09178527cc775d41a06287f3d65226e`
CRC32	`043B62ED`
ssdeep	`12:6v/7jqjdkH+RgpZpbkNaOGic+larurmVuIC9OE5PisP+222eNFVHnUsg/CbWLvdB:TjdkPpvqfMgayanC8AasPj22UNn2/C8j`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c52f55698016e917_edit.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\edit.png
Size	4.3KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`438c977f791b921172763638b4834239`
SHA1	`46f31827baeb22b573fc8da90ed44384b6a53035`
SHA256	`c52f55698016e91719a66bf0b6f4b2505fec6c5c99a334144ba3626081e8bb14`
CRC32	`A3B4302B`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xGcxGgAnWvnp6kxcIsz:lSHIIHUCD4waIcxjZfEkxi`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	fb8fcf337478171b_tupi_pt.qm Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\translations\tupi_pt.qm
Size	121.5KB
Processes	1976 (hexacyanide.tmp)
Type	Qt Translation file
MD5	`3ba2c4fa13a5b0d0c6d55f51a0869cad`
SHA1	`60a65766010a1239b97cdc47f7def79f7a0fc3f7`
SHA256	`fb8fcf337478171b91e9cfe7ac26d3f4debbb7edf40d6f4137e168f3023680e5`
CRC32	`6167675B`
ssdeep	`1536:EmMiZqlw68/7MTBYxuJbOwZ3lJJebiHALMygp0qoENdv2bmML1+dIxF/:E+OmTQDMLMygzabwdIxF/`
Yara	None matched
VirusTotal	Search for analysis

Name	d5c5690730ca88eb_variette.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\variette.tpal
Size	8.6KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`957b5be12e4cccff184c6071c61c36af`
SHA1	`11d10a14126be7470e18f378b5b69817c479899a`
SHA256	`d5c5690730ca88eb9b4a072a5f08bfa3f91417637b6adf0f29f7ef2be5ce0335`
CRC32	`3A9CECAF`
ssdeep	`48:c8nlkH8SAt0mSYbVITiknTXtr167Ez2evNmPSA:9s0IGY5E`
Yara	None matched
VirusTotal	Search for analysis

Name	88c2044553d083f0_gold.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\gold.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`7977e01b76db83866358b2b41322c15f`
SHA1	`dcce15c205f55d57bf4bb8d0be9191773e7b8b6f`
SHA256	`88c2044553d083f0c61349f5f0a07b31edd8ce09f1ce72af3863835dfb69bc7c`
CRC32	`BE2D1B8A`
ssdeep	`48:c8ulntN1hdL4jwBhhhuaaamQQQX111yiii1:9ulnDBhhhuaaamQQQj`
Yara	None matched
VirusTotal	Search for analysis

Name	e329a76b3d787652_tool_menu_bk_l.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_menu_bk_l.bmp
Size	3.6KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 42 x 28 x 24
MD5	`c59017873cda8851111a0248eb98ab25`
SHA1	`e10c4b6b9a7c21afbb70cd1d8b3b97c3b6d9b805`
SHA256	`e329a76b3d787652264d1d1306dfc41660dbdc43780ae0933514539c0de4e88b`
CRC32	`A11CB28B`
ssdeep	`6:Flfa6YZaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4maaaaaaaaaaaaaaaa8:ffXDpppppppppppppppppppppppppj`
Yara	None matched
VirusTotal	Search for analysis

Name	a9ad4a230deda9aa_twitter.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\twitter.png
Size	4.7KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
MD5	`d16a3368f8427ff44f8b82eb34065623`
SHA1	`ccf44255f2b5117287143bc0f3ac5a9d837f62a9`
SHA256	`a9ad4a230deda9aa06401fec42229ccae0ab1fc1984fd7232309034d70a58ca4`
CRC32	`0F2DA379`
ssdeep	`96:wSMllcHitlIxv9vk7C1+I4wWHLihk/xoMqw9aycFP457vip0d7cI7hbr:wSHIIHUCD4waC9FP4lapOckF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	b4192c468e0f217f_grayblue.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\grayblue.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`c91880aded9b78732a397979bec65e2d`
SHA1	`a01b99311dd1e6a47e204b85239db5b75fe0ced9`
SHA256	`b4192c468e0f217faf1553e7b4f66746b8443aadefe187a11f4363144ff368cf`
CRC32	`3F6F6D95`
ssdeep	`48:c8EzBsigWoNmmc3hIggg2YSrSrSrSqttNWS4444c3x11oSSSyyyOOslGmmmbBBw:92BgWoAMeeeqttwx118mmmE`
Yara	None matched
VirusTotal	Search for analysis

Name	f2275d7160f636c2_toonka.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\toonka.tpal
Size	351.0B
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`9cc309775a5bb248d84e789bfaa2286d`
SHA1	`57c380f3bb1b97ac850cf43c36ed72efffe050f5`
SHA256	`f2275d7160f636c23ad5b971a6ae6258eeb4f34055fb28fc33cfdbfd51c0eeb0`
CRC32	`657E3B1B`
ssdeep	`6:TMVBd/kdS0v6GleDeEJhnFGleTwnFGle+TnFGlerQnFGleDIanFGleDeEJhnhRmb:TMHd8d/e9gesge+TgerQgebge9hqn`
Yara	None matched
VirusTotal	Search for analysis

Name	ea5202b91c084393_l_shrink.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\l_shrink.bmp
Size	306.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 9 x 9 x 24
MD5	`13d13711da59714d9bf5b3dd9ef7a59e`
SHA1	`ffdc7bf50d4dd25fe573601787fdfad4e041ea9d`
SHA256	`ea5202b91c084393b073628de277843adfbb36665de08aa7c75e83bd776dc28e`
CRC32	`C16A1A4F`
ssdeep	`6:9IlH1OOOO07qdLeXzWRT4idZboTSA0phOOOO+:9YH1OOOO07qd7a+oTKphOOOO+`
Yara	None matched
VirusTotal	Search for analysis

Name	a9d3f2056f8e888e_libffi-6.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libffi-6.dll
Size	49.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`c4059a8eec8ad3abc6432238f7491a2b`
SHA1	`f1c6cf3fa216f73ba44bd481c685ef30cfd3d284`
SHA256	`a9d3f2056f8e888edc5abfa18178fc0b3ef99880c9c410e2c7d6a64386fb57da`
CRC32	`B5DF01E7`
ssdeep	`768:C3VbGgiVWo9zu3aApJkL4Hs8453tcCqYT+yBzWqnkce4eUIJdW5sem4mXis8toU:C3lo9MaAnkEHs9gSyhUIJY5tm4mXisnU`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ed20e74b12b38f78_mouse_left.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\mouse_left.png
Size	4.1KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`9ca3ac8bdcee571721e5694f29ca7436`
SHA1	`e7439f7f7fcb55210941451a8acb9dca3fad27b1`
SHA256	`ed20e74b12b38f78ea805ad68abe3c21aa865f73c0e7586bcf9c82db55f86258`
CRC32	`A840B89A`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/x4yGxSwUW2KPyrszI/4:lSHIIHUCD4wajGzUW274s/4`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	260a533fd73ec446_start_gray.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\start_gray.png
Size	4.0KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`c13f2151c8cbf7d8e8fdb68b1508fd09`
SHA1	`432429d745eb98ecc7a86a426634dd09b249c92e`
SHA256	`260a533fd73ec44698ed080b5352cc36a5a2c65306aba727dd48374caa91452d`
CRC32	`84AF38F2`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xqEv1tDZ+ero1h:lSHIIHUCD4wajaTh`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	bea0e70d85cd0e9b_brownsandyellows.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\brownsandyellows.tpal
Size	1.0KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`68a91f330c057c4b09024f8a61d76683`
SHA1	`d9e9a9a61b750fe5ca7691e754452242154b7088`
SHA256	`bea0e70d85cd0e9bcc4e6083b88a4062da73751ce3df765587940aaa379d1bff`
CRC32	`EBCE706D`
ssdeep	`24:2d8fHqjKwI0U0yjKNdEqqI0CD3cqpIoqwIb3LPXVqv:c8vExHt7oM`
Yara	None matched
VirusTotal	Search for analysis

Name	3d41367e7f35e48f_tupi_zh_cn.qm Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\translations\tupi_zh_cn.qm
Size	89.2KB
Processes	1976 (hexacyanide.tmp)
Type	Qt Translation file
MD5	`10681259694aafaaaebe2a3cf79758ca`
SHA1	`07cf19de4a64504a8afb56c91ea528ede2d105f9`
SHA256	`3d41367e7f35e48f5190946d92602cee4f4ab711b460aef16332c28fb5790140`
CRC32	`06F3FCD9`
ssdeep	`1536:q/QqehAItvGulb9P/8LjNI0ROAbp1CSBN4YtHB64iF77E:qIqeKYyNI08AHzwYtHB64iF77E`
Yara	None matched
VirusTotal	Search for analysis

Name	4eea44b0b4ea4c24_libmms-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libmms-0.dll
Size	69.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`bc738da6535b5015e9eaba90f56f8b59`
SHA1	`ce7c7865645a09dcf59daf519bade328ddf04b67`
SHA256	`4eea44b0b4ea4c248595bb1e573334005ec538792e3bb9d2a07ee01265443327`
CRC32	`BE703FC6`
ssdeep	`1536:zJYutTAkscOGfUsditx65XjxqzH6oPA4Ol/mGdiP99bQXFCw3:zJYAJss3d3zxfoIV/bCw3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ca717b5cf2a7b0e0_libogg-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libogg-0.dll
Size	45.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`84e8e72572d53558d52403011fa0d388`
SHA1	`865160da7dbfaaea224541eb44e9430e1a7b7b20`
SHA256	`ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f`
CRC32	`1B2F8F82`
ssdeep	`768:BZIF0ff+vrzUHQH/E4zR2cCqz7iDz3Kocq8eeIKKem+nH3g/i3/:BWFsf+vrzUwH/15EzFeIWm+H3R3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7e1afdc3d1b6cde3_move_down.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\move_down.png
Size	4.3KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`e851737786f9c6146ea630b933d0d7a9`
SHA1	`bbdc08b32005d4643bc55c42179da3b34a0d786c`
SHA256	`7e1afdc3d1b6cde392f53f28ff1e1488b79e4fb05e4ed13503639dcfb9c0f3ec`
CRC32	`AC03D732`
ssdeep	`96:KvyWDtvYQtHfxKc7OnseTDLfZJDSE5mRaRvxenb9aIEHS/B5:AXBYCp0nsAXXVwwtxsbR`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	19302e8196e91380_uncheck.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\uncheck.bmp
Size	574.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 13 x 24
MD5	`f75510ba93b63c1f5da690874e983e31`
SHA1	`827e53b2a28a2069124e10c6b886a51187352d3e`
SHA256	`19302e8196e91380edbd96bbfe596fd5aff573484bff939ef13396e51ab5c8e9`
CRC32	`719BFF67`
ssdeep	`12:QU7I2AYdfafdfa/Vd/lyVdpEyVde+EyVdui8EyVqiFEyV1mEymYFEyB4EyZJM:6FkyC+yi84ieS4m1W`
Yara	None matched
VirusTotal	Search for analysis

Name	364fef379510a503_default.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\default.tpal
Size	7.7KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`9e2fd870f0aa02e4f83ce0cd84a6d1b1`
SHA1	`0f6ea68107c4fcd6e071f78cdf4074dac126fbe2`
SHA256	`364fef379510a503ba894521456caedaca07e6897997dc647f6bec34736c7c3b`
CRC32	`BB472E7B`
ssdeep	`48:c86EXoQn/Yd/TQ6zXB6F29/TfdvgK6Dw4yECGwk:962r/YVEkh3awCZl`
Yara	None matched
VirusTotal	Search for analysis

Name	1b57218ca7d37760_hexacyanide.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-VPV2R.tmp\hexacyanide.tmp
Size	3.0MB
Processes	1116 (hexacyanide.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`94a90ed7083275d9e4d95c5835ffef71`
SHA1	`f5c15de23e9ced6a11d0258d913ff2ae46825af9`
SHA256	`1b57218ca7d377607f000087f4c4e9f9aa5fd307701bfaee25351882db0c71ee`
CRC32	`AF64660A`
ssdeep	`49152:qEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY:692bz2Eb6pd7B6bAGx7s333T`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6803a447ea6befca_record.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\record.png
Size	4.9KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 100 x 31, 8-bit/color RGBA, non-interlaced
MD5	`f4feb51f212477e8bce10664216cf35f`
SHA1	`db91ad245c4a7f3853dc7d56cfd5fe812931b2a4`
SHA256	`6803a447ea6befca99a94f1c4d671af7da661305cfd77ec785c86696267bc57b`
CRC32	`8DAE89BF`
ssdeep	`96:GSMllcHitlIxv9vk7C1+I4wWHLihk/xitcTfeNI+s2dHYmBhkKBsdwyz:GSHIIHUCD4waAU4IARYmBV/yz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	de61ccae472fea61_reds.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\reds.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`9b5531846d0388433e93946c9e82aba2`
SHA1	`8f96aea64516500acaf5334c3931e071939c7238`
SHA256	`de61ccae472fea6182ef56b3e13716fab0e1ef2b53af65f71e3e76309f4038bc`
CRC32	`D6E00F76`
ssdeep	`24:2d8xKTTm66+YjNjNFJJpg9g9Eo9mmTHHbvvyOKKKOOOyyyffLLzfffrrettett2j:c8F12id+7qB588X1IMUAYtxqYSrzpFR3`
Yara	None matched
VirusTotal	Search for analysis

Name	c22a4883ee472bf8_uncheck_sel.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\uncheck_sel.bmp
Size	574.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 13 x 24
MD5	`65618b4a31abb2dcb92b32709747b704`
SHA1	`e3364df5a05c5a4d5b2c34b3dfc30834cc1c4fa0`
SHA256	`c22a4883ee472bf86a403057e346194ce1989813732ed05f4ae730d2b8853e9d`
CRC32	`979FFB5D`
ssdeep	`12:QU7tdKoHO6HHWJ/oMjo3PQzjoSOzjoYszjoU:ooHO6HHWJQN4Q9Q7QU`
Yara	None matched
VirusTotal	Search for analysis

Name	fb33c708c2f83c18_mingwm10.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\mingwm10.dll
Size	7.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`a5a239c980d6791086b7fe0e2ca38974`
SHA1	`dbd8e70db07ac78e007b13cc8ae80c9a3885a592`
SHA256	`fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7`
CRC32	`F1C5B104`
ssdeep	`96:AT0nsNJmBwoCtrOEhXpOITI151ihv2idiG:83KwoCtrOESITI151ihvtp`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5140df5020415f9c_ruler.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\ruler.png
Size	3.7KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 30 x 28, 8-bit/color RGBA, non-interlaced
MD5	`e45c94fe8f31f55d973aa9436272d25b`
SHA1	`45361a0f8f2ef1cbf339351435955ca290cc04a1`
SHA256	`5140df5020415f9c47e5846ed024b180e47ad12afaa63425708b042bedb53af6`
CRC32	`55E382D8`
ssdeep	`96:ZSMllcHitlIxv9vk7C1+I4wWHLihk/xyboxu:ZSHIIHUCD4wa4f`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f41d714e0fe850da_blues.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\blues.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`4e921ee57c9bd403b003398cf48bd626`
SHA1	`7fd6b75a53d5441f3efa68bdd584376062ca4ad6`
SHA256	`f41d714e0fe850da0fd4ce191189d052a81af89d4bb00a3d2e8565ea74aae371`
CRC32	`550BB903`
ssdeep	`48:c8KYpiwnllJoOTcXE9REjvyyvcr1KnlKZ:9KYpdltkRjZ/lKZ`
Yara	None matched
VirusTotal	Search for analysis

Name	96200b632559d2b8_line.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\line.png
Size	307.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`587e9f48113d45b0901b271450bd5550`
SHA1	`994b153b21e57d4a303bf508dd9bb3650336fbce`
SHA256	`96200b632559d2b8073ca3379d5c541a25b9a6569a7dfd0d52e77f811205bef9`
CRC32	`2865452A`
ssdeep	`6:6v/lhPysQxrdKcxNlCR89GFGVdKCMEaewiQU8up:6v/7w/ZxNlVQFGzDDao8c`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2edc3c5f82650b61_tweener.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\tweener.png
Size	494.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`701f09509547991176cd3793e5a05d85`
SHA1	`266ba76f15a7e98177c98e9b2e5166d07495d42c`
SHA256	`2edc3c5f82650b61a3726e5e5e227a06561ebdcd3f0733e003b2cce0060115fe`
CRC32	`42E00F18`
ssdeep	`12:6v/7TZH16ccPG7T2sGrHQVpiEXFwpSla68CxBc0XW68:Eb/7CsgSXX4Sc6qaO`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	72b0e735d58da479_royal.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\royal.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`9c972c9aa55cbcdcf7cd2522ed4609e8`
SHA1	`d2f7476d43f6f0caf3799ebf3b958b2d243f5a31`
SHA256	`72b0e735d58da4792f5c4750b720b656459c227acce37d009e434792a6bf4b2e`
CRC32	`624552A0`
ssdeep	`48:c8gbwlDXvaQQeF22AYYsedAEtEg8BcNU1NlEaQSUw+NshgrZlUgR5sllld:9gbwlDXvaQQ1YYsedxtV9Gg3US5sllld`
Yara	None matched
VirusTotal	Search for analysis

Name	ebd89099264ee083_loop.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\loop.png
Size	4.2KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`c94d6c06d543288e6b8675c512d7893a`
SHA1	`32a204c9feb7ee635e7ce326b9eac7652290a78a`
SHA256	`ebd89099264ee0839f2e3264e9054fc20b67296bb75c6fdd11de7c63fd293d5b`
CRC32	`4EC03954`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xAP/HvzKcN2zfc8xdPViY:KSHIIHUCD4wa6P/bK02zfVxz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	4bd1c5dcf964f81b_tool_bk_l.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_bk_l.bmp
Size	3.6KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 42 x 28 x 24
MD5	`8511f8fcb2c0b7d0091c130968e63577`
SHA1	`24b13057963caea775c5fe7adbc4c6d7ac1ec882`
SHA256	`4bd1c5dcf964f81be435942796ee1c35777d0d58dcaf68b487a4171ce7f90ebc`
CRC32	`7440460D`
ssdeep	`12:ffXlPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPoDDDDDDDDDDDDDDDDDDD+:Xt`
Yara	None matched
VirusTotal	Search for analysis

Name	6a35ce1eb7da4598_license.txt Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\license.txt
Size	648.0B
Processes	1976 (hexacyanide.tmp)
Type	ASCII text
MD5	`e861259956300fda84ba540e2a63e391`
SHA1	`5a842455b3d18d9371054bde9cfbad15f9a2aa95`
SHA256	`6a35ce1eb7da4598b066d2ec3663ab272b28c9bc83ec0ea2319c5708397fdcef`
CRC32	`B31FAD98`
ssdeep	`12:hV0+X2a1tqWTWPxBIoVcvCQ4jX1Yo/Zg6IqEuyPllXKeckQb3WosVk1ykMN:giqWTkzpcvp4jX1Ye6BHv9JekG3ykhMN`
Yara	None matched
VirusTotal	Search for analysis

Name	ddbfa667a930b15f_install.xml Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\install.xml
Size	7.7MB
Processes	1976 (hexacyanide.tmp)
Type	data
MD5	`ebe3125bd554c1ddbb29fcd9aaaef8b9`
SHA1	`451d29007db97880b528bac2b94131192f9985e7`
SHA256	`ddbfa667a930b15f75a251c4c5372165d62be984d5b10a57599a48df2941ec6c`
CRC32	`EE326AA7`
ssdeep	`98304:FWcpa4SPWB/eX/s+G1VsgTGNPkvS1hvu7KXsZjVhvDTXC:Acpay2Ps+G1VsrNuS1FsZXvC`
Yara	Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	5774efe673c09b04_if.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\if.png
Size	3.2KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`03db4d910d58170ea3076b750f64b304`
SHA1	`cb8df5e1b1ff69ec0d860b2fb02ec9bb2c181c4f`
SHA256	`5774efe673c09b043b4a642d17850be0a771256f8f35e8887c2e0e98be456be7`
CRC32	`000102B2`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xzCvv:KSHIIHUCD4waIvv`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c57a04a10d4d8635_page_mid.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\page_mid.bmp
Size	158.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 1 x 26 x 24
MD5	`6ce4204df4da10355b7c3fa7b513ed8a`
SHA1	`586172b70e4a47532526954bfd66a99ece7decb3`
SHA256	`c57a04a10d4d8635e7fff21d05769c1c85e1c0c4e8875f9c3916b6d9731878f2`
CRC32	`41AA09FE`
ssdeep	`3:WlllSl3lll8lNlZ1dML5lgZaY000000000000000/Fbv:W/olVc7dK56ZaY000000000000000R`
Yara	None matched
VirusTotal	Search for analysis

Name	313f14e773f93d47_erase.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\erase.png
Size	4.0KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`00786f0f3fb7705d81c018199412d814`
SHA1	`cb194c855dbc41063d5e1f488dc4c443e9329898`
SHA256	`313f14e773f93d470bcff9e42887d8672838cc64dc4682dc3a36cd3e4ade574f`
CRC32	`ED94064A`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xzeDp6xw8j:lSHIIHUCD4waPWE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	790e2a2e5fc950fe_list_header_right.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\list_header_right.bmp
Size	134.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 1 x 20 x 24
MD5	`94b5537faebdafaf42a04c1c4fdd7acf`
SHA1	`bd135a5d37623e0e9bb7e4ac6d89f8c9feba1fa1`
SHA256	`790e2a2e5fc950fe1053406fcadf8075a8a3ca8cb7712bb5ff81fa903d93e31d`
CRC32	`C7D7CAA5`
ssdeep	`3:ulllSl5lllc/lFlvgl6JfiV1gRbulw1wYLbfie:u/ol7cwl6BiVqAl4Tie`
Yara	None matched
VirusTotal	Search for analysis

Name	3d44922bddc5f46f_tool_bk_eye.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_bk_eye.bmp
Size	15.2KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 140 x 37 x 24
MD5	`110491a69f4863babe994e482417ce63`
SHA1	`69d6d6cccf059119c07d53c77abd03b66b4c4ad3`
SHA256	`3d44922bddc5f46f635e61d5022ca925f125a703153ecc5e4786d16df27a4a83`
CRC32	`4214CEC9`
ssdeep	`192:EdS1nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnQ:EQQ5ootoIenx4`
Yara	None matched
VirusTotal	Search for analysis

Name	2ace81250383f6e2_china.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\china.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`293cee28aa8e6d993d1302ace9370e38`
SHA1	`0d02602435fb8c4ad1cf48fbf179b26186505f6b`
SHA256	`2ace81250383f6e244713d2f318570aa28871cf70d076428d80ba6627139e046`
CRC32	`46887A7D`
ssdeep	`96:91wuESUTQNNNNttK444Ut7Ou8saS4pvSsLDGxOW:91wGf07WSLR`
Yara	None matched
VirusTotal	Search for analysis

Name	efc578e3acd95a1a_cranes.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\cranes.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`965513cd3faecc248b9bd74826973763`
SHA1	`00eb93c95a11ed6f454ab4fa7e1a91710c85bd49`
SHA256	`efc578e3acd95a1a02b4256efae6b667b57f89ffa8802cbd0fc76158bcfe3c3b`
CRC32	`C38F477D`
ssdeep	`96:9DKeijz3LRWCfy9eXS29C/v6bSiZdPsbZun:9DKeOLwsThC/vijPgZun`
Yara	None matched
VirusTotal	Search for analysis

Name	d953e18d73af16d5_libgstapp-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgstapp-1.0-0.dll
Size	70.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`613283ce438722cc027b2f0cafc910d7`
SHA1	`06d1f1b97a1041a58d55d6ee227df887511041a5`
SHA256	`d953e18d73af16d5b0e2ebc79cbb6f85871dd5cd4ebd45a5b1d54f50aabaad3e`
CRC32	`9F56E72B`
ssdeep	`768:5ONkZWr2iwGZYSK8wHieEbRuzwoQs4HwU4XJPcCqqTPtzY0Xcd6e2XGem3SObDQy:5ONkZqhGHi1uzZGHwlOSs/2fmiOQ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0ce13849155dc4f1_ui.qss Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\config\ui.qss
Size	232.0B
Processes	1976 (hexacyanide.tmp)
Type	ASCII text
MD5	`6d79fc749e75a78581a7e1abacfd3aa2`
SHA1	`698371461ded5a3fceaa38a22828a46c1176bf94`
SHA256	`0ce13849155dc4f17a3c6ab44dd31fa0b012bb1085ccaeb2f71f1bc763ed2c37`
CRC32	`49553EA9`
ssdeep	`6:q8hRjUho3Z/JKLOb2eOmY/FF6rjvFu8W5C8hR8v:q8Qho3ZoO1OmYOXvFu8WE82`
Yara	None matched
VirusTotal	Search for analysis

Name	430fbd57a38cfe1d_view_pos_dis.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\view_pos_dis.png
Size	2.8KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`0de37b5d1f8e800561a45ce1270b5203`
SHA1	`d9d6c64bd15b5961070ef1a3483ceb6737a07102`
SHA256	`430fbd57a38cfe1d7bdda3be9c4a508b749b899663ce8b336566772accc6b6a6`
CRC32	`CA23C7FF`
ssdeep	`48:l/6qbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7ceu:lSMllcHitlIxv9vk7C1+I4wWHLihk/xG`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	469082f964fedd60_libgstcontroller-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgstcontroller-1.0-0.dll
Size	83.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6ba630b7efb75e1a7bd1dde921269caf`
SHA1	`747a70f6aa881371987d17c777a8ac2f9acd97df`
SHA256	`469082f964fedd6014cf97de7c30f85d471e6c41248a48a8870657e330d7e36c`
CRC32	`9C30B0F2`
ssdeep	`1536:HEbGfT4u4bdi3txtGwY4HmUo5B8NC5Uw4tmfee2K0nXqJUDdsXNSSG3H00StLebU:k6fTTkdi3AwmUo78/tIeeOnXq2sX8SGq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3604874badad549b_cascade.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\cascade.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`8f4fd0fb6eba0e036b26dfbca377f0b1`
SHA1	`2d834a27497795bf3474cb699782360720ea3025`
SHA256	`3604874badad549b7680006f4acf15c0dd1b96939d0233538fa849c794172606`
CRC32	`A1FC2430`
ssdeep	`48:c8bKovLmpFtVe/+++Hmmfss6WWsAD333+qGG86:9bKkLyn3ss6WWsAD333M6`
Yara	None matched
VirusTotal	Search for analysis

Name	add8fb99fdf4bef7_ink.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\ink.png
Size	530.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 16 x 18, 8-bit/color RGBA, non-interlaced
MD5	`deffeb127766cd27629fa49da6224363`
SHA1	`f1029f992b282cf4a98e3d2eeaa6b1c8875c76c4`
SHA256	`add8fb99fdf4bef7d7b1e3e2e75540dc78725278cce437ed0491ebc6a2f41f38`
CRC32	`CF014A27`
ssdeep	`12:6v/7oY0Z6qdwLNEmQpnDpIrPL+g+x8OIMdLLZ2hNjuLd5d:3Y0UMb7lILKebMuyLN`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8acc4543e3b2d2ad_eye.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\eye.png
Size	4.6KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 135 x 31, 8-bit/color RGBA, non-interlaced
MD5	`b6832dd2d147ec3f378835d802ecfdcc`
SHA1	`d95e4deffa38731e304b0ff98dccbbe96c8d8184`
SHA256	`8acc4543e3b2d2ad17c97a905b2ae24a5c9bedc0ad0c680c25f65257608730db`
CRC32	`B49BF7B2`
ssdeep	`96:ySMllcHitlIxv9vk7C1+I4wWHLihk/x0b7z2GHeg6aY9oYJ/rx4BoeaX/N:ySHIIHUCD4wa6bmGRs74IXV`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	995bcf20d09f5e8e_tupi_zh_tw.qm Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\translations\tupi_zh_tw.qm
Size	89.5KB
Processes	1976 (hexacyanide.tmp)
Type	Qt Translation file
MD5	`b14acc8ca34a475a80374bc3cde39d82`
SHA1	`4387261c42d25a952e6040bde8fd2c1002344ef2`
SHA256	`995bcf20d09f5e8edda7918e21ac364adf64e843dfc476ace062163a4eacdabb`
CRC32	`A3452DBA`
ssdeep	`1536:66HxpY0r9L0ZhzWrynbD73TeHPdhTvaDOQZrjluMhqmed0pVPkG:XH3YGqcPdhAOIxuMhqmed0pVPkG`
Yara	None matched
VirusTotal	Search for analysis

Name	585b0ac725ef3701_commandhandler.dat Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\templates\commandhandler.dat
Size	868.0B
Processes	1976 (hexacyanide.tmp)
Type	data
MD5	`bf2b6fd3796a5a485185b15ba39241e0`
SHA1	`438ed478342d22622a1ecfc519113e99afb57518`
SHA256	`585b0ac725ef370124243c99b766dd5d25e63e9c6bc09a6f05cdf0e573a3bf41`
CRC32	`FD3D934F`
ssdeep	`24:cOvQ6JeTQsJea/HyLWyOrtVXdli/e6TM+qXxXI:c2Q6JeTQsJeIyqXXnCuXxXI`
Yara	None matched
VirusTotal	Search for analysis

Name	fb1fa6088c2e92a9_tool_more_bk.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_more_bk.bmp
Size	1.5KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 37 x 24
MD5	`e6b2e29fadd1630257f3f5c1274434a1`
SHA1	`ec32cffd816bf7a79cd66f82d24eb4dde85deccf`
SHA256	`fb1fa6088c2e92a94ba7f720c6ba091a13916fbe2a4ae3a13621c3dcb1d0307f`
CRC32	`59BF3ECA`
ssdeep	`24:4HyFmd5R4nennnnhnnnveKTAAeM999y99999esWBpCcs0FgHIGCNSfX6yFIQLKpV:M/4nennnnhnnnveKEABsWLCuRGKSleQ2`
Yara	None matched
VirusTotal	Search for analysis

Name	8da14b7faa69daeb_muted.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\muted.tpal
Size	3.4KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`62ff50650f4445efed8372c38fdb1a3d`
SHA1	`bec662c8c5d5ce9c8ee3040f7960443e74ec3f86`
SHA256	`8da14b7faa69daebe69eadfad448cce10e9faab5217059cda4ee1e81345f78fb`
CRC32	`2666C2A9`
ssdeep	`24:2d82UASDj24TnsEq+nVtzsOtHe0CqtrKcnM3WqNuKFc4FIPcHlryZeCKxqoZAP0h:c8r3eu6ZLgmbo2P`
Yara	None matched
VirusTotal	Search for analysis

Name	129094037fa5c000_tangoiconthemepalette.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\tangoiconthemepalette.tpal
Size	1.3KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`9009a9ecee84a2f8ea78b8a194c87e51`
SHA1	`3660ef6b1c73bb81c3e702d2b30962b7d994ef8c`
SHA256	`129094037fa5c000fd761fbd13b3f5e71b4a9e5ab7167d529d6c7df06ad2adf7`
CRC32	`0228CB6A`
ssdeep	`24:2d8NpYqb/0SiKUiqiqiNfqL+qho4IzstDqogIAzWqFIX++h+qqqG0+c:c8PhzXYFZ`
Yara	None matched
VirusTotal	Search for analysis

Name	8e96a33fc8635e1f_libid3tag.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libid3tag.dll
Size	85.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`4c85dfba434a42bcd7e31d33e480dce2`
SHA1	`271b47765442fc9e50e0cdf46d0adb8a854fd496`
SHA256	`8e96a33fc8635e1f12e14e3c9aac6ad5ea21f7b70f0e9e423b487bb57ebbce1e`
CRC32	`A799FE5E`
ssdeep	`1536:G3KDgzmAgyM0tlnOZO5WfQeN7VHS6WnjFFbm9B8JTKAFh2:Ga2SOtAZO5cQe5s6+rb2WzFh2`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7fcbfeb0e28eaf8b_caramel.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\caramel.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`0ce40760e381e5049a723e79f88669d0`
SHA1	`033b51ff18d470e7bf244cc89f0ff03e7cef238c`
SHA256	`7fcbfeb0e28eaf8b1d0a506ceb729b6725aa2aba551b797c0380bbcfe10a4ac4`
CRC32	`3AE3E41B`
ssdeep	`48:c8DYdnffnqF/m8vNA8OpuOojY7Ji6bdblCoqg86LCP5+4:98vqFJwujjY7JiublCw86i+4`
Yara	None matched
VirusTotal	Search for analysis

Name	5502da0b916af88b_borders.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\borders.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`1711fc04abad15a9a3fd30b10088eb53`
SHA1	`53e11fd716ce8c00d16b8f3381fd7b240a0af71b`
SHA256	`5502da0b916af88b80f385f2057e356c32194da32d953b19bef64bac76388195`
CRC32	`7B30151B`
ssdeep	`48:c8w3ZxjRhlnXqyDdt3alSyqqJmU03jtv0LZEEd6b0Hs62OfEiXkWOisqXa:9sZxRXq6de1wt7EEIHs6rfExWOYXa`
Yara	None matched
VirusTotal	Search for analysis

Name	7f951156e8f582c6_unity service location.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unity Service Location\Unity Service Location.lnk
Size	1.0KB
Processes	1976 (hexacyanide.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Sep 28 16:31:51 2021, mtime=Tue Sep 28 16:31:51 2021, atime=Mon Sep 27 04:51:42 2021, length=7770112, window=hide
MD5	`9f212554b44b617821ee1e6e34de8897`
SHA1	`57a10ad9adfee2fa0d3dbe46f489355935dd8ad1`
SHA256	`7f951156e8f582c6c308e4f5462a029c19a380ad67532e3fcc658ceb0ad91c37`
CRC32	`275CB4F0`
ssdeep	`12:8mkRm4cZCrR8EvSEk9vzSL6XS5oxITAxldizCCOLAH6AK/CoV8lCX/MJoCo5sg7d:8mcsERdG2DouSizN0/CoV83yCoOO08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	c4eb60418a9a1976_volcano.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\volcano.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`06ad34d97673f018b4a397407d163b34`
SHA1	`f1b2339d19c9c0d151e682730949cde90b43bded`
SHA256	`c4eb60418a9a1976272cbfa8bda1905efc16c57b70222243b61515b43f9784fc`
CRC32	`125B26D1`
ssdeep	`48:c8yqN8JZ9BBJKEA2NPFY+VhqXHsNUHkHh6llDt6PF84:9yzBJPhNPFY+LuHsikH0lL6PF84`
Yara	None matched
VirusTotal	Search for analysis

Name	97208dd6652c0f7c_view_pos.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\view_pos.png
Size	2.8KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`b9f9a3dc2f52f4018994e1412af7765d`
SHA1	`647861fad3cf60f8c6f0ba508862f6eab18ee2f6`
SHA256	`97208dd6652c0f7cb00624731d849d3e78d04bad394751aae6a52772d09d309e`
CRC32	`76165AF8`
ssdeep	`48:l/6qbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d70V0:lSMllcHitlIxv9vk7C1+I4wWHLihk/xZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3386cab5cf90d40d_add.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\add.png
Size	3.4KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`0128ad7e04e9a25c9ab4316c13d8deff`
SHA1	`55068a4cc67a2fe94ec15ee46be67ad367d31117`
SHA256	`3386cab5cf90d40db4f15e34c6bd15cb832848c6b61fa1ca5fa3ad60ae7d9b04`
CRC32	`FEA7C21E`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xN0ptxC7rqu:lSHIIHUCD4wan0s/`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	cc808f40ce255fc2_tool_bk_rec.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_bk_rec.bmp
Size	11.8KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 107 x 37 x 24
MD5	`920de53614f6ed465bd834a2fba08b1e`
SHA1	`c8cb40288834aacc5d037a8df93bb818d83b548b`
SHA256	`cc808f40ce255fc26e33a2b0ecb75ad600fd5fd14c72aa178494e7c1ccb70480`
CRC32	`16D1210D`
ssdeep	`192:AannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnE:AVTooMgvDW47`
Yara	None matched
VirusTotal	Search for analysis

Name	591a11c1ac96b827_page_cur_left.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\page_cur_left.bmp
Size	1.1KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 26 x 24
MD5	`7d675ef0c22d614867a17f6649f6d754`
SHA1	`8ea7437aea964897d055fae20d83f6e14c375ac0`
SHA256	`591a11c1ac96b827bd76d7496ebc69fee6600d45db0b2758b80adbbb6eaef4fb`
CRC32	`E8BE5ED1`
ssdeep	`12:KsaLxJf6lDsqqvACv2qwznlrDS7ELVBKepEy4QHpzYXjQn:KpxZ6sIznhwwKWEpQHBYUn`
Yara	None matched
VirusTotal	Search for analysis

Name	83f074dbacf3d3dc_libgstriff-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgstriff-1.0-0.dll
Size	84.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`893c149773bff81b55530820207c73f0`
SHA1	`46c6b5f00b463d31140a0b9972d4bc2b04ba0d0a`
SHA256	`83f074dbacf3d3dc4c7d5646d056359bb7cb29dcd1a2d109cd07ee21dbdb42af`
CRC32	`1C1B1A25`
ssdeep	`1536:7JXErVqLiEb/Zp/Yz6V3JNmODTYaxIHsVn9HIjUmY5e2oC2K9lZ:7JXEBqLiCHAz6V9V9GURe2oC2KTZ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2ff3b93b2c40e9a7_move.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\move.png
Size	4.5KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`3ff52a11e8c7bb4096c67e13735e2286`
SHA1	`3d67f161dcce72f50d1a0329ffc3e113563c8747`
SHA256	`2ff3b93b2c40e9a7a0c511ab2de23c97e11ebb0eb33301d834a237f9c4bea3ca`
CRC32	`7ABD3430`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xIzO2FvL8+vJSgK1:lSHIIHUCD4waHuvL8+1K1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	a23ae5331148a17b_split.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\split.png
Size	2.8KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 2 x 37, 8-bit/color RGBA, non-interlaced
MD5	`6d4e63beccf8393271c0b6370e48afdc`
SHA1	`4e7c22bad73eb9778bd8e8a6d8503659c735ae9e`
SHA256	`a23ae5331148a17ba5ce1342218a2e0746de7ebd24cba316864f1be3b115539a`
CRC32	`8E9A3FD5`
ssdeep	`48:qsB/6qbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7hb:qsBSMllcHitlIxv9vk7C1+I4wWHLihkr`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	989dc87ab2f2a18e_help.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\help.png
Size	5.3KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`daf034205e2dac380190afea4288ae1d`
SHA1	`b68425743b930f97837e729d99b13cac2438c294`
SHA256	`989dc87ab2f2a18e744172b60cff97e84f46edcfbec19ca43d8d2825201594e1`
CRC32	`DF6BC1AC`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/x0JawCb7cRO1bboMgxyjELoN7JSrAj1v:lSHIIHUCD4waIawEYgkMgbkJHjR`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	798fc0d8df77e48e_h.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\h.bmp
Size	236.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 1 x 45 x 24
MD5	`b036b292b282939687ae557edb162a00`
SHA1	`7cde733399f34fd0c55b8e87200d2d5af677b4ab`
SHA256	`798fc0d8df77e48eec1925ccbe2b33aff136879f64a2e42c00e4037c26091130`
CRC32	`21C0A6A0`
ssdeep	`3:8ClAlU/lTlO36vVKssqW+qSM7GhdzWYWr7YbRIYB5NXLLLLLLL7:LlAKi6NK6Rz+r72CGNXLLLLLLL7`
Yara	None matched
VirusTotal	Search for analysis

Name	10c7aac4eab59589_coldfire.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\coldfire.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`d448bb01e8902429f2bef222c53d28a0`
SHA1	`07453aee1fa4b522ad9bca7b0e2fc4a1518e5eef`
SHA256	`10c7aac4eab5958928539e841a1842bea8ba8209d5ea0b174f384cb23bb7e714`
CRC32	`B8A4AC69`
ssdeep	`48:c8mvK/6xwQZEl9m4vkUYQHHqmu4KK22UldeaHN:9adxovkU9HY`
Yara	None matched
VirusTotal	Search for analysis

Name	85f372fc9abccc6a_expan.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\expan.bmp
Size	3.4KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 60 x 19 x 24
MD5	`695be8615004be742ddac43db43ac487`
SHA1	`3747820a5f0b7b52207c2a5293b9449fd677dda3`
SHA256	`85f372fc9abccc6ae0e9d69be11ba156b99a695785f80f0a4482d50dce86a3e5`
CRC32	`1BF0445F`
ssdeep	`24:0aaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaxPc:MPc`
Yara	None matched
VirusTotal	Search for analysis

Name	fa53956f08d3453b_eye_s.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\eye_s.png
Size	4.0KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`557719529fbf460cce1a29461e72cf88`
SHA1	`5fb941cafea3ce982d2c5eb64b961e9ec130f06e`
SHA256	`fa53956f08d3453b6ff884c3c1a0a7739fb8963fdd2f3830383987e5758b82ef`
CRC32	`6DCC609A`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xLfxxt3ATVJ0dBrtIjQz:KSHIIHUCD4wat7RATVJ0nGu`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3d5a5623cdea823a_qgif4.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\imageformats\qgif4.dll
Size	49.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`b690fdd8fcd1c2700f35388e9b1e5974`
SHA1	`51669dd917b3f81b7d4526af36938dcf8c0aa7d9`
SHA256	`3d5a5623cdea823a14102a43cac78902a73840434ba0fe9447aa8f37f887af4a`
CRC32	`495815A3`
ssdeep	`1536:LBv1ky0ucs9y43wtHs9AjOQ0oHmfFDbJfhSuH:LBq4pyv29wMoHkFDbJfhf`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	05133d0e4128b2a1_ega.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\ega.tpal
Size	10.2KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`f0fa14a067634eab20068e39683fe4b9`
SHA1	`b371614418d57e2e0bdceaaa65e31868ee2cbb4a`
SHA256	`05133d0e4128b2a15daf6a1c98a71d1578934c02b1ade5aec1c24318486ec600`
CRC32	`1AB1D62E`
ssdeep	`24:2d8+KKVG0v/+Hpf+19h0L3TKKVG0v/+Hpf+19h0L3TKKVG0v/+Hpf+19h0L3TKKJ:c83iiiiiiiiiiiiii3`
Yara	None matched
VirusTotal	Search for analysis

Name	1c4e648338cc786f_eyedropper.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\eyedropper.png
Size	472.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`da0aa6853b8c4506458c03ee2ed89d74`
SHA1	`0a02713202e4cdc18231a58bbea00b7ff2a06d69`
SHA256	`1c4e648338cc786f3c2703758a338275ff732d8d075b53fcfd3fe8a6bcda1db7`
CRC32	`E07E8E2F`
ssdeep	`12:6v/7jojRZw5deasPaSRWdBTC2YNOm1GAnIsH3A7Zg5DY3:WoVZuvoudxQNOqrXA7Zg5Dy`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2cdc6f9758f47684_line_fill.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\line_fill.png
Size	467.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 20 x 18, 8-bit/color RGBA, non-interlaced
MD5	`7796c02d7a2b5c0df877651bbca5a5c4`
SHA1	`a9d86e71fb1617f6417252ad84b201c225573b86`
SHA256	`2cdc6f9758f476849860a1922ab80d1de6132cf9149a6d318ce65ffb042cf19e`
CRC32	`932474FD`
ssdeep	`12:6v/7k5Sjlv7Z9BQtTRmTrWLlpf4Ab0P90QFiUr+lt:h5eR7bBWCKLld50P3Ylt`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6a1fc50707d75a35_web.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\web.tpal
Size	9.2KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`e35f1c80a2cae673b1841e64eccc04a8`
SHA1	`047d14a9c6dc6c6b7d81cc38b8f5693df7f5afb2`
SHA256	`6a1fc50707d75a35e1728d78a270cf345b0e36a0206fc147401574b80892c507`
CRC32	`5318D073`
ssdeep	`24:2d8hEyqQe37qQyVqSa1qyy3tqaCtqaskyqw+3bqwSVqSa1qyy3/qU8vnqUmVqSam:c8tb1Io2Co2tkCwcCwi+cI+cpFpe+4xs`
Yara	None matched
VirusTotal	Search for analysis

Name	8eac6b815d8592ca_coolcolors.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\coolcolors.tpal
Size	441.0B
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`0117b756ba1adf57fc7174e4ca129f9b`
SHA1	`73991bf7ab90c93c83c253459a96f09c3a8a30b6`
SHA256	`8eac6b815d8592ca469f73ea7eb135a59cb1d01240341bd2b25122c078ef7969`
CRC32	`247F0045`
ssdeep	`12:TMHd89y/eFahgerwgegnhgeygewgemge5geMWhhg:2d89y/SaquNFnqg+QRB9`
Yara	None matched
VirusTotal	Search for analysis

Name	c71dea3f8a35ea89_tupi.pdf.css Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\storyboard\tupi.pdf.css
Size	137.0B
Processes	1976 (hexacyanide.tmp)
Type	ASCII text
MD5	`d6a7f0c76d6a91e2fca523a2ba0780ee`
SHA1	`0bdb428a9ea15b9a23fc724ba113753d616fa407`
SHA256	`c71dea3f8a35ea895d49951c6e18e5204e565e2fe726ccccf0c64fa684ffc967`
CRC32	`CC199BEB`
ssdeep	`3:tMuMfwFJXKOZleH1RKwFNF9dYIqRFcPNbviqkHFmGOCXLyrDwC:tVeweJH1X6Iqw6qkc8AsC`
Yara	None matched
VirusTotal	Search for analysis

Name	d1111915f3e27ef6_libplist.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libplist.dll
Size	62.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`49055810fcc813a8e1bde0a64233f06f`
SHA1	`70f9b4f9668cede76b785dd3a1d54146b7f8f68a`
SHA256	`d1111915f3e27ef605141a56cc5bedea25684ed44784de1213e99f5fe9e5a41e`
CRC32	`76319308`
ssdeep	`1536:Opi4OKRmDCqQPlwXVXKXHWRi6H7hubmKvp08k:OpLmDCqQWXVamRLMbpvp08k`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	308fd459d3e47294_cursor-felt-marker.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\raster\resources\cursor-felt-marker.png
Size	513.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
MD5	`78f9392ef715ad90f7e7d052224ecbff`
SHA1	`484f5377e890c361d3fe603daa3e4191d1ad2bcf`
SHA256	`308fd459d3e47294fe19dd8c0d29b4909244797322a2a61bd4ffe05c896c201c`
CRC32	`13F981DB`
ssdeep	`12:6v/7O0k1ytzlDzZDC7U7KTJX/e2zqb8XYIhGXn+k7XbXb:Ok4pzs7UUjqb8thI+GLXb`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	474e2c6bf369a2e4_page_cur_mid.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\page_cur_mid.bmp
Size	158.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 1 x 26 x 24
MD5	`26bc12cae417dd107a411bfc549919f0`
SHA1	`1e1934bfd54117a02b57129596082cbbc8dbc7bb`
SHA256	`474e2c6bf369a2e4827216202c400ff4b10cb613143b0e33dfdb5b81bf92cfe1`
CRC32	`1101D735`
ssdeep	`3:WlllSl3lll8lNlRSlCVoOll++++elYQ++++++++++++oDn:W/olVcm+++++61++++++++++++oDn`
Yara	None matched
VirusTotal	Search for analysis

Name	6eae7d2bf9a9407d_grayviolet.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\grayviolet.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`e1c4fc5a5f9cf9ae8505662465102bf0`
SHA1	`545cde2eeedf122aa4f48c72a583207ad6e7431e`
SHA256	`6eae7d2bf9a9407d53425de940a727a0e0e2f79c5d445a7faf71ba1853ed1a06`
CRC32	`94236ACA`
ssdeep	`48:c8uSLtvw3VcClq4m24gygvJWb4qNWmk+sH5mlg3nwntPmYYOjOrG1UpM:9jvwlcClqMgoZmwnUQlOjOrG1UpM`
Yara	None matched
VirusTotal	Search for analysis

Name	3c12f0a9f43cf88d_liborc-test-0.4-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\liborc-test-0.4-0.dll
Size	51.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`00d68e20169f763376095705c1520c4f`
SHA1	`75ec5e1974654613c9eeeff047f1eb58694fd656`
SHA256	`3c12f0a9f43cf88d82f5cc482627237f51a63a293ef95f2342222ebde1fb909f`
CRC32	`36D9655C`
ssdeep	`768:OsH/CHGrCasbXzxUuAEZ1rXK4bgCAosF14HYs44HZcCq+TEbbJwziIHc42+ewBmV:OsRvQras7jHYN1u+JwZmwdtmns`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0eac2f4f57ecfa97_square.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\square.png
Size	196.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`16441afa71600f639f1584c1bf3bc297`
SHA1	`0643ea6b12f87268e381b6838a94ea3cc2bee6de`
SHA256	`0eac2f4f57ecfa97bf8ea09bdb9e0ada6304312efcdf8cd9810498b540792c93`
CRC32	`2098D31E`
ssdeep	`6:6v/lhPvz7aQGZj46wlifH0d1EsTacMpNOZ0oeZkaCLoUp:6v/7T+ldB0d1ocH0oGTCL`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f6e2cc8eb2a19742_check.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\check.bmp
Size	574.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 13 x 24
MD5	`613f8a5427662e9fc08805a6ccfdf596`
SHA1	`7b4bccd143d286f455e98ddb04f36dd5e9f2f09b`
SHA256	`f6e2cc8eb2a197421fbb112383a7424d27ae66c26a423f2a2b446fd248e0cec0`
CRC32	`6560F0D7`
ssdeep	`12:QU7I28laCIla9NzwlhRkP4uibEAkPen9AkP55lQnuAkPwM:mACIArwlHI2nug`
Yara	None matched
VirusTotal	Search for analysis

Name	8f100625e74f3ae5_tool_more_down_bk.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_more_down_bk.bmp
Size	1.5KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 37 x 24
MD5	`c1b9ba8419c24d958dc8efb220ecd159`
SHA1	`8ba50dcc51e1555bad480b07f4bc85415fd0bb07`
SHA256	`8f100625e74f3ae5e35f368bfa7149792d4bbc88e489ad78093b4a075cbf2c76`
CRC32	`44F62426`
ssdeep	`24:4H0Xdp5qV4WNrbnnnnJnnnvetU999b99999JvBpCBzsAlFL5SvXsOxAhJj90EUAH:MI44WNnnnnJnnnvegvLCfL5SZAD90bAH`
Yara	None matched
VirusTotal	Search for analysis

Name	fc9e858a9b4dc26c_darkpastels.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\darkpastels.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`7dd9866633ce45f76060c588e030465b`
SHA1	`93976533a4b005fc12a96113738ef75a15761db9`
SHA256	`fc9e858a9b4dc26c25c345c91af753f0b60998f5041efe4a1fec63979a5b8af9`
CRC32	`3E2583CE`
ssdeep	`48:c8tJXTREE1xQSN+3aX5TNZsU2bRERvvQVPttl+lIofeWfgqzmGfHRII:9XTPcKJNZWbRE2+lIoGWgqzBv`
Yara	None matched
VirusTotal	Search for analysis

Name	c5616071d5d2e858_libgstsdp-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgstsdp-1.0-0.dll
Size	77.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`8b89a31d5d3f3173f5e3bb9118d04a7e`
SHA1	`b9829c7df23d7190928041753e2e07069c7abfee`
SHA256	`c5616071d5d2e858bf26cea64bcda17b6c494b1507ea96a17816811c6071e4a8`
CRC32	`F8D11853`
ssdeep	`1536:1ISc1+2KuvhLeGwUNHsdvisJy2bmN0+RveV6yG:1e1+so5d6AbB+EV2`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5a428d2820872838_bears.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\bears.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`1dc710129081ec71b533232c139da1e6`
SHA1	`e6d91a05d7e09f4bfbfd5b6e74cb913fc8237b12`
SHA256	`5a428d282087283879837ae7aceedf5440b543b0a1a1453c5f00b0b7819cc1bc`
CRC32	`A8095CDD`
ssdeep	`48:c8YDwylbCBB7FxS8vHK+7GrkeyL2eJc6zgqkT3ruyS0OB:9YVuBT9v1SrsLJJc6zgnT3ruyBq`
Yara	None matched
VirusTotal	Search for analysis

Name	202172cc0790f1fa_thread.dat Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\templates\thread.dat
Size	492.0B
Processes	1976 (hexacyanide.tmp)
Type	data
MD5	`5b6ac36e9d9e017bdbbcb1bc2dafa9bc`
SHA1	`21db6886eba7c3eb8f363ed35e2bc3d983def69e`
SHA256	`202172cc0790f1faf3a63868eb68c69b879a7acf74b674fc235c6477488fb586`
CRC32	`46F9B83B`
ssdeep	`12:fUOb9WXXPwA/jceVLw8byESwNYD9w8byS//P/T+LW1DQn:cO8XdQ6JeEHYRJea/HyLWyn`
Yara	None matched
VirusTotal	Search for analysis

Name	6dd04b476e85d7e2_text.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\text.png
Size	246.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`851aee7bb4494f397c54c61e6a4ad850`
SHA1	`3bf611eec106240f145a014b3891f151a6423d13`
SHA256	`6dd04b476e85d7e2bd4846de186fe440365e08116b9ae451ca8ceebdc6ac9640`
CRC32	`05D63946`
ssdeep	`6:6v/lhPv19YVlA4/RcjXUfgrswwI6is5JsQeIYAFv8XO/ibEyfljp:6v/7jojRwxYF58+q3NN`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	73173fcc722ca03d_toolbox.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\toolbox.png
Size	4.0KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`0a519668d8222e2221f0ef8b261efcec`
SHA1	`0c161c72345e4cd264c777bc08526c0ffe092821`
SHA256	`73173fcc722ca03d4c08c3936af58d038c8d825936c0c56cb14892f1d7c7aafd`
CRC32	`CAADB234`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xrRCkec9VZIYxkyEW9:KSHIIHUCD4waVROc9pc4`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	47d058f0e54a43e2_cursors.svg Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\cursors.svg
Size	29.2KB
Processes	1976 (hexacyanide.tmp)
Type	SVG Scalable Vector Graphics image
MD5	`460a93892b06fa42822eb2e0ff9b09cf`
SHA1	`4264f0c907e5400444435b62fef1237ee461f9f5`
SHA256	`47d058f0e54a43e2d07b4a226404ba04bce3f57ce8451cf5c9420d038881b6f5`
CRC32	`C32509FA`
ssdeep	`384:sXltlHGT47TJjpbYzcXFLr4gaj8kt26LxFRKtpppoYcKL1WTs3Rtxi:sX37pczcVHQ8kt26LRKDlcKL1WTs3zxi`
Yara	None matched
VirusTotal	Search for analysis

Name	64f8c11a78e39ee0_op2.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\op2.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`88b9a72327b3fa17d22f07e3b20e2f5e`
SHA1	`5bb1b7aed17138a16b4525f443950692fd6b47e9`
SHA256	`64f8c11a78e39ee0c8120e1efd11332cf0841039556dd34d4661892c4b15ebe3`
CRC32	`B1D39E44`
ssdeep	`48:c8nPbv9sGIsQWYkqvQxxNHDuTjtXkxx/iiiiwllEFv:95sGI1gxNHDaqxxX`
Yara	None matched
VirusTotal	Search for analysis

Name	7f79589f36cfb161_libfaac.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libfaac.dll
Size	92.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`4299d8c96853f2210a3e7827ab6a4e80`
SHA1	`3906abbe7463d5e2dc50cc676e1ae8b51adcaa06`
SHA256	`7f79589f36cfb1613abb2f2338c6177afd4984f3d6a8e18c08f13561796b3a7d`
CRC32	`7CCA7A34`
ssdeep	`1536:lJ46GFya7vjnxvoPENgBPIO4qHlCef0vovpg/1H6lbEdozX5mAofEsyQh9:lJkBvjx2Ov1/8lgKb53Rah`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d446cfa4abe82360_shrink.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\shrink.bmp
Size	3.4KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 60 x 19 x 24
MD5	`d7dfe88ec9fb958874a30f2d1abfb02d`
SHA1	`841c3d150d75def5a7ebbd32808b591772f78310`
SHA256	`d446cfa4abe8236015ef5bf976f7184e17b2cff54988dc49a1cb8d5b08d75abb`
CRC32	`8C1CC312`
ssdeep	`24:0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaP/xAt:L/6t`
Yara	None matched
VirusTotal	Search for analysis

Name	51393c1a1766a1a9_go_down.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\go_down.png
Size	3.5KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
MD5	`19d42f282a3ee053dfc9b03f6acfe7d3`
SHA1	`26682f1400b0bc871fbc2c8ad8da9cf25f95b94e`
SHA256	`51393c1a1766a1a929fe537532e6df32f217d257335aae989e399166e093d053`
CRC32	`5CAE80E2`
ssdeep	`96:DvyWDtvYQtHfxKc7OnseTDLfZJDO9L5Tyg/C4XDpi:zXBYCp0nsAXXOPug/Tdi`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	24631e1bfa921b96_tool_bk.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_bk.bmp
Size	4.1KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 37 x 37 x 24
MD5	`be7bec06272ef1f077db8e7e2f93c5d3`
SHA1	`ccf4cfbb35a0f543d3ccf8d25b6dd04cddacedc5`
SHA256	`24631e1bfa921b96edf0d3403ad1f41a7deefd589bc79fe87296313af879bce5`
CRC32	`BCFFEDC4`
ssdeep	`96:xTlx3SNfVVVVVVVVVVVVVYRS+aVLtovo/M4VSWxkoooo3ooz:x5xa11ovo/VVSWe`
Yara	None matched
VirusTotal	Search for analysis

Name	fab9e27c74c30fa2_cursor-airbrush.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\raster\resources\cursor-airbrush.png
Size	823.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 32, 8-bit colormap, non-interlaced
MD5	`ec2236696e622a7e0f0afdc4687a85c8`
SHA1	`00f6eef8081f1fdc0b7b9d27e80dbca0c47404cb`
SHA256	`fab9e27c74c30fa259d2c134c35f554a3c020c5c027c6a3b8e338ded7fe7bfe0`
CRC32	`62DB95FD`
ssdeep	`24:sqVHIJWyWost3+CuZDxX2mBH6n8SXO9iNp/7:sEoJWostu9xBgfr`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9c206640e5b83996_keyboard_s.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\keyboard_s.png
Size	4.1KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 42 x 24, 8-bit/color RGBA, non-interlaced
MD5	`47c46d096d65f94cf77f02c6e119f76c`
SHA1	`544d822e8e4e4d9428d795622579525f9a9d261b`
SHA256	`9c206640e5b83996918dcdf9c313e32883dde6cc920dd96ce657a667f2bb570f`
CRC32	`3CA01DB4`
ssdeep	`96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xfr7HjQ1OQfl3D:KSHIIHUCD4waZr70Ooz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	39eb09023dc7fc1d_del.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\del.png
Size	2.9KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 7, 8-bit/color RGBA, non-interlaced
MD5	`263f8a4b34d79b54eb2c9a1985f8dbc1`
SHA1	`5aa49473593d7f4181826b1b3fb134e30da5d0c8`
SHA256	`39eb09023dc7fc1d596aac27fc54dfd27a8493f5a8935d071ea11e908c798928`
CRC32	`4174C6C1`
ssdeep	`48:Vd/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODYnch:VdSDZ/I09Da01l+gmkyTt6Hk8nTMw`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	08bb9ab18bc07ce8_move_up.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\move_up.png
Size	3.8KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`4d5e40f7f477ba222d376315e1276ead`
SHA1	`00be38577dc9e002272ee8bd6c4e044b7d9203de`
SHA256	`08bb9ab18bc07ce8ca8f5341e8e243186ef011299da970ea67d33e0f294126b8`
CRC32	`A170AB14`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/x/J6MqSROzLK:lSHIIHUCD4wa3Nqs`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3409af61a935e664_tool_bk_play.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\tool_bk_play.bmp
Size	9.2KB
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 83 x 37 x 24
MD5	`ce1007d159b0000540e8e5871c1b4fbf`
SHA1	`1996249f5d6634af9b94fd242e3692c8f9f9f6af`
SHA256	`3409af61a935e664289cbc4ea58a57ba1064cc40b7ebfce33951738ddea3c716`
CRC32	`49F5F8F1`
ssdeep	`192:DInnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnJnnnnnw:DfToo0g6o+wX`
Yara	None matched
VirusTotal	Search for analysis

Name	f8bfca184e1a613c_netoptimize.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netoptimize.lnk
Size	990.0B
Processes	1512 (unitylocation.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Tue Sep 28 16:31:51 2021, mtime=Tue Sep 28 16:31:51 2021, atime=Mon Sep 27 04:51:42 2021, length=7770112, window=hide
MD5	`62b87c6378a182a1dae6813862970bc6`
SHA1	`f8f7050ca34033de085539fbec19551892bd6feb`
SHA256	`f8bfca184e1a613c8a714e16ea9b8139a6984c8781b84e984149d6529ab4fab4`
CRC32	`9C5E17A2`
ssdeep	`12:8ikRm4cZCrR8EvSEk9vzSL6XS5oxITAxldizCCOLAH6AKsYssRHsEHACoV8l4EgB:8DsERdG2DouSizN0sCMEHACoV82EO08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	222176f087acb16b_libmpeg2.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libmpeg2.dll
Size	1.3MB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e37b4fa82f6710909438e20522be31a8`
SHA1	`4e08cbe4389454e7995bd9f0ec7aed82d5ac1a50`
SHA256	`222176f087acb16b3ba76577abbb718218a384d95bf824449d086e44de10a1d2`
CRC32	`E5C6E8E8`
ssdeep	`24576:7vPGO1e6xBnWw1VEST8IKH3ql7nbz/jz/zz/Oz/qz/jz/8z/cL/ADDmPdde9OCVh:75eUtXSI0yRKBupMcRc/s+kobXnz/q/3`
Yara	ASPack_Zero - ASPack packed file Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	f8eb20e08ad9d0a9_page_right.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\page_right.bmp
Size	990.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 12 x 26 x 24
MD5	`9039fcc2db5d73773d051ebc831b9175`
SHA1	`7a4c72e5252ce3a450fa58102cc5756f236a5822`
SHA256	`f8eb20e08ad9d0a9e4665a87bc244d0dbfeff8f863701db743e6fa06dcef4d5a`
CRC32	`579F5B38`
ssdeep	`12:OiA03S4u7EEEEPP96WrGaragRRVZ3OflRxv8HdaeaW:hCdHNOuVZ+flRCHd2W`
Yara	None matched
VirusTotal	Search for analysis

Name	4a58d71984b72866_circle.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\cursors\circle.png
Size	635.0B
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`26ef5ccd4225951d472e2ac7d243e62e`
SHA1	`c1161094e3f6672bd4114502c82f9e4c7aaa25bb`
SHA256	`4a58d71984b72866a4a136557adb149807a4b912f10f097e28a2c0af2568465a`
CRC32	`6E973DC5`
ssdeep	`12:6v/7T+l9jCDdTC760CKAL2itUr814DRSwqhu9vaXJhwh3rzLHrhUDwT4pcXypDmz:E2+DdTg60vALN6Rou9vaXJypyDx+ypDI`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	dd63521c525fdc22_help.qss Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\dark\config\help.qss
Size	106.0B
Processes	1976 (hexacyanide.tmp)
Type	ASCII text
MD5	`4a2dad5f244335083ca6082dc5f5fc97`
SHA1	`7c84e6f4aae2cecb1263df48a1dcf4f9e18c468b`
SHA256	`dd63521c525fdc22f4a8cdccb460006dc2e8d74fa38e0c920f5ca08c0ed6fb24`
CRC32	`B1138DDB`
ssdeep	`3:MXkHEGOCXLFSKPjUZ4GYF3IXAAlkHEGOCXLorOC:q8hRjUho3a80`
Yara	None matched
VirusTotal	Search for analysis

Name	4c99c72663c1944d_libchromaprint.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libchromaprint.dll
Size	78.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`87b32e6ed0b33019ddb113db9ee52b23`
SHA1	`f6661c6150b3afa8f5603381911b87645f932b44`
SHA256	`4c99c72663c1944d031d6b4d0aa18c3356e964ef874103cbfac61589590d742b`
CRC32	`7A104A11`
ssdeep	`1536:iRc06HCdj3uTEv22Ec1eFOCvgxqHm04rgl1ammsUZNIEklJMxb+:iRc0aC13oC1eF7G0MoamzK9klJMxb`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9cc6fdd6b5d1d85e_topographic.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\topographic.tpal
Size	11.0KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`c2edbbd8e83f46d9d2168dd6b56faa30`
SHA1	`0d769874b50281475feae4f7dfa65df1ae258e74`
SHA256	`9cc6fdd6b5d1d85e74697355268dd3aab25a8ad5e9a89891c98f4a78d88a91ba`
CRC32	`CC36C88A`
ssdeep	`48:c8R/IYzL1PFJUq9I3Nzm3nZBFGVWaYi3fkfZqyDYAXdk2asC:96qQNunZBFgt3P2ax`
Yara	None matched
VirusTotal	Search for analysis

Name	4b9ab374abee95d7_redsandpurples.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\redsandpurples.tpal
Size	1.4KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`cc4d6b5bc7601fbb0585c0b8fec8330a`
SHA1	`10c5be7ef75cfd444fccae9b7d83ad3f9bacb5eb`
SHA256	`4b9ab374abee95d7e8a6e934848d9b450f6143338129871da990f152541c88b4`
CRC32	`ABA5D0E6`
ssdeep	`24:2d8YalGInuXj6sQT+qmldN4ij+q9l/qS3x3NVqdq3224qFt6b:c8YnI8BUlqUb`
Yara	None matched
VirusTotal	Search for analysis

Name	240022708aadc9de_visibone.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\visibone.tpal
Size	14.2KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`d7935ab5cd93d1ac36639609740fe8c5`
SHA1	`756d7cfdd3ebf4e6b6594dab656804c9a949ab60`
SHA256	`240022708aadc9de04a47d17d44e0648a5fa787909b397d26205913c8d586c5f`
CRC32	`B77198A2`
ssdeep	`24:2d8wEyqE87qkKy3sSy3Kk7q8EEyqKKKKKKy1qtqwKKKKKKKKKKKKO8SWKKKKKKK4:c85+k+ze4s2LGB/zpALKAZ+F+oER8qYW`
Yara	None matched
VirusTotal	Search for analysis

Name	2204684f02ae5185_libgstfft-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\libgstfft-1.0-0.dll
Size	66.0KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`29f7aab4e7367014db45f866ab052327`
SHA1	`f2bc284d7acbef09fea7136b9156ed79289059f7`
SHA256	`2204684f02ae5185deaa3704ed8355a737018cae320e68e3209311d1f2506237`
CRC32	`2011C2F1`
ssdeep	`1536:rfPpv2oNi2l7RyqgAVn21UH+KUf7jDq6LmG1h85:rfPpv2oYmGAVu5K4T7LRH8`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	74cd69e3dfde536c_paintjet.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\paintjet.tpal
Size	868.0B
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`4d3a4fb8b3b34337f6661affbdbeee94`
SHA1	`acb41d6dce2c15cf71897e2acda69e8b7714fb3b`
SHA256	`74cd69e3dfde536c35e84dc66ced40025f683061fccc48914cebc60f0859e9ed`
CRC32	`04633FEE`
ssdeep	`12:TMHd84eIgeIge5QQPgezgeNge4QgeCageHhgexgeNiRphge5QQPgezgeNge4QgeP:2d84KKTrRjtd/1Vgq0TrRjtd/1Vgqq`
Yara	None matched
VirusTotal	Search for analysis

Name	28cc002fbbdc1c9f_khaki.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\khaki.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`29a8b7bd0d763691535158b4e6901082`
SHA1	`9411117c64a9e9226a6cf7c5cfc4af47130c8bbb`
SHA256	`28cc002fbbdc1c9f642acd5833006971129224474d281b215eba84d8057f0e17`
CRC32	`AAB97986`
ssdeep	`96:9oimmq++ZthhNiu37RQBBhhlew/gugug5lkXddgptttI:9Y7RQBBhhD//Sk40`
Yara	None matched
VirusTotal	Search for analysis

Name	1252689cd56cf5dd_namedcolors.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\namedcolors.tpal
Size	18.9KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`301c15ebc9b8696007d0464ce84df930`
SHA1	`2463698396fab36dbabb8d6f295aad4630568431`
SHA256	`1252689cd56cf5dd1bf892a5fa89582ae488e5c83f8ac3ef6b2b2462162799e7`
CRC32	`ED94EE97`
ssdeep	`48:c8+ZWGPlIbNYbOiZHt77jV8BUlqUYVNY7Qfdm0sUR50jtesnSjAEGaaFac02LqKe:9+ZW6IbNMZHtx8apucU1snGAEG/0zCk/`
Yara	None matched
VirusTotal	Search for analysis

Name	8c9bef93aa1f6aad_unitylocation.exe Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\unitylocation.exe
Size	7.4MB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1ea293f829d821c8b49f99c3a9855c86`
SHA1	`8a496a13c73a0319be3b8af2dc3a7971523a76ee`
SHA256	`8c9bef93aa1f6aad346e28864e83a1e5a408d74c0291e96ebd6e9aa3beae45a5`
CRC32	`2416DE7A`
ssdeep	`98304:NV5itsRPTO/hEsGRVR8T7+z8kYsurxQvQOr8Xgwq:gGRPTEELRqBxQrr8Xgw`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	1d3d7f988f850b02_start.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\start.png
Size	4.7KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 80 x 31, 8-bit/color RGBA, non-interlaced
MD5	`f5e184ead0e879a84d323029f29110d0`
SHA1	`f65649cc54dac64d32365c485fad5f27be544cdc`
SHA256	`1d3d7f988f850b02d2a8be48da6e2c014d1046dbdcbaaea770e99580153b248b`
CRC32	`BB5516D7`
ssdeep	`96:RSMllcHitlIxv9vk7C1+I4wWHLihk/xndCOCmAYKx6Rk47x6dI9:RSHIIHUCD4wadPDk47xn9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9fe274fdbff1dc65_tupi.html.css Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\storyboard\tupi.html.css
Size	2.1KB
Processes	1976 (hexacyanide.tmp)
Type	ASCII text
MD5	`36cfdb6b3be5537658187f729a0a7884`
SHA1	`05c714fa9fc2677c7174d7bf8c99d640c774bdec`
SHA256	`9fe274fdbff1dc65bce4f485e81b84338d2753962528855405a21039a2943b17`
CRC32	`7D2D945A`
ssdeep	`48:UzFxCioMThGnz8WRgXOl+FwgEz5HGBGjWwg:UxMMl0Bg+YF8dHRng`
Yara	None matched
VirusTotal	Search for analysis

Name	648f95596f4c3757_save.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\save.png
Size	3.3KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 30 x 31, 8-bit/color RGBA, non-interlaced
MD5	`148dab367213e211b03e0a802a126f91`
SHA1	`d978603021d91be1fe1214dfbaacbb37f920286c`
SHA256	`648f95596f4c3757ffca620455f351647f53167be6ed948f0391fc1f43fce0d3`
CRC32	`F67265D9`
ssdeep	`96:WSDZ/I09Da01l+gmkyTt6Hk8nTJAtwf35XWD1:WSDS0tKg9E05TJAIpWp`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d0b0f9d9dfc6066b_page_cur_right.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\page_cur_right.bmp
Size	990.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 12 x 26 x 24
MD5	`e5603f89343e5247c3fd140381b8d41f`
SHA1	`09b073d92674520afd5e848201c3b62458f27df2`
SHA256	`d0b0f9d9dfc6066b5bcd9c87b201ce9c384548d8b43b1a6202718aec04b9b64d`
CRC32	`9197D3C2`
ssdeep	`6:zq2zlsKGcQwCZYeRYeNYetoYdlmf6MvZJfvOYe2A6MxAqzzvDl6TQab:O2zlsSQwC/3jtFl4NM2A1yGx6TPb`
Yara	None matched
VirusTotal	Search for analysis

Name	0cbf6bdd03cc6b94_warmcolors.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\warmcolors.tpal
Size	398.0B
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`e3f9d7b9210f7e693ba274c9f1efd643`
SHA1	`711f6af005d43dedce383217ca4ae5628ec720be`
SHA256	`0cbf6bdd03cc6b947ba4673860a294d69968f82bc4e4fa9c36eec2a1219aab3c`
CRC32	`D3619108`
ssdeep	`12:TMHd80r/eXhgeBLge6hgeMge+Qge9lnhgezwhg:2d88/dxDqKXaqi9`
Yara	None matched
VirusTotal	Search for analysis

Name	51240bacda84f87f_mouse_right.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\mouse_right.png
Size	4.2KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced
MD5	`6a9918e23ab79044efeecde0de314e12`
SHA1	`1ad73d3e486a5667f3b6b6917c70bf72bbc21a75`
SHA256	`51240bacda84f87f76d3d3e3b8bc07d98b6acd49c08fe7ca5916348bfc888602`
CRC32	`2AAE28EF`
ssdeep	`96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xI+3P/Mo3MPDPnpXwPu:lSHIIHUCD4waqyM1DqPu`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f40f1a551d9c05dc_cursor-eraser.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\themes\raster\resources\cursor-eraser.png
Size	1.4KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 30 x 32, 8-bit colormap, non-interlaced
MD5	`81983c0c5d4df73e7874f6f1d552637b`
SHA1	`45661bc0f56470d850bbf3aea5ea716a83958708`
SHA256	`f40f1a551d9c05dc024b64629d939b4fe698d615ce3f27f0de04dcfa2f6af295`
CRC32	`ACC2E791`
ssdeep	`24:PsGtBfLqJK+y8wC7RPVvZRiaE6XB9A20R40Enluk+WjKssWgpUVdpD1Unc9S1qRM:PhPfLmKdpCVdvPiabXo2040Enluk+WjM`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	519e38d7a61151e8_bgold.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\bgold.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`0355d5d6840ebe4b10c35302116f0775`
SHA1	`6b16c065a7aaa7817c177a6d0559cde4ee42563b`
SHA256	`519e38d7a61151e89ea53cf7b9c807dbb79cfae68e90ea0182e176f2242593cb`
CRC32	`AA5FE9C3`
ssdeep	`48:c86999BBhkHr68lQ77I68dXX0VVVIubWdr96IBIBWLZvRvmPV+kQ1xdrpR:9tHr68lI8dXX0VVV/bWdr9Q+kQ1xd9R`
Yara	None matched
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-MDJ47.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2384 (hexacyanide.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	52559c755fa6d1aa_open.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\open.png
Size	4.1KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 31 x 25, 8-bit/color RGBA, non-interlaced
MD5	`2ea962594348428926a9b3e0f059a456`
SHA1	`9e08dffb93b94e39d32d9e1858f3931a15157380`
SHA256	`52559c755fa6d1aac591ed1a1d3214cc5fa8a0513ffe22dc2993d5f0155edeaa`
CRC32	`9EA657E7`
ssdeep	`96:0SMllcHitlIxv9vk7C1+I4wWHLihk/xkBx8dH8el3qvGN5jq3:0SHIIHUCD4waeB48eMvWxq3`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	5136c627c10edbb4_mouse_left_s.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\mouse_left_s.png
Size	4.0KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 36 x 24, 8-bit/color RGBA, non-interlaced
MD5	`6870ced91962d2f85023319d245c4ec1`
SHA1	`f21af3716fbb1799ddfe33057a325951319d4972`
SHA256	`5136c627c10edbb46588835cdffaa8215038d563f6e72b6c45457ad711caca45`
CRC32	`8936D89E`
ssdeep	`96:ASMllcHitlIxv9vk7C1+I4wWHLihk/xY9D8uEsWXFa:ASHIIHUCD4wa69wRXFa`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6dc4bee625a2c5e3_pthreadgc2.dll Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\pthreadgc2.dll
Size	35.5KB
Processes	1976 (hexacyanide.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`928c9eea653311af8efc155da5a1d6a5`
SHA1	`27300fcd5c22245573f5595ecbd64fce89c53750`
SHA256	`6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387`
CRC32	`DB0D5B48`
ssdeep	`384:RHKAwDe/yMw0U0GuOI+KDYZ1EWsLKkSqPmMmg2oes9yzCuFYh3oDqLjBISO0IqMU:RHKAm0UsO76WsxDmELsCDIMiH3YN`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9b2ebafa403c72e5_check_sel.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\check_sel.bmp
Size	574.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 13 x 13 x 24
MD5	`380057851231099f05da502cec65e694`
SHA1	`45730f3ecf9e51206a152d4a822ebdc45bd96369`
SHA256	`9b2ebafa403c72e5a5baf02b9a49d91d73577ec3e6716de3c6a0b1d6d0682246`
CRC32	`B4507A1E`
ssdeep	`6:QclgWttmXHdct40XHJuj7g6PwA4h6PKO2FFh6PXDCPJFkh6PwyM4wG4h6dvSVmaW:QU7tm8FxOJDqUf4wsqUIJPOeAOW`
Yara	None matched
VirusTotal	Search for analysis

Name	4abdc44792d22b4a_lights.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\lights.tpal
Size	1.1KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`408e80bcee5ca28cf0975443d5c64fb3`
SHA1	`63b98d8f1c05aa61e32c82f9918d9f878f620868`
SHA256	`4abdc44792d22b4ad4127d0223cf4251b6cc3a7db375e7c654db6c1dbf6508a5`
CRC32	`323D2C7B`
ssdeep	`24:2d8q9eNjqvjFw4qEYqNqmIEorFw9EHMJ+C5qUyqz9Eyc:c8qrW1`
Yara	None matched
VirusTotal	Search for analysis

Name	d826e98a90b342fe_messagehandler.dat Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\templates\messagehandler.dat
Size	1.1KB
Processes	1976 (hexacyanide.tmp)
Type	data
MD5	`fbc744b2e3541625ea5d92e90647dbb1`
SHA1	`aa54b93416a1531589499b1bd24d97d4a19f062a`
SHA256	`d826e98a90b342feef56f672e2d7bb208a55bde84ef6f47daaf21b319a077b7b`
CRC32	`205B7805`
ssdeep	`24:cOvQ6JeTQhJeVIX9KJe4IJJe8/VXyLWys/UV+XxXZX9KQx:c2Q6JeTQhJeWtKJenJJecytQXxXZthx`
Yara	None matched
VirusTotal	Search for analysis

Name	dcb10ba2eff91104_l_expand.bmp Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\l_expand.bmp
Size	306.0B
Processes	1976 (hexacyanide.tmp)
Type	PC bitmap, Windows 3.x format, 9 x 9 x 24
MD5	`3fcb1cd905c8b04603a096b6205bd0f4`
SHA1	`3d9d26d44a7dd3867c283ad179ab3859084f8922`
SHA256	`dcb10ba2eff911046f4f03c44ea6a6357808823fc7ef393a5356b8bc8c690fff`
CRC32	`56C669A3`
ssdeep	`6:9IlH1OOOO07qdLeql/RLBROdZ0nWTSA0phOOOO+:9YH1OOOO07qdHl/DkTKphOOOO+`
Yara	None matched
VirusTotal	Search for analysis

Name	7870bf5c5735e5c1_keyboard.png Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\images\keyboard.png
Size	3.7KB
Processes	1976 (hexacyanide.tmp)
Type	PNG image data, 30 x 28, 8-bit/color RGBA, non-interlaced
MD5	`274d3ed51bf23963d69337d1f8a87521`
SHA1	`6cfe839e33cc9a8a84cb17615f0382fa64ec1eae`
SHA256	`7870bf5c5735e5c1cf717f228eab5fbc3ade9db5a94d8ed07f1abe25d58b0433`
CRC32	`5C67F4B3`
ssdeep	`96:ZSMllcHitlIxv9vk7C1+I4wWHLihk/xRCzWzsGkMAVab:ZSHIIHUCD4wavmisGB5b`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	1f6e201fb810fb28_firecode.tpal Submit file
Filepath	c:\users\test22\appdata\roaming\unity service location\palettes\firecode.tpal
Size	10.8KB
Processes	1976 (hexacyanide.tmp)
Type	XML 1.0 document, ASCII text
MD5	`0b35d57ab8df8f1d8e5c76cf9293f427`
SHA1	`aec01875bbaa8ebbe7a8ee7aa49b694a4b21aa4b`
SHA256	`1f6e201fb810fb2860a5e39ece07344baaba0bf8d79f597d3026b5e716716b0e`
CRC32	`9E3BAAB2`
ssdeep	`48:c8gGTMs3/4+plYPFawx9VXDZZZZ5MwUUQwalbaN:9fl3/4+p+PFawx9FZZZZ5t`
Yara	None matched
VirusTotal	Search for analysis