Play interactive tour

Edit tour

Windows Analysis Report update.exe

Overview

General Information

Sample Name:	update.exe
Analysis ID:	548777
MD5:	9608c8b6c8d80fdc67b99edd3c53d3d2
SHA1:	37b11d3d7b7a1d18daafd6c63b33526860aaefe6
SHA256:	8c1a72991fb04dc3a8cf89605fb85150ef0e742472a0c58b8fa942a1f04877b0
Tags:	exeNightSkyRansomware
Infos:
Most interesting Screenshot:

Detection

NightSky

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected NightSky Ransomware

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Writes many files with high entropy

Tries to detect virtualization through RDTSC time measurements

Creates HTA files

Machine Learning detection for sample

Potential thread-based time evasion detected

Modifies existing user documents (likely ransomware behavior)

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Entry point lies outside standard sections

Abnormal high CPU Usage

Classification

Process Tree

System is w10x64

update.exe (PID: 6816 cmdline: "C:\Users\user\Desktop\update.exe" MD5: 9608C8B6C8D80FDC67B99EDD3C53D3D2)

conhost.exe (PID: 6892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: update.exe PID: 6816	JoeSecurity_NightSky	Yara detected NightSky Ransomware	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: update.exe	Virustotal: Detection: 16%			Perma Link
Source: update.exe	ReversingLabs: Detection: 25%

Machine Learning detection for sample

Show sources

Source: update.exe

Joe Sandbox ML: detected

Source: update.exe, 00000001.00000002.590891257.00007FF6F5F01000.00000004.00020000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Source: update.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\	Jump to behavior

Source: NightSkyReadMe.hta130.1.dr

String found in binary or memory: <li>How to access dark web sites:<a href="https://www.youtube.com/watch?v=NpXEQHDOA5o">https://www.youtube.com/watch?v=NpXEQHDOA5o</a> equals www.youtube.com (Youtube)

Source: update.exe, 00000001.00000002.590857006.00007FF6F5EE9000.00000002.00020000.sdmp, NightSkyReadMe.hta79.1.dr, NightSkyReadMe.hta179.1.dr, NightSkyReadMe.hta162.1.dr, NightSkyReadMe.hta37.1.dr, NightSkyReadMe.hta113.1.dr, NightSkyReadMe.hta111.1.dr, NightSkyReadMe.hta221.1.dr, NightSkyReadMe.hta202.1.dr, NightSkyReadMe.hta59.1.dr, NightSkyReadMe.hta126.1.dr, NightSkyReadMe.hta173.1.dr, NightSkyReadMe.hta71.1.dr, NightSkyReadMe.hta69.1.dr, NightSkyReadMe.hta124.1.dr, NightSkyReadMe.hta19.1.dr, NightSkyReadMe.hta39.1.dr, NightSkyReadMe.hta56.1.dr, NightSkyReadMe.hta149.1.dr, NightSkyReadMe.hta121.1.dr, NightSkyReadMe.hta55.1.dr, NightSkyReadMe.hta97.1.dr, NightSkyReadMe.hta77.1.dr, NightSkyReadMe.hta211.1.dr, NightSkyReadMe.hta134.1.dr, NightSkyReadMe.hta87.1.dr, NightSkyReadMe.hta3.1.dr, NightSkyReadMe.hta68.1.dr, NightSkyReadMe.hta115.1.dr, NightSkyReadMe.hta222.1.dr, NightSkyReadMe.hta133.1.dr, NightSkyReadMe.hta218.1.dr, NightSkyReadMe.hta34.1.dr, NightSkyReadMe.hta8.1.dr, NightSkyReadMe.hta10.1.dr, NightSkyReadMe.hta159.1.dr, NightSkyReadMe.hta102.1.dr, NightSkyReadMe.hta20.1.dr, NightSkyReadMe.hta125.1.dr, NightSkyReadMe.hta46.1.dr, NightSkyReadMe.hta176.1.dr, NightSkyReadMe.hta198.1.dr, NightSkyReadMe.hta38.1.dr, NightSkyReadMe.hta147.1.dr, NightSkyReadMe.hta177.1.dr, NightSkyReadMe.hta89.1.dr, NightSkyReadMe.hta144.1.dr, NightSkyReadMe.hta219.1.dr, NightSkyReadMe.hta67.1.dr, NightSkyReadMe.hta40.1.dr, NightSkyReadMe.hta214.1.dr, NightSkyReadMe.hta43.1.dr, NightSkyReadMe.hta136.1.dr, NightSkyReadMe.hta150.1.dr, NightSkyReadMe.hta109.1.dr, NightSkyReadMe.hta21.1.dr, NightSkyReadMe.hta174.1.dr, NightSkyReadMe.hta205.1.dr, NightSkyReadMe.hta15.1.dr, NightSkyReadMe.hta47.1.dr, NightSkyReadMe.hta45.1.dr, NightSkyReadMe.hta101.1.dr, NightSkyReadMe.hta210.1.dr, NightSkyReadMe.hta74.1.dr, NightSkyReadMe.hta204.1.dr, NightSkyReadMe.hta99.1.dr, NightSkyReadMe.hta61.1.dr, NightSkyReadMe.hta26.1.dr, NightSkyReadMe.hta22.1.dr, NightSkyReadMe.hta224.1.dr, NightSkyReadMe.hta80.1.dr, NightSkyReadMe.hta41.1.dr, NightSkyReadMe.hta141.1.dr, NightSkyReadMe.hta86.1.dr, NightSkyReadMe.hta70.1.dr, NightSkyReadMe.hta53.1.dr, NightSkyReadMe.hta82.1.dr, NightSkyReadMe.hta172.1.dr, NightSkyReadMe.hta225.1.dr, NightSkyReadMe.hta171.1.dr, NightSkyReadMe.hta220.1.dr, NightSkyReadMe.hta209.1.dr, NightSkyReadMe.hta66.1.dr, NightSkyReadMe.hta90.1.dr, NightSkyReadMe.hta148.1.dr, NightSkyReadMe.hta83.1.dr, NightSkyReadMe.hta95.1.dr, NightSkyReadMe.hta194.1.dr, NightSkyReadMe.hta217.1.dr, NightSkyReadMe.hta123.1.dr, NightSkyReadMe.hta36.1.dr, NightSkyReadMe.hta106.1.dr, NightSkyReadMe.hta206.1.dr, NightSkyReadMe.hta114.1.dr, NightSkyReadMe.hta51.1.dr, NightSkyReadMe.hta161.1.dr, NightSkyReadMe.hta62.1.dr, NightSkyReadMe.hta18.1.dr, NightSkyReadMe.hta84.1.dr, NightSkyReadMe.hta128.1.dr, NightSkyReadMe.hta188.1.dr, NightSkyReadMe.hta31.1.dr, NightSkyReadMe.hta138.1.dr, NightSkyReadMe.hta91.1.dr, NightSkyReadMe.hta98.1.dr, NightSkyReadMe.hta164.1.dr, NightSkyReadMe.hta13.1.dr, NightSkyReadMe.hta44.1.dr, NightSkyReadMe.hta145.1.dr, NightSkyReadMe.hta1.1.dr, NightSkyReadMe.hta29.1.dr, NightSkyReadMe.hta200.1.dr, NightSkyReadMe.hta48.1.dr, NightSkyReadMe.hta152.1.dr, NightSkyReadMe.hta78.1.dr, NightSkyReadMe.hta7.1.dr, NightSkyReadMe.hta4.1.dr, NightSkyReadMe.hta107.1.dr, NightSkyReadMe.hta157.1.dr, NightSkyReadMe.hta191.1.dr, NightSkyReadMe.hta14.1.dr, NightSkyReadMe.hta94.1.dr, NightSkyReadMe.hta146.1.dr, NightSkyReadMe.hta12.1.dr, NightSkyReadMe.hta226.1.dr, NightSkyReadMe.hta187.1.dr, NightSkyReadMe.hta27.1.dr, NightSkyReadMe.hta49.1.dr, NightSkyReadMe.hta54.1.dr, NightSkyReadMe.hta108.1.dr, NightSkyReadMe.hta201.1.dr, NightSkyReadMe.hta35.1.dr, NightSkyReadMe.hta185.1.dr, NightSkyReadMe.hta24.1.dr, NightSkyReadMe.hta132.1.dr, NightSkyReadMe.hta195.1.dr, NightSkyReadMe.hta73.1.dr, NightSkyReadMe.hta212.1.dr, NightSkyReadMe.hta100.1.dr, NightSkyReadMe.hta60.1.dr, NightSkyReadMe.hta117.1.dr, NightSkyReadMe.hta118.1.dr, NightSkyReadMe.hta180.1.dr, NightSkyReadMe.hta129.1.dr, NightSkyReadMe.hta151.1.dr, NightSkyReadMe.hta105.1.dr, NightSkyReadMe.hta166.1.dr, NightSkyReadMe.hta76.1.dr, NightSkyReadMe.hta168.1.dr, NightSkyReadMe.hta2.1.dr, NightSkyReadMe.hta30.1.dr, NightSkyReadMe.hta170.1.dr, NightSkyReadMe.hta186.1.dr, NightSkyReadMe.hta28.1.dr, NightSkyReadMe.hta169.1.dr, NightSkyReadMe.hta120.1.dr, NightSkyReadMe.hta0.1.dr, NightSkyReadMe.hta190.1.dr, NightSkyReadMe.hta6.1.dr, NightSkyReadMe.hta181.1.dr, NightSkyReadMe.hta183.1.dr, NightSkyReadMe.hta116.1.dr, NightSkyReadMe.hta92.1.dr, NightSkyReadMe.hta182.1.dr, NightSkyReadMe.hta64.1.dr, NightSkyReadMe.hta131.1.dr, NightSkyReadMe.hta88.1.dr, NightSkyReadMe.hta23.1.dr, NightSkyReadMe.hta119.1.dr, NightSkyReadMe.hta165.1.dr, NightSkyReadMe.hta156.1.dr, NightSkyReadMe.hta143.1.dr, NightSkyReadMe.hta16.1.dr, NightSkyReadMe.hta193.1.dr, NightSkyReadMe.hta167.1.dr, NightSkyReadMe.hta122.1.dr, NightSkyReadMe.hta32.1.dr, NightSkyReadMe.hta42.1.dr, NightSkyReadMe.hta25.1.dr, NightSkyReadMe.hta63.1.dr, NightSkyReadMe.hta57.1.dr, NightSkyReadMe.hta153.1.dr, NightSkyReadMe.hta127.1.dr, NightSkyReadMe.hta81.1.dr, NightSkyReadMe.hta192.1.dr, NightSkyReadMe.hta96.1.dr, NightSkyReadMe.hta112.1.dr, NightSkyReadMe.hta104.1.dr, NightSkyReadMe.hta203.1.dr, NightSkyReadMe.hta137.1.dr, NightSkyReadMe.hta9.1.dr, NightSkyReadMe.hta197.1.dr, NightSkyReadMe.hta.1.dr, NightSkyReadMe.hta199.1.dr, NightSkyReadMe.hta178.1.dr, NightSkyReadMe.hta72.1.dr, NightSkyReadMe.hta215.1.dr, NightSkyReadMe.hta142.1.dr, NightSkyReadMe.hta223.1.dr, NightSkyReadMe.hta184.1.dr, NightSkyReadMe.hta213.1.dr, NightSkyReadMe.hta5.1.dr, NightSkyReadMe.hta158.1.dr, NightSkyReadMe.hta208.1.dr, NightSkyReadMe.hta11.1.dr, NightSkyReadMe.hta103.1.dr, NightSkyReadMe.hta216.1.dr, NightSkyReadMe.hta75.1.dr, NightSkyReadMe.hta189.1.dr, NightSkyReadMe.hta130.1.dr	String found in binary or memory: https://contact.nightsky.cyou
Source: NightSkyReadMe.hta130.1.dr	String found in binary or memory: https://www.youtube.com/watch?v=NpXEQHDOA5o

Source: C:\Users\user\Desktop\update.exe

File created: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\NightSkyReadMe.hta

Jump to behavior

Spam, unwanted Advertisements and Ransom Demands:

Yara detected NightSky Ransomware

Show sources

Source: Yara match

File source: Process Memory Space: update.exe PID: 6816, type: MEMORYSTR

Writes many files with high entropy

Show sources

Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.nightsky entropy: 7.99758303984	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL.nightsky entropy: 7.99924573464	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL.nightsky entropy: 7.99944873768	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.nightsky entropy: 7.99942317854	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.nightsky entropy: 7.99939603869	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL.nightsky entropy: 7.99930025017	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.nightsky entropy: 7.99923722209	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL.nightsky entropy: 7.99932600821	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.nightsky entropy: 7.9995534913	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL.nightsky entropy: 7.99922672816	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.nightsky entropy: 7.99923838276	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL.nightsky entropy: 7.99925007407	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL.nightsky entropy: 7.99943550396	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\Default\NTUSER.DAT.LOG1.nightsky entropy: 7.99706806402	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms.nightsky entropy: 7.99966605746	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf.nightsky entropy: 7.99738566194	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms.nightsky entropy: 7.99962398407	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\MMC\services.nightsky entropy: 7.99825527986	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl.nightsky entropy: 7.99449191571	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm.nightsky entropy: 7.99142066749	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.nightsky entropy: 7.99915794549	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.nightsky entropy: 7.99889689068	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.nightsky entropy: 7.99732764455	Jump to dropped file
Source: C:\Users\user\Desktop\update.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.nightsky entropy: 7.99373363134	Jump to dropped file

Modifies existing user documents (likely ransomware behavior)

Show sources

Source: C:\Users\user\Desktop\update.exe	File moved: C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.xlsx	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File moved: C:\Users\user\Desktop\PWCCAWLGRE\NVWZAPQSQL.jpg	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File moved: C:\Users\user\Desktop\QCFWYSKMHA\PWCCAWLGRE.xlsx	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File moved: C:\Users\user\Desktop\PWCCAWLGRE\PALRGUCVEH.mp3	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File moved: C:\Users\user\Desktop\BNAGMGSPLO.png	Jump to behavior

System Summary:

Creates HTA files

Show sources

Source: C:\Users\user\Desktop\update.exe

Jump to behavior

Source: C:\Users\user\Desktop\update.exe

Process Stats: CPU usage > 98%

Source: update.exe	Virustotal: Detection: 16%
Source: update.exe	ReversingLabs: Detection: 25%

Source: C:\Users\user\Desktop\update.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\update.exe "C:\Users\user\Desktop\update.exe"
Source: C:\Users\user\Desktop\update.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\update.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ad05575-8857-4850-9277-11b85bdb8e09}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6892:120:WilError_01
Source: C:\Users\user\Desktop\update.exe	Mutant created: \Sessions\1\BaseNamedObjects\tset123155465463213

Source: C:\Users\user\Desktop\update.exe

Jump to behavior

Source: classification engine

Classification label: mal84.rans.evad.winEXE@2/395@0/0

Source: C:\Users\user\Desktop\update.exe

File read: C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini

Jump to behavior

Source: update.exe

Static file information: File size 5945856 > 1048576

Source: update.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: update.exe

Static PE information: Raw size of .2fU2 is bigger than: 0x100000 < 0x5aa600

Source: update.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source: update.exe	Static PE information: section name: .2fU0
Source: update.exe	Static PE information: section name: .2fU1
Source: update.exe	Static PE information: section name: .2fU2

Source: initial sample

Static PE information: section where entry point is pointing to: .2fU2

Source: C:\Users\user\Desktop\update.exe	File created: C:\Documents and Settings\Default\Start Menu\Programs\NightSkyReadMe.hta	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File created: C:\Documents and Settings\Default\Start Menu\NightSkyReadMe.hta	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File created: C:\Documents and Settings\Default\Start Menu\Programs\Accessibility\NightSkyReadMe.hta	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File created: C:\Documents and Settings\Default\Start Menu\Programs\Accessories\NightSkyReadMe.hta	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File created: C:\Documents and Settings\Default\Start Menu\Programs\Maintenance\NightSkyReadMe.hta	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File created: C:\Documents and Settings\Default\Start Menu\Programs\System Tools\NightSkyReadMe.hta	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File created: C:\Documents and Settings\Default\Start Menu\Programs\Windows PowerShell\NightSkyReadMe.hta	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Show sources

Source: C:\Users\user\Desktop\update.exe	Memory written: PID: 6816 base: 7FFC8DE30008 value: E9 7B A9 EA FF			Jump to behavior
Source: C:\Users\user\Desktop\update.exe	Memory written: PID: 6816 base: 7FFC8DCDA980 value: E9 90 56 15 00			Jump to behavior

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\update.exe	RDTSC instruction interceptor: First address: 00007FF6F613C74C second address: 00007FF6F613C760 instructions: 0x00000000 rdtsc 0x00000002 inc ecx 0x00000003 movsx ebp, dx 0x00000006 inc ecx 0x00000007 pop ecx 0x00000008 dec ecx 0x00000009 movzx ebx, sp 0x0000000c inc ecx 0x0000000d setnbe bh 0x00000010 inc ecx 0x00000011 pop eax 0x00000012 dec eax 0x00000013 cdq 0x00000014 rdtsc
Source: C:\Users\user\Desktop\update.exe	RDTSC instruction interceptor: First address: 00007FF6F613D987 second address: 00007FF6F613D98B instructions: 0x00000000 rdtsc 0x00000002 inc ecx 0x00000003 pop edx 0x00000004 rdtsc

Potential thread-based time evasion detected

Show sources

Source: Initial file

Signature Results: Thread-based counter

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\update.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\update.exe	File opened: C:\Documents and Settings\Default\Local Settings\Application Data\	Jump to behavior

Source: update.exe, 00000001.00000002.589169775.0000020197490000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: update.exe, 00000001.00000002.589169775.0000020197490000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: update.exe, 00000001.00000002.589169775.0000020197490000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: update.exe, 00000001.00000002.589169775.0000020197490000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\update.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Registry Run Keys / Startup Folder1	Process Injection2	Process Injection2	Credential API Hooking1	Security Software Discovery2	Remote Services	Credential API Hooking1	Exfiltration Over Other Network Medium	Ingress Tool Transfer1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Data Encrypted for Impact1
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder1	Mshta1	LSASS Memory	Process Discovery2	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Information Discovery22	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
update.exe	16%	Virustotal		Browse
update.exe	26%	ReversingLabs	Win64.Ransomware.Encoder
update.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://contact.nightsky.cyou	0%	Virustotal		Browse
https://contact.nightsky.cyou	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://contact.nightsky.cyou	update.exe, 00000001.00000002.590857006.00007FF6F5EE9000.00000002.00020000.sdmp, NightSkyReadMe.hta79.1.dr, NightSkyReadMe.hta179.1.dr, NightSkyReadMe.hta162.1.dr, NightSkyReadMe.hta37.1.dr, NightSkyReadMe.hta113.1.dr, NightSkyReadMe.hta111.1.dr, NightSkyReadMe.hta221.1.dr, NightSkyReadMe.hta202.1.dr, NightSkyReadMe.hta59.1.dr, NightSkyReadMe.hta126.1.dr, NightSkyReadMe.hta173.1.dr, NightSkyReadMe.hta71.1.dr, NightSkyReadMe.hta69.1.dr, NightSkyReadMe.hta124.1.dr, NightSkyReadMe.hta19.1.dr, NightSkyReadMe.hta39.1.dr, NightSkyReadMe.hta56.1.dr, NightSkyReadMe.hta149.1.dr, NightSkyReadMe.hta121.1.dr, NightSkyReadMe.hta55.1.dr, NightSkyReadMe.hta97.1.dr, NightSkyReadMe.hta77.1.dr, NightSkyReadMe.hta211.1.dr, NightSkyReadMe.hta134.1.dr, NightSkyReadMe.hta87.1.dr, NightSkyReadMe.hta3.1.dr, NightSkyReadMe.hta68.1.dr, NightSkyReadMe.hta115.1.dr, NightSkyReadMe.hta222.1.dr, NightSkyReadMe.hta133.1.dr, NightSkyReadMe.hta218.1.dr, NightSkyReadMe.hta34.1.dr, NightSkyReadMe.hta8.1.dr, NightSkyReadMe.hta10.1.dr, NightSkyReadMe.hta159.1.dr, NightSkyReadMe.hta102.1.dr, NightSkyReadMe.hta20.1.dr, NightSkyReadMe.hta125.1.dr, NightSkyReadMe.hta46.1.dr, NightSkyReadMe.hta176.1.dr, NightSkyReadMe.hta198.1.dr, NightSkyReadMe.hta38.1.dr, NightSkyReadMe.hta147.1.dr, NightSkyReadMe.hta177.1.dr, NightSkyReadMe.hta89.1.dr, NightSkyReadMe.hta144.1.dr, NightSkyReadMe.hta219.1.dr, NightSkyReadMe.hta67.1.dr, NightSkyReadMe.hta40.1.dr, NightSkyReadMe.hta214.1.dr, NightSkyReadMe.hta43.1.dr, NightSkyReadMe.hta136.1.dr, NightSkyReadMe.hta150.1.dr, NightSkyReadMe.hta109.1.dr, NightSkyReadMe.hta21.1.dr, NightSkyReadMe.hta174.1.dr, NightSkyReadMe.hta205.1.dr, NightSkyReadMe.hta15.1.dr, NightSkyReadMe.hta47.1.dr, NightSkyReadMe.hta45.1.dr, NightSkyReadMe.hta101.1.dr, NightSkyReadMe.hta210.1.dr, NightSkyReadMe.hta74.1.dr, NightSkyReadMe.hta204.1.dr, NightSkyReadMe.hta99.1.dr, NightSkyReadMe.hta61.1.dr, NightSkyReadMe.hta26.1.dr, NightSkyReadMe.hta22.1.dr, NightSkyReadMe.hta224.1.dr, NightSkyReadMe.hta80.1.dr, NightSkyReadMe.hta41.1.dr, NightSkyReadMe.hta141.1.dr, NightSkyReadMe.hta86.1.dr, NightSkyReadMe.hta70.1.dr, NightSkyReadMe.hta53.1.dr, NightSkyReadMe.hta82.1.dr, NightSkyReadMe.hta172.1.dr, NightSkyReadMe.hta225.1.dr, NightSkyReadMe.hta171.1.dr, NightSkyReadMe.hta220.1.dr, NightSkyReadMe.hta209.1.dr, NightSkyReadMe.hta66.1.dr, NightSkyReadMe.hta90.1.dr, NightSkyReadMe.hta148.1.dr, NightSkyReadMe.hta83.1.dr, NightSkyReadMe.hta95.1.dr, NightSkyReadMe.hta194.1.dr, NightSkyReadMe.hta217.1.dr, NightSkyReadMe.hta123.1.dr, NightSkyReadMe.hta36.1.dr, NightSkyReadMe.hta106.1.dr, NightSkyReadMe.hta206.1.dr, NightSkyReadMe.hta114.1.dr, NightSkyReadMe.hta51.1.dr, NightSkyReadMe.hta161.1.dr, NightSkyReadMe.hta62.1.dr, NightSkyReadMe.hta18.1.dr, NightSkyReadMe.hta84.1.dr, NightSkyReadMe.hta128.1.dr, NightSkyReadMe.hta188.1.dr, NightSkyReadMe.hta31.1.dr, NightSkyReadMe.hta138.1.dr, NightSkyReadMe.hta91.1.dr, NightSkyReadMe.hta98.1.dr, NightSkyReadMe.hta164.1.dr, NightSkyReadMe.hta13.1.dr, NightSkyReadMe.hta44.1.dr, NightSkyReadMe.hta145.1.dr, NightSkyReadMe.hta1.1.dr, NightSkyReadMe.hta29.1.dr, NightSkyReadMe.hta200.1.dr, NightSkyReadMe.hta48.1.dr, NightSkyReadMe.hta152.1.dr, NightSkyReadMe.hta78.1.dr, NightSkyReadMe.hta7.1.dr, NightSkyReadMe.hta4.1.dr, NightSkyReadMe.hta107.1.dr, NightSkyReadMe.hta157.1.dr, NightSkyReadMe.hta191.1.dr, NightSkyReadMe.hta14.1.dr, NightSkyReadMe.hta94.1.dr, NightSkyReadMe.hta146.1.dr, NightSkyReadMe.hta12.1.dr, NightSkyReadMe.hta226.1.dr, NightSkyReadMe.hta187.1.dr, NightSkyReadMe.hta27.1.dr, NightSkyReadMe.hta49.1.dr, NightSkyReadMe.hta54.1.dr, NightSkyReadMe.hta108.1.dr, NightSkyReadMe.hta201.1.dr, NightSkyReadMe.hta35.1.dr, NightSkyReadMe.hta185.1.dr, NightSkyReadMe.hta24.1.dr, NightSkyReadMe.hta132.1.dr, NightSkyReadMe.hta195.1.dr, NightSkyReadMe.hta73.1.dr, NightSkyReadMe.hta212.1.dr, NightSkyReadMe.hta100.1.dr, NightSkyReadMe.hta60.1.dr, NightSkyReadMe.hta117.1.dr, NightSkyReadMe.hta118.1.dr, NightSkyReadMe.hta180.1.dr, NightSkyReadMe.hta129.1.dr, NightSkyReadMe.hta151.1.dr, NightSkyReadMe.hta105.1.dr, NightSkyReadMe.hta166.1.dr, NightSkyReadMe.hta76.1.dr, NightSkyReadMe.hta168.1.dr, NightSkyReadMe.hta2.1.dr, NightSkyReadMe.hta30.1.dr, NightSkyReadMe.hta170.1.dr, NightSkyReadMe.hta186.1.dr, NightSkyReadMe.hta28.1.dr, NightSkyReadMe.hta169.1.dr, NightSkyReadMe.hta120.1.dr, NightSkyReadMe.hta0.1.dr, NightSkyReadMe.hta190.1.dr, NightSkyReadMe.hta6.1.dr, NightSkyReadMe.hta181.1.dr, NightSkyReadMe.hta183.1.dr, NightSkyReadMe.hta116.1.dr, NightSkyReadMe.hta92.1.dr, NightSkyReadMe.hta182.1.dr, NightSkyReadMe.hta64.1.dr, NightSkyReadMe.hta131.1.dr, NightSkyReadMe.hta88.1.dr, NightSkyReadMe.hta23.1.dr, NightSkyReadMe.hta119.1.dr, NightSkyReadMe.hta165.1.dr, NightSkyReadMe.hta156.1.dr, NightSkyReadMe.hta143.1.dr, NightSkyReadMe.hta16.1.dr, NightSkyReadMe.hta193.1.dr, NightSkyReadMe.hta167.1.dr, NightSkyReadMe.hta122.1.dr, NightSkyReadMe.hta32.1.dr, NightSkyReadMe.hta42.1.dr, NightSkyReadMe.hta25.1.dr, NightSkyReadMe.hta63.1.dr, NightSkyReadMe.hta57.1.dr, NightSkyReadMe.hta153.1.dr, NightSkyReadMe.hta127.1.dr, NightSkyReadMe.hta81.1.dr, NightSkyReadMe.hta192.1.dr, NightSkyReadMe.hta96.1.dr, NightSkyReadMe.hta112.1.dr, NightSkyReadMe.hta104.1.dr, NightSkyReadMe.hta203.1.dr, NightSkyReadMe.hta137.1.dr, NightSkyReadMe.hta9.1.dr, NightSkyReadMe.hta197.1.dr, NightSkyReadMe.hta.1.dr, NightSkyReadMe.hta199.1.dr, NightSkyReadMe.hta178.1.dr, NightSkyReadMe.hta72.1.dr, NightSkyReadMe.hta215.1.dr, NightSkyReadMe.hta142.1.dr, NightSkyReadMe.hta223.1.dr, NightSkyReadMe.hta184.1.dr, NightSkyReadMe.hta213.1.dr, NightSkyReadMe.hta5.1.dr, NightSkyReadMe.hta158.1.dr, NightSkyReadMe.hta208.1.dr, NightSkyReadMe.hta11.1.dr, NightSkyReadMe.hta103.1.dr, NightSkyReadMe.hta216.1.dr, NightSkyReadMe.hta75.1.dr, NightSkyReadMe.hta189.1.dr, NightSkyReadMe.hta130.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.youtube.com/watch?v=NpXEQHDOA5o	NightSkyReadMe.hta130.1.dr	false		high

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	548777
Start date:	06.01.2022
Start time:	14:00:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	update.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.rans.evad.winEXE@2/395@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 100% (good quality ratio 50%) Quality average: 13% Quality standard deviation: 13%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.190.151.134, 20.190.151.7, 20.190.151.67, 20.190.151.6, 20.190.151.131, 20.190.151.132, 20.190.151.70, 20.190.151.68, 20.189.173.22, 20.54.110.249, 40.91.112.76 Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, www.tm.lg.prod.aadmsa.akadns.net, onedsblobprdwus17.westus.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, www.tm.a.prd.aadg.akadns.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, login.msa.msidentity.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Execution Graph export aborted for target update.exe, PID 6816 because there are no executed function Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v2.0_32\UsageLogs\nightskyreadme.hta.nightsky (copy) Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2656
Entropy (8bit):	7.927851689192232
Encrypted:	false
SSDEEP:	48:ZgttOTHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:DzDvXbzQnX/QxgSvrTuZmGhO
MD5:	8B8DEF34B7E36F9315807F474684B79F
SHA1:	82DEB2312D0071D5ED397EE2AA141E03AE7CF7A1
SHA-256:	DB8EEC95D53E016DB1A313F7C5F44EAD8904F9E9D6E94858698A81694CE8D696
SHA-512:	4DDD462792D3452B91CAAC550625A7B7C224637C9B70253163DCD7127706E743F0F1051F82811929C825187D77CEA1DAAD3E53AD60EB2397667E70330E08E7B9
Malicious:	false
Reputation:	low
Preview:	.....[..?.......w.........bM.+.....GY.+.z....]Fej..f:..?.E.v..h.u...08.8)...P.....................k......I&..Z..['.7.g.\|w.e.p............\.........\&.!...3....n.....0;.....H(M..Z.E..I.q.^..ff.%."..c.......%.!~.4....tMX.Y..jY.}.0.A..h.....@....E?.A..NW."...`.....E_[Z..'.a&...tA4.....J/...J..q9+..B...0LO.''..Z.'!8IJ..f.....D........g....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L

C:\Users\Default\AppData\Local\Microsoft\Windows\History\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Local\Temp\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.920179044552139
Encrypted:	false
SSDEEP:	48:jWE9sLtF6HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:EXkzDvXbzQnX/QxgSvrTuZmGhO
MD5:	B54ECBFA15F4D5C3FCADF7CE5AC81E1E
SHA1:	C726D310AAF17809DFE9E88F71C0BFED41289873
SHA-256:	D501E11499A04FD9FF6DA89B793D7E320B80F87B15993CA89ACA44AE14C40EBF
SHA-512:	0718D83534F7411372C3DC4360C1A8EC85059184BA39C7F34C314CBD48B2258FB5A5F6B1B9DC85B3C427C52DBB295AFC4AB205F221B836DAE412E343A50FD50B
Malicious:	false
Preview:	.L.n&..:.......d................:.$......a.<.SW..M..(fIh....@n..`....g.0........G-.I.6...5.I...7..9...r.$..C.S.E...U%.Q..j....B T9OU......l...wPS=@..m.(....A..N......;.^....w..~......>.n}...z2.I.n..\|^a...5f.[.....y.....C4u.5.I.o..Ir............p.)KO.{.. .\.^#.f9~...G...j.\....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.925672373943206
Encrypted:	false
SSDEEP:	48:0x24JddK0HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:424bkGzDvXbzQnX/QxgSvrTuZmGhO
MD5:	BD6D6EC1E7DFAF756FC1DFF4D4908D33
SHA1:	F0BC3F32A77DEAB6D9787EE934225121F6A54C37
SHA-256:	C15E912E76D1269F8E5E7AB2957913C10D40B374B98D435D448689EFF0F22D9F
SHA-512:	8F9D4C283392432529E39FF510819C1FA4D5AB866A986586C42AF64E3227206BD059C658CF99F94D7000835BCAB25EB11C969FFD420D4FCC39D753B0DF95A57C
Malicious:	false
Preview:	../,.3.%W.@.....................@%7..W;._...........'/..g.)Xs.VE..C.K....D".c..=.......,...%.]}.=.WA..I......w..-.0.)..C1G.....3..r...j\8...!9....q.}Zn..;.&....{...3.A.F....1.s.....%....OQ.A?8L:....>..W..5.d......v@....o.u.5.W.....Et..g.UH..-.-q.......6u.h......k.Y..E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3696
Entropy (8bit):	7.9478489205869876
Encrypted:	false
SSDEEP:	96:cedQdJM6kuMieL4bXzDvXbzQnX/QxgSvrTuZmGhO:cedue6tpLzDvXbzSPQxgSvv0s
MD5:	541D3467520D2C13B2ED74A01E69B40B
SHA1:	561110B5485721444EEF2340CC4DF6206530EA99
SHA-256:	F0854554127609CA46731A27DF94B843F584804D182BFE84CBC528D384FEF9FC
SHA-512:	EB15C720143FA7A39C8E55906BF0D034B6BB7BC3F1EF6924DE2C5EF0F5386B30698527329739AE633155618C16FE38D41746E180F755AEA4994B6D8F50582716
Malicious:	false
Preview:	......%ul....@m.F..<..\|.......8X...8.S+r..=.jcRx..=3z5..{.......H...&._...U..S..l.....\|H...P..B.C.@...hk..`..Un...Z.K.\|..~.6.j....~%a..M...kZ.yD.>..m....R.y....0..9.`=[.0M.+.o...I%F-.._}<RS.^-......<..5..$>?.CafZ..s....\|C'......}=..n.[..(.S]"S...9.G..T\|..>7....>.+.D.A#..5C...r..x..t.....:.-sG..`.,..Y^.\|Q.h.&.^...C....".[.;Go..f.d.b.n.....Q{;7.....6B..!;...M.wb..W.wA..v..1J...[A....B.:.\[.....K..Z.........p.M.o"b..h...[....u.."-.oF.2wn&,...X.G%....G.C..Y..i...+q..bm.G..R.%.z.w....3.......q..........T.p..Y...<..6s....X....3.5..\|..e..t.WB..d<\..2u..]m..8}Z.bw....N...I.........P=...F.....e..d&....;...b!.B.j.....x..t..?..>....l!:d.7.;....3.....drH.%d.-:&.....m......Sh...E.........N./.r.+x.......S..$.E.y>..&..i.._.C'z.......c.e......D3.4.o).um.h.!..V..`L.r.....v.b<....`>...G.@1.P.e~..OW`..iy.......?eZ...P.x.K\A..].R.......?...Z..AE..E.0o...#...%6.......[.5.g.*..2..;[.j.6=..;.%.6(.y%..G....\|.U#x..@Y>aj..c\|..W.z.'.4.....P.\| ......Cd.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.925398938659005
Encrypted:	false
SSDEEP:	48:JTNWHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:czDvXbzQnX/QxgSvrTuZmGhO
MD5:	9DBBED90E3BD35F8D96D23D76E360D10
SHA1:	DE5B46CE776B6D01E12B5E1824894B4FC3FF62CF
SHA-256:	FE012F2054DAC8A094EBBC65B51AAF7A479C076E38185B57B315354C0006DAB2
SHA-512:	458FBCE4F1F3EB3454904EDFD1F76F31BBEF8D675AA6456A790BB3610C9DC1E1AB1EEC58CF499FC03A8E9970E44594AFD46E3D5DF2276D28438BD2EFF4CB6D5C
Malicious:	false
Preview:	..w..z;......N.................4...C....l...o=..W.s...K..P.d...y.B........O.........&.&.\|Kf.p....U..E:_..[....~...u-U+o.....1I.,..]W.32...k.JKk...R...G....-n..`..u.W.@..su\|D...o.....^..d.....)3.jP.......-......Y.uU&`.4....l.X..-b..en..=E......A......-...HR]i.....3..E`$N......E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	3696
Entropy (8bit):	7.955048089977122
Encrypted:	false
SSDEEP:	96:j656Iq4evVmmlf/WhzDvXbzQnX/QxgSvrTuZmGhO:jdmevVmm5/WhzDvXbzSPQxgSvv0s
MD5:	CE1379AE4F02DC3DB851F1C088E256EA
SHA1:	A9912B391BA0AF1523A71C98F164CE69F3828DD3
SHA-256:	5F479F31FD70EAA460E6F1032C00AD9D4FF1E19D6606CCD25A404E7E47A77158
SHA-512:	041CE0FD72FDC0901062609FC599AB4D5EB58279FECA05317A62BBE1C54EB841D747990352F3835E8EF1E6AB6CA077404CD4B7269EA3C8E6158C5A1B77105C53
Malicious:	false
Preview:	.g].%f...h....b.....L.....%....9..c..-.i.;t.Z....`^.W.t62D.v......"[.....~$..!.t.LH..m@..4.R%.~......B..(^.D.r...k.H]......{e,{K. .7a]....7...a ..I1.........>H3..Z........f3.lVFt.(\s....MF..Y.........T.[.0(].bB.......[%..8M........z]..o....Ct.+;(k..!.1.JM.Mi.................0......v5...r%........B..4M....:E.s._.w2.L...m.d......K..N....<\...D@ 8F'z%.B].&.K...{t.s..hr./...`.5Q....]....8.).>...\`....u.5.....6.Dy.'.{W......c.lq4}w...........,{".v.3$2..-.......[...z.....qG.w).....5.{PkX..K..0...iG..3.....8...\.smM#3.5.g..R.k&...../.h.]....3...6.age....I...a?."..0.t....~......h.e..)t.....zPqhb...u....y.V....{,.n}W......I.(....1.O.;.<.\..r-S.i20....HXS.Dgne.AZ0..4+.+.i.fc........m4F.P........u*....%r...\t]..W...^..........r....O..c..P.;.........\AT.f.m..oU..Xsz.kQwUG.R..!...Y....t.r..!...g...8.D.........M.V~e.\|.-.M.d&......._.R....+=6..\0.?q!..xi.\|...$.<...bI1...\|.=M..AZ.{\|N...c0...U...bd.....^%W.....!\V...X..No.ZQo..MG.......

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3696
Entropy (8bit):	7.9447838217873485
Encrypted:	false
SSDEEP:	96:ia3WENVPyozDvXbzQnX/QxgSvrTuZmGhO:iEWKVTzDvXbzSPQxgSvv0s
MD5:	9F35E19DC2E91B6DE7D26A89256DDED0
SHA1:	7A79B6AADD6B8EAD7DBA8E9BC06B0D40A2F37755
SHA-256:	45040FFC834183FF005F739F3CEF5796320322A39ED2B6E5F6BD3F2548C0A2FC
SHA-512:	3410D38DB058A2FC11BDDE3DD6050FE0123D0CBFF15D6806FDBBBC979CA78B39C6CDDE1CAEE99DC0C6D3718CB556BDE2EAA242F1F1AB80D1133AD1DE479B0626
Malicious:	false
Preview:	..5..."Ej......dt.......5t......l..zJ&......Vd.r.>..j......@...@.... ........E......x..R.O.F.a.n....Pg..}C.b.>.."=...Kk.qV....4.@...!3W.@m..8.0V.(wp.^.L0k..c.-....~.+...)">...@.....R.<...)G.".....7x.!.m?..m....dr...=a2t......~...=.3.m.:zR..,...?.{..=.4.oY....6-..\..o.....z..x..3HM>.;E. e..Xw....h.A....7!..n=..N+7'....N.H.b1...w....5g......-..................&y~..52..k....Dc6gRj5...v/..........^}......[P.B.>=#..2.2..8.I..!..^........K=..^x.X.~E..l+l3..K.......a.=...d...8D+i...B.....Wt[..s...~.G...-oj.C)h...u&.&_q..Ya.Q.W.e...#..\|..@.{..'...\p.X3.h..RM...~.UL.d."..+A...C..5o...#,)..,..s.!.Qn........5....G..?.p.....m.....6W...][.2;.gV...DH..m..n.....d....b..p.l.Q.?.......k....c.R.c.7=Z.....e.......).9.. 7.L^..z......Z..]....s.;.H.n..Q...#..'~....}.4 ..DN(..&;}7....n.Q<.../<}.....m..P..5.....XR.v..Y..B.+...1....>M9....82.&....F..!4...q..\).....3..UQ...s.....4.xC.O............`..d..us....w.4..$ ....=)M..0....A.).. ...l.J.n......%...

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3696
Entropy (8bit):	7.94939062787691
Encrypted:	false
SSDEEP:	96:x+PnLTh4OfgoAFkzDvXbzQnX/QxgSvrTuZmGhO:xYnLNrVzDvXbzSPQxgSvv0s
MD5:	46D7C67526D24F3B41F99DB9FC09BE46
SHA1:	5F4C3DA3C7FAF475687F5F4166EDF2D09D0F7352
SHA-256:	1AF2CEBE02008CEBC3D4DABF963D3B813F6BE2EB1E810BFECA001EA11449B0D6
SHA-512:	B243AC2A1D2C0712AC0FFCC40FA90FE88359F41CBC598A4BAC97232F62E73EA0290D618D91100A7FE4C0CD61F9DCB7E23B486F44B29E2BC82F75D9BCA06A5F59
Malicious:	false
Preview:	-......I>.M6<{..\|?..p..4I..M.mD.T.;..<6....bz5KA.A.?0S`......I...{....D...5.Y.^U............:.o.Cy0 .C.......Z.c.6..fq...3.....H.1L...q.'.8.0.t....S.!...jX.h.e.MB..Go..nm....O.a1.[Py..'.jy.=.@....Q....2:....e....a.~....o..".F.V..l..UX.\|...L..b.M..,..2y..?<.0a.......BfeH....q...J~.....!.M.zCI...c#...#....H..Urh.wo.x.E.N.D.7k.C........~.....q....1.=/1.''Rw..-.C..O..+y(.{RtK..Ap).e..a...3R....jq.s.........G.v..G(..X...Cou..N...c.f..P.YMIf...C.1. .`d.t[.~QWkF...ud.o.)u!.0cn......L..-".\|.i..bj...=.;..m..0.G..Ts.. ../..(.... .=.O@:.f..jDG..p....<'...a..4Tc.O...#U....WG_.y49z..R..!..J....Dq'I....61Qt..q.T.$\|.1)..bz.._.!...H.'..b0F.p@a~......c2y$].T1.=.....4..#Pe.....%.B.Cd..2{.y5...z...........`i........)k..e.I.{.U......1.Kq.FB+2.."..j-.IG.h......^....N.p.c..b..T..",..9.s..."....;.3`a..,..q...8}.Q:..P.....L.=~".T'..4..'dFo.....y........2.'..u..?..o.vo~.....{....X....F.y.<>F...CKQIa.$.J._$b_...];..;....O.{m...:ZE)......E0w4."..ir..JD...\tG..

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3744
Entropy (8bit):	7.944220512940519
Encrypted:	false
SSDEEP:	96:oZ5DiDW4R0e1zzDvXbzQnX/QxgSvrTuZmGhO:2DR4hzzDvXbzSPQxgSvv0s
MD5:	61EDE7CECBE11057C06C5CE12C0D2901
SHA1:	95C21E7FF0E689711299BFA14711F72B9DF0B264
SHA-256:	AD14AFC7C13DDF8E3004E6939C03E7475F34C18899BD3A63D582A2C7ACA488F1
SHA-512:	33284AAB4C2D7F6A265EF801510300BC963CE0655A28A3B8F2E3D4D27C597A7BAF12189BC0206E9ADDEDBB1C8B70EBE19ABB9D557F22876910349C3A0F73B3C7
Malicious:	false
Preview:	...K..T...~.}...0........dt.7\.G.U....v.j.je'..5.6G...y;.f?.L......O<)X........I.s..X.?NF3+).dw....n.T....D..W.0....;...r......$~..V.........E...Q..;%\|..j@.A.dG..u_.q4.k?.8.).sM....T.......m..j.vn.#l(.r.Q..i.Hz ...?O..fCpM..[..HX.F..Mpw....5.&.RiU.....p{&Kk'p.]..3k_...0=..t..s..D.......j(...0...M.%..J.\.x..^"...q..8.3.H.$..@...j...c...W$.._....Flo>..x0..h.....ek...f.>...9O.Y...+...E.Wd.3...:..q....pch.y.....@..3<v.(...78..Z,=.V..q.U....T.Nn;^.5.D..YkewQ..zr_..@'J .h.<=...a.B.F.B.}.....d.b..F.92u(..e.....9w.jEMD0G.8Oi..l..EX?.....C.P...w..J.r..v...=.\jTT..l.y.M......)..G...2..V....4 h......%..9..............=.<...@....7.Q...VV$...%...,...Hrc..................)u..g...G.D..r97....Ex.x....GT:..Q)\..;.Bp..N......r...N.6....G.Uf.;..K.1.[...-..Z;.q..<.q]....~"!"..\..g....F....=...&..mN...!v-........8.UH.../U..............l....X...eE....=.h.*.+..]...!...... .......$H.........u(...ZJv..$.)0.il..O...l..&.j..%...p..uu......e.2..........6.:.s.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3728
Entropy (8bit):	7.95198727216314
Encrypted:	false
SSDEEP:	96:+0ZQcKX6l5jYUHkLwzDvXbzQnX/QxgSvrTuZmGhO:+0C2XjYHwzDvXbzSPQxgSvv0s
MD5:	ED859E005A192EEDAFCF1DCC0B31D2A2
SHA1:	6A75516C8CF8E9AB03F59FBAACBAC8B038C87BFB
SHA-256:	0D80284C2D25E2798751F9CAB14635A588E15041A721BDB40A890B2907CDDC1C
SHA-512:	FF3D520FB9D3301A8BB69A5F370BC3DE4DD69F38BD9DB83AD92FF6F4CD6C89D74E83493777F044B3085DE69A10373EFFAD1800FC42604C05D88036D8E56FB0D2
Malicious:	false
Preview:	...T.b.....:o.q.J..w...NI...&'.9..@`@.Il..~.....^.$.....r..Ky.E.Z.Q....E..z....'....U......8.W..T.U.~,..{......v...?B.Vm.kJ..+...P}.6..ouA-....]@:.e."k.,....nW..>..Z.8....#..7Gvh.=.0D....J.B(.+z&$ ..y-.....K.s......X8....[.........$.8...c4...L.....UI...VV..$W...Z.9R../1.K...\>.?.4..[}f..Dd..jid^..d7}.k...J..!#v.)<c...o...zp...A..'K....8(.]8=.n[v.7.^.p.,.j.P....B)j..`..?.m\....bT...&..43..Y%E.C...Jd\|...=5...q.3@..??k...I.#.&..3......7...Ft.2H.r...)....3c..e..s.l.Cc.h..iW..+\w^.,....%..)...\..3...].L..Syu".$.M.J(:e.........l7..6...{4....}K.......].2.@............uR$......-/.b.?....L)...;....Dk.D2B`.dC0....G-.$$..2c...k.or....j..w.D)qP."...v.,).".# d.....+0m.a..M7.E..a....-..I?=1..z.1.M...8......i_C...@Nr>...c...].r.z.(.....".p..b1aZ.j~l.Z%I..9..,p._.3.p.?.P..s <.6......&v[.;..T..2......n..b-....Tu(Xla1.-[.....@6O...1..t..?.~G..&....C.z.. -...Y...k~..m?.%}<.e..v1.A..*..%iWe...EZc.s..WU....9_...#H.Q:`O..&..;..4...CN.M$.ZP".......

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2992
Entropy (8bit):	7.932768411541491
Encrypted:	false
SSDEEP:	48:tWjaGBBkqyVkqSJJHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:JGBmqLHzDvXbzQnX/QxgSvrTuZmGhO
MD5:	07722B000D13E18A01D539D6AAD37537
SHA1:	4C80F6F6BF2747D3DCD7AE6300357E22C6944A86
SHA-256:	546E13568FC8690486E0CC6EF04A492DFF4D2D2E9F47B750003C9F5DCB7B67CE
SHA-512:	D9EDEF67C26EFF50317B4999C0CD4824ED255A800FB9F39EC9AD303BD0458F942F2AFB1A69BF0701581AE80AF36C4B5ADF9373FE0CDC76AF9983320F55F35DF0
Malicious:	false
Preview:	..XzHX....m..Af^..2..L{5f4...y+.0&...g9..{.A.0S..-q...'a./....D.....n..'.O.....(..ht..9Nr..L.X..%..o.O...X.\...Kk_.0...V..<.s.F'.Jja...t.....\|Ov.d..U.\|%..~n.i........j....&V.ZiH...O.....g....K..6..S3.7[......g!.....#X..Q.!..M...I...%o...n%.8j9...+...1....v......x...+f...d..@um ;H... ....c......`..eY.....u..G.]....v8..x.....d.4n..L0#..r.]K.C.6.g...5...N...;..I......;..eKv.%..@..r.,.=..y.x..................r..%g.....^.]....&ou.{4.h..H+5..2k....+.^....~c......_'.h.Re....EK.......!~5c......;..M....#...s....Vo.h......6....II..}..2..s....,.v..V.i...4.....4D. w..!...n..j 6.a.@..!.G.B.B.T.0Y.....{...{.....@M...@...]..Q....8w.....Z./...K..,k...........E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s*.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2992
Entropy (8bit):	7.934472976557603
Encrypted:	false
SSDEEP:	48:OnosfRVng9ZqETDjOuETMXxeSlFGHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiG:OJVng9zt9lyzDvXbzQnX/QxgSvrTuZmh
MD5:	9CDA1855D0FF9B8ED3D70FE2C6CA1D5A
SHA1:	FBB8071D876B0108A37391EAE6C2B6E6D240FE96
SHA-256:	50B4E98785D5032BB6DED003BC65A2992390BDD95A21567BB228B137D76711D9
SHA-512:	06B438D41F5B470FBD0377C3FF85B75C36A5D1D3DE66B4A0AA5C2D5E17BC1A5985C1014CE3D18699DF099ADAAF81C49E5D8E2C8B8DEF4F1C49E650DDC8B99E07
Malicious:	false
Preview:	x.40V._].j..z.....` ....T.,.B..P..,...a.....OQn[...DnP...TXK."[.$-..O;.(....b.^.........C.3w..Dh>...:m."=j..U..xP.t......STQ./.."..5..~s.]..6...tbG..=.......\|.oT..n.;\|.s...w.}...5..Q..m..J..r.#B.I.......&..`)...U.]SM:..i.TP..7.#..O....!.C.......;....T.`M..4Ppo..g.>`.t....q...E......N....v;^.D44.........a..F..l..%..^..p.s2....$...)...}~....sJ..c@!......x.Q...7i..<3..a?9m..1.R......bs......................-...c..z.R...@..OO.(....H3... _\|Z.b.9..d>......c......K..ry.z&ZV....Z)T.lS..3.)...5p....i.vZ......P.\|...G.^>..8..[u.(.rX...l...6...]..87..1.z.-.....y..IL0>.2....P.U.uk.p.......ae.%~..bB....Y..L7..k.\|.g.. .[Y.p....,...Zq....WEv...\1.8$....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2992
Entropy (8bit):	7.938699525807097
Encrypted:	false
SSDEEP:	48:aK/2iEAdwe/OARwHrWMiRREHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hO:gnW/lUrWMiRRWzDvXbzQnX/QxgSvrTuw
MD5:	38D3EAD5B869DAC83D2E51828047D3A6
SHA1:	242EF18C4ACF9FB261E4025BA5A0F9A8729EB2EA
SHA-256:	708B04B35C59C9D6A88D9E53E4B4423DBBE7C13E1C471984F384389F9B56CBB2
SHA-512:	C3F8C2D58603FB8A89F7B58790424B2C0A919075E45A55F4AEC41C75486EBEE1BF13F68F9FD1E16548AE55880D3BF57A4EF45DA496A4734F42E9E3A433CF53EC
Malicious:	false
Preview:	..\|P.p:..-Y....WyAe...Hxl".....`.9..Z...x...(...e...Y#......Q.....&\=M.e./!.(.aD...N.M...RN/}aY...K..;...[?eb ..4Z..[.S.+.!...[Stu..L.;Qs....s,Sg... K....."."........V.$^."..`!...../...1...gN.7\|.&.(D...s......6..@....8q4u....v.#.....r&.=....b.1.q.....yNf.cLdef3..r.0.'.r.B3.......H...C..X.6...P..t..J......#.t. .w3.}...&6..].w..F..,B.kh=........h".,......B.!.}Y.4'..3.{?...C?....%...<.....,i................4.g....&Q...{<..OK./6.....5.i.&.tL...t1p..wo.~..H1...F./....f.A........=.4.....l2..3..$..RB.....(.;.J....I.....!......w....yEIC.Q'k....1Vq<..... Y3....=z1I..J..q..0.e..P....].>"....dbtM9ti..r...T...........0...0...S.jB....\|.}j........o.F......E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2912
Entropy (8bit):	7.936128814941727
Encrypted:	false
SSDEEP:	48:1g2hMaOv9LHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:+oKzzDvXbzQnX/QxgSvrTuZmGhO
MD5:	6F6D40CA42BE80AFF1041311BE00E8F9
SHA1:	49EAFF6127908464CEBD4C0FE4320A035176627B
SHA-256:	3BDC07A5F7E79C376B6A01F9EF76CDEE63FCD8FE5E69C55E1A8693B06AB9D0B1
SHA-512:	170716AD97CD519D44DD393D26CACDBABEFD2C58802E309B8569C9A35A5AFC6B55840DDEFCA9B5DAF9D978FDB24A569E50F7E055165C919BE41BC0CEB6BC52D2
Malicious:	false
Preview:	...f...t..5...3lmwG.....<>>.....&.)4..(...8....g.0H.+.(..Z.e..M.L....5.^........!.$h...o+.D.$:..I."..yM.F.T..r8......@..916>,=.`-.x.j2.,.........".. ..@..p..N.o...JY...3..Z....:....?i..H.I............6.....x..-?..%4F.;G.a$..S....K.Y<...m..S..A..B...E.T_...d.'..4...d..5.n.T....y.VJ.g'......H.Bs...._..H.....r......,wS.Q..O.................`.E.<.......-......k..`.g..]w...h`....G.8..7W#......[..f....z~v..:..z..M.WA.d...8.z.......MIv.......e............s.M_...x!W[..qa....'....+.f".m7.....B.e...AV...........tk24...6......HB^.[..MCQ;I.~ 5..{....2Q.e.@~O?....m.1:W..H...q...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s*.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	5072
Entropy (8bit):	7.959043941373925
Encrypted:	false
SSDEEP:	96:gsKAYU3DO5WFaOqarEGweX5QDBxnw/dZzDvXbzQnX/QxgSvrTuZmGhO:gsKAYM/F5weX+DBxwlZzDvXbzSPQxgSn
MD5:	18B2F5AA7F4A72E0B81208363F092F69
SHA1:	D9705ED06B0C418CCE09E686B7A263CF8AE4DD87
SHA-256:	83F45722534C0D3D9D0A768BCC375CA9DE02DF87E0F19B65EA1BFF59F881B86E
SHA-512:	59CA0AA1C90867AE87FBA57A3B2E73BBC6CD4FC730FA1370BF419F05E01A98D47D465901187618A06DC17DE17E71046B367777E22C8EF322B2DB36283B6CEA06
Malicious:	false
Preview:	.KU...E.4...u.b..g.....6..\|.i..SI:e.R.. .o..(.(.Jw.8..p.s......j.%....6~..r.C.h.......N\|...... .8.;. /....I..Y..p..H..C..D4l....Y.....Xt....B1.g{.y...j\|p8.....p....;.?2J.w...k.3.%[...2.N<.].....=o.....J.H.W.1......X.. .a.......>.....%.n.#......D.Q.^...v.e..O....`SuH~4..8.t..m....Y.o..W..rn..9..L..0....F.9...%......;....@u...........9_..B;.n..m.0"..\.;..m.ve..W3m.5..?.q.EwT.....i{....A..IC9%.....\|0...lA..x(..x..z.%...$3[...X....M..baLv?P..L.....j..Z.5.QnJ,..&$...............m~...Z.Vy.b..L.......k......xR...@Y..V5......G..<b...fE.(n...o..+cAy}`~<.i..W.)-....;...@.\X.Njk..>..`.L..l.mDq..K..R.WO....Z ........7.XQ......n}D:C..&.........#]...+..`........f}..o.+.Q.........+J^ssi....Hj...X...~.....b.............3..w........'C.sd...Q..T.+:o+S.d+?p.T.B.\D.Q.........@D..L.J.;..*...Wi..(..R0..!.......y..g....V<.w?..s@/.7.(...u...u.O..........Xt[2w..<.k/7.....0.S.r......D...:.P...__..o.l$K.^X."O.RX........>$!.`....!]...<..0e..+.T...Ao.8.`&..>.,}p

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3856
Entropy (8bit):	7.950442755505941
Encrypted:	false
SSDEEP:	96:uz2cEN8FH2XzDvXbzQnX/QxgSvrTuZmGhO:q2cEN8kXzDvXbzSPQxgSvv0s
MD5:	5BE4D954A8C1E22D1A43344236E37B65
SHA1:	21D7749E6119E6731EC07C6AB8175806A36623FB
SHA-256:	50B91F11A9A93B5CE381C88A7E3CCF51F5B67562945FFDD3A76C7DE07EA52F47
SHA-512:	9B1DD13FE98DC55B0D0F84FCBC97BF363A40B9073E78D204FBE98483131AF4E7913667A6FA393FBDA2B461302EAFFCDDF484A20F68774C30A51AE508EA0063EB
Malicious:	false
Preview:	n8....o0SY.ya..`..ht.....F./..ZV...'_.......F.N..-..d....i..q.-cNi.?.L}..}..........\W).d...7..-7.....v......9...o...n...y.9M......X.'....q.ib.j.".h.Nq..ck.J.:..h.c,X.T{b~....\-.........7.....g3.....8%.VB..2.....T...T.?s..M.).~j..S....t..\=.\|.k.S..,..i.}../L(.z..o..;1..R`.'...........TM..Sp...?E._.Bh.Q....Fn.I...~....Ay..Z..5...r..:..~h.=..#.x.C/...d(..\. e{Q.6#......iJ.<Q........"......4.gw..`1...\|[.O..D....e.._.=s.e.J.....z.7....&....4.Xe...jh.DX.....y.TEB..0f......=s0.D...\.q....A.\....I... }./..}..{.`._x.E.;..@.x..'.It..`<k:Sj....Q.G-Y..b.3?....(egHi....\|\|y.@....09.`_.....9...D..u.c..e~......Z........s}....]3F.k...........d@..b......_.2..Q..Q....C..[..e...T.hNu].t.p..g....q..$'1.....Y..pr.>. ..I...t...S_29...W'q..U.........\.k......*..{..w/9..'...Y.u..{L..D\.....&.7..S.x.}. :..^...~R.$...Y4..o.....1..".d....s....A.V>.8.M.......J...}...A5.#.....1.ay<..gI...el.f.G>_tb..cm.g...kx R".N..51....y....l.O...O..C........-...

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3856
Entropy (8bit):	7.950337124976281
Encrypted:	false
SSDEEP:	96:HqwiSNbKByybWbMyWNwzDvXbzQnX/QxgSvrTuZmGhO:Hh+ByybcxzDvXbzSPQxgSvv0s
MD5:	ED28EFAABA79ABF5DBA0B7CE5EF92B37
SHA1:	7C70F1359DC7F73F5B2F4106EEC0E93D987286F4
SHA-256:	35A371C18A2F6221ECEEBC076C48FFD08811316F85674720AB77557C06DAE4D6
SHA-512:	C063267EEE0D8D2242486237E0C543D780824598852C1B32AEAEB71B80A204E3633B939798E16659E24E7F113A0D5A00236BDD3545E79873EA42CB51FF4159A7
Malicious:	false
Preview:	.y...)..6.......e.f...4x...CT....5<.M..2:...>P;.?p....~.f.......c...........D...2.S].R{..Q?........De...H.A.+...r.v./Y.[,.z..}...."....WU...r9..Gx.........$..Rv..r..Nm.Dck....d`.....B..v..4.`....Q.(j2;.......:.L.q`:.....W4<..k.......b...G.m.....\ ...?{..<..N.a...6y.......AEqw.5.6..W..8e......<(g..k...}.p.U..=MH<.a.Vm.....u.].r...E.#.........o..!....a.wSU..m.BgZ..1....W..._<3.`tt...._.Rn.......f..6..H.-...KY..X}^...8.....r...-..0...../.@.....W_.#S...K`i.B.3.)bV-....r..L.5N<..w...h$..])...i..j.v3.;.7..,Q..../b.Q&..m..9......]....N=6.....'.......T..l.......F..~..........F...<>?h..."....'.L......n...47.z..*...<r.........sf..H.xq.>%.O.q.\..Z..q~..B}.B....kj.....A...`>DD^...X.b..j..t.d..\|E...).ZN.....asrN...:..B.y-n.a>.#..c..I.Y).0T.ORL/..<..jz..1...iZ......s...c..d..w.`.....J...,...; Y...\|.U..P....q..^...(.......)M..VK[ .O..7.]..n[...M.d.9....dN..u...g7....{, ...,.R.k9H....02Y..I_.G2.\|....3h)....!w...&..KI =..g..a.h....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	5072
Entropy (8bit):	7.9586154283738155
Encrypted:	false
SSDEEP:	96:7kuxL29957u5c77PWoD3SaYgaVYwUzDvXbzQnX/QxgSvrTuZmGhO:f29rgcHOsCzxV/UzDvXbzSPQxgSvv0s
MD5:	A9E41AF57ECBB7A72040F80E9AC6503E
SHA1:	9B26C26A3FD0BFE33B8FA1C2DE80FC8EFB0EB508
SHA-256:	9DFD9E9CB0671F74FB66E2D462EC2557334ABF5426EA563C40DFA7FB7FF6B9C8
SHA-512:	7DD411051C4CF9B251251F483985D83B0D57F81E0A5554DC4E1FC3F4344CA0040F0733CD6F32867600D1828457306C92A36E406FB5119A2EDD026E48B1A1DBC9
Malicious:	false
Preview:	.RI.K~...>./.>50x...;.k.i..Y.1......i4a._...LR....60......$&..^c]..Y...w..?...8...+..[.sK.q.g.g.......E>....-..\......Gkq....a...c......J..a.5..%...6.Q]..!.6...,.B.N)c.G$.....%...u......0..... .Y.\[.....6[.Z..G.....[..Yt.L.L..`....Z.>.B....D..._...1Y.R).=.......K...3...GE.W..R.Z.c.._q.....F.(U.....6d......".9..x....Wphy.\|..x...T..D.Ft"..;....m3@.Au.)UI..q..w..(...q.b.SK..+.0.y..b^+.{6.......fI.@...?.<(\|C..s.S.>S..7....y..r.;.kG.d@ 3..!s..oC.-..B..sC...n.y.o(7..p...U+......O..U.....G..=.L.....v...4h..Z......E.......+.I.b...+iK...2..!W...X....r.....-.f.. ..L.. 5.....0.$...8..&T."..?Ek.a&.tG....zV..11.%.B.y&g....c...T.e.....L..oP..-.;..sV...RB;vv...Q..J.,^sB:....!...x=UIq.......@...L.........`..t'....~r.P}z./yne.YyK..jcm...........%...ER...N.D.D....'./.....K..W_..w..b..?,.u.1.O....!k....~O..C.......M}.v..{.np.k..<9..tT....*....NO9..Kb...4.R.7......g.db 6....'vQ.C.>?Aa.P=.j3eL6.nZP.yzx.%.G!>.J.(ZX.....j..a.>.u......va......!...).XK.M...e.W...f9.....

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\AppData\Roaming\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Desktop\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Documents\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Downloads\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Favorites\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Links\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Music\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\NTUSER.DAT.LOG1.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	59920
Entropy (8bit):	7.9970680640221445
Encrypted:	true
SSDEEP:	768:LyE8nNgL4DhGYavxGRlYUGh2/djJ4LIQVOryKdD00V7R5ySQDExlavU95a3BA8zc:LVbx/UGh2/djyIyO737RrQDNE+A8zgKU
MD5:	D0A0635C73333FEC0050069FB0CE00DF
SHA1:	FAF574A01181207C6282E4C8840EC927F8652827
SHA-256:	D0DE9A1A4DF5C1FFA7FB73AF7F520CB79B8759EFFF20BD0A029BDF12E2FB9055
SHA-512:	6D3C754652BE86BA7E6311219BAA0E21A8384FC827EA5C52D3C137D1587F314F8B666156D192E46178F2980203153E1233308C8B756448AAD156BC0E14C9078C
Malicious:	true
Preview:	..?.6...A"q}..`......\|J4..)..j.<3.?Q..^..5.......e%}3.M\.R.....<..{a..;^.,5a...F.\.2....\|?.]Gj... ../.'..K. ..d.F...1..f!......c.H.o.'..<Irus.....mr.G...'.....F......_./B.^...!.n.`.......L......!..g....M.&vuM .%C..=.^./{j.6..V;X....O.d.....N...$0E.._.\|.......]C..O.RE.u##.T.....:'..+..WC.".Q.'...0..x .O..J...^.0...e.p>........h...T...2rWP<.....;@...(..+.5....N..f.9..t..=..,H..J hw2.......=v....A.....$H..&..g@.&f..Fl..f69Z...T....e....i......m..0...D..}D.1...f/n:....>...E3.9.>Tj..>..'5.:n1,0.b.4.8.....3.}j.t...M........^....6X.4..L....I.:...x..7h.wQ.%...:N....{%&a._... ..e.34n.6...0.._..8(.x..5..8...1.&..V....Iv...N0}L.U..]. a..{.I._..)6.I../..\./.E}8....>../:EJn.q.!.$..L.s..Bb......-..?[D..s..r<.F.TIw..$....8O.RJ.0...<.'.1..o.%..g..\|.^....l......J...ZJ.]V!...........Fp......."/w..H;[.d:......D.V......Y..<&...Z...`..L.Q......}`Z.$......M#..aR1V...A.....p..Ul.F.R3.A..<.[....D.R..^...1.r<..\.U...W7&f..T2.\oQ..W...g7^...P.....T

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	68112
Entropy (8bit):	7.997385661944037
Encrypted:	true
SSDEEP:	1536:DqOjw4orqkmZUOL37pJNlWzabkNfHkFezSXqYHVNMKU:RjwWxUq7LKWktka04KU
MD5:	293EF239E7B7A2DFF9853ADFB4445995
SHA1:	0EA014A8560F4B07570F0AF0C95DB06C08D254A2
SHA-256:	DD7AD1EC363A4470BF5170FDE409A0C36A619630C4091AEA47555F25D43D593C
SHA-512:	E1F42BA7E7ECEEAC2F02B193223A0F16CF27644676D411C774F36E9CC3BE8ECA943E7A0B46B84883057B22B14E37E07281E6E4D16251B34E0D5071E43A7EB171
Malicious:	true
Preview:	7\|Y"..o......;..#.......$.;...=......)5...k.K.O..g.i?.=.~.5 ...0:.2...-D.6.U.8#H5...U...O..1<9.7....h..jQ.Z~..!;v..5.S..C.).......8.(.4.'..Ea1..._.ScU..."....S......U..J$..W.........m.....Fn<.+...d..T..h...l^..p..a.T...&......I.2....{.1...dy..<K0.I...I..JVpph^A.Y9B.;..u.D..2....k.7M.....v..J..)..$.U:v....{.._>.H.v...dP.q.R"..r.{!..I.^...+I...kS...$.....v.....I^.loY....6wuA.....+...2P:..;..Rb.-m...^.+M.E.[.E...........+.T....<Sq.X1V.0duz.n. ...M.9...I+.cZ.n... ........oZ.<C..^0.L...E...0q....(...E.1...\.zl...e.;}.(....-Q.a=..?W).Z....].[.T.RY.N..i.Y...7.7.....m...`.sds...k...7....-.Q_.X&...t.v..W....~I.B(7.?p..0.M....9&y$.(~.\&..H.x.......mGG6...'....z..Z..r..=..)......\|.s.Ka;.*Y(..p...U..Ko....KR_.h(..~.r..p..K....B6Eu.til.....3....z.........._w......j..j...qe..l...&...-.h.p.\|xmka.a.].^.l...t..4-7.R.hy<....5.R{@{lX=.9..lD}i...=........v...]vr@.9...U..--.4-4;.."...0 ._.z..M...G..g......".f.^.B....X.+z.9....8%..l.......&hfm^....o..z.I....

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	526864
Entropy (8bit):	7.9996239840734304
Encrypted:	true
SSDEEP:	12288:PZ+tZ/M9aXf/b/9H5f7oFIwcUeNJwXAs7dvfOoMPeLY/nTfb2ETL:PZ4M0Xf/bt5UawwawENfy3bPv
MD5:	627BB7FB4CE2D4188C714327DEA02217
SHA1:	60BF453EB53EB2712952FD4AE2927223E61CAEAF
SHA-256:	09EAD97901A797CBD56311DE27221AE363D49C6DCEB3E911BF083A23E4A9D9C3
SHA-512:	B1EBA6821A0B4D1D96D8E86D49BD1C431686750C32C8ABDAA5583326FBAD21E957463BD6A899E6D3F8E6E1DF99E15A14B5193BED75C7F45E88C0381B972480A1
Malicious:	true
Preview:	1!...d7M..l.._<..L......z..A.q01..$O.^d..[...C"...O....x....(.P.."..g+.c`.0....x.d.q+.)j+.e.CRC....d.....H........>.;..(..s. ...e.E..)[k..b....a...F.1Xl:...`YFs.....(8..L..XY._....rb.)..,.(..+............F.....D...?....Z..0...%...;+\|gu.N.O.W..6..Eo.5~..<.@/...X...1e.....F.....U...~.s.....f(..x4f...XI...ty4...6#..U.4...M.....#.jsH...mr..L.xJ M.=.!.F@b..".S...=1.....J..7\.hC..e\_........wT..H..-.K7Kg.r.`..........7..e.^J?C..[.r.g..3..?U...hc.....G.G.p..y.[........p.;-.......B .g.Q.lY.<.....L.........o.U..r..M.h......aWZ...r....U.Wr.\..Z.6.....=...ec.....^..?..l.__S..A..P....I..oM....}iD..r.......Z4]=..T...h=i[...U(....Q...19PY..v..K} a.>t+:.....m...I<..\L.D.Hz...{.Gw8..4*@...i...o+...}....F..g.AdH..'....d.).........4..X...b.M.. ...n..R.u..:..l..,..b.k...}>...W..L..B..(..s....g..&"....w.fx.T9.&.D0.l7..U..{..n).+Q......~,<....N.7.(..vc...e`....v%..0.....o C\|\..\|...&.....X.5.ZI."{!...B]6..+}....P.J..A.d/..s`....yY.Z.A..dc.W5..?...Kn..R"p

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	526864
Entropy (8bit):	7.999666057464673
Encrypted:	true
SSDEEP:	12288:66wjDZgJX79K11hj1kiSe/sJl9nanEOEigOtJO5Wq7JJUKTpMjL:6tJ0L9K11hj1kiSec3anEOimOsqFJUKE
MD5:	CCADC37A502F9D83201FE5853892EB9B
SHA1:	9A78A5B14F0ED1B4FE5F11299D34EDA3F0B9F257
SHA-256:	88516602C57907AFDF540BBEA62770E00BD72361E6B2E308876B4F6C4334CD66
SHA-512:	73B2888161DFB4E8B212EC288E3683FAC966D881B9E76E7E625DFA65EC72BAE196C0BD350E02CA6364B997074D0AE93BD04E94E317B1E0C6F88C9CB9F10572F9
Malicious:	true
Preview:	i..&..y..dX.=.a..v-.0,.m.a....P. ....-.c..e....C:.8....lH&.~wc..Z.z'..pl\.A.4i.\|2I.b...Z.6.n...~N..8.O....G..a.,..:Vdk...)...~Ej....G.x"..t3..QB.^.kyZ.C.c..zO)%..2<p~..?IK.6G..c.>j....&........#6m.%.....-.+bvL_.[e.;..A)...........E...8t.<...B.i...M.....-.....H....Z.Y'#.....s...S&.1re.T.k...+F....K...S..SW.sW.Oz.w0......@.......e<U.U..t...\|E;t...p^...v5q~..r..<1+n\|mN.NJ9K4..<...B.4.;....kA..7.eW.0:..]..i.%...:..\|..wi.-~...2......_.../Q5..$.....kH}.".R......#m.....3$.9E...S.Rh..5I.^2..Y}.>.....v..-......X....L.r.. 0E..{.....r...o../`l.1.)c[.(A...FD....vG.2..2"7.e...n-.8.N.v...".c...Y....}..g/...>..\.t....R.........'..l.v...J.qDy... ......E-)...lvE....O..Z..LV5.......p...E.SR>.P.\j..Z...._..@v.X..i.bGH.En.....].L.q..5.?...Nf.m.m....\...9.i...d.2&.*.'i.F4...J....O.T..!`)+.6.........bp.....BC...K\.1.a.....z}..W.....7Z_....b....D..1...X....8.C.z.VG.G.m...........g.,...s...V.....u(..w.....S\|..c}^.......$\|.&....l...x....n....9........

C:\Users\Default\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Pictures\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Saved Games\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\Default\Videos\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\3D Objects\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.937337537765095
Encrypted:	false
SSDEEP:	96:+WNvUfUklFTpzDvXbzQnX/QxgSvrTuZmGhO:+W5kJzDvXbzSPQxgSvv0s
MD5:	773684CD6A39D99DFF947F06BF1CD05C
SHA1:	6A2BA99F13A0A1DF593A7C687A1DED89F658D1DB
SHA-256:	2C96750FA14D03089F2041B9622E53A910972974FE240C89CF2399555E090157
SHA-512:	03A4D358D089B668A0619E6079DD3AB2BC05099D3578E326F7AD2C407B254A3D1AAC7A89080D8DD07AACD392057199B2F39823F72FC60BBA79373B2FC00E43D1
Malicious:	false
Preview:	.g;......Yl<p.$...l..2.$...........O.5X.g.-...K..L..5....\..S[4.B.:<....Ya.f.l.D.}...q.....a....4....R.{...W8..<.LG2.a..)..^..-.....;\..sP .q....PQq....S....I9.U.#......NW/..0..J.[,.^..N .\|1......?.N....)......b..;+m...W..... .H,.!.'.......N.2...f.t\b..K...t..%L.H.b$T......z.{......ux.3...=.EC..;..\|T..y.]:.......R.uq....H..z..zfw.6.7.;.......&.=...J....3...:ry.....Q....sJ`..n....B\|m6s..F.uR!.A..W..4.y.r.A.4..u"s.YsA.@....Q..u.D.yy.....N....8.=....B!...M..4xd.gx..P.6;..%...!.(.3.....{..L.v.E:..:@5SIS..l..A.i8.5....4...P.Dq.]x?.-.\.24.~vQ.....+}.._.v.n..w....oTs`......k.{.6..]J..hx....2.H...d...B..\|{oR=!..,.{c..+z...K...4.J. ..R.....m...m....v.a.J.9.].Z..q{L..X.v.Y.......(.W.w.L.T1...?9\|.......:..]a..F...p..-.(5.dDtK..R/.<.o.A9`.^.ZITYI..T#..N.....Z.x7<.p%QH.Y...ZX-C..i{.x.F.....}...@n.v...Q...+u.v....6a.3l.m..J`/W.Ww......M...+O/Mm..0...8~i.F.U..... ../...b`Q..(.........L.H.}..y.vF.......<).C.....^.>...P2.h9\|.Uv....A...&...\

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	160032
Entropy (8bit):	7.998896890676539
Encrypted:	true
SSDEEP:	3072:hK7PO8v0PM1LaPwrxsaHf5CagvBQj+V3XpVvCrXC9/JoqryzKU:hKj5Zma/Yagv4I3XTvWS9xSL
MD5:	D1AB47DD4B36E180DCEE9127D55A8F51
SHA1:	B10158CC1472B23141E94498738585A729085513
SHA-256:	CAF38E290A6E2291321A6E924230E5461DABDBEF595ABDFF777758DB3BBE862E
SHA-512:	054B968CFB766EF1E8C525784FB4534ED2329A46EF0D9D1551FF9661408E4A7B3E61A486C18F24D16A7231B7284DBA5318DEF57459D78A03F1F86C873E554D67
Malicious:	true
Preview:	..7.\|..d,4>~nS\|.7.~t$}$..1..\.c.i....]..V.._.pp2..9+.</\....}..\|....x....z,..B...o#ur...j.^...AG.N;.....O.a.CB.V. ....>.tV.c.g......L...B...3a.z....d.HF..\.i.9..F..q.ZCn..Pk.F...l...5\|.{.gL..{.\|9..5rY..#i......]]...wT.-.,"....g.]....,(E...1d.(..r..9.zy.+_.+k.".^.V.../...6.g.!._.0...,...H....y.....o..T3d...].9.j.>./&..k.i.T..F....0..d^35Qa]K......P(..s..y.X.u..f...>S\...}..;i.>r.\|..t./..o...!&....2M..,..#r..l.Xl"...S............).....,..Twz.jc.T..6....7....9......`.p..58.r........{..r],.......p......j...,....#>cO1i&..AgOL..X...z.O>.]M^".gC.^.i..ZF.....)...%.Qp:...4...n{.....d..Q...T.K ^...+.d.`.._W.5.c.E.`.V."*fl...1M.."..}.95..go.D8m..d...m_.y..^.~.{..C.V$..e..)...+u$..-......l.,..N...(.@@...,..4....# K.)......."q}T;j.rIB.S.QN...y.....x...=f...=..yX/...f....f.....b.qF.XP.....W;.o.Z..wH"z.:X.$u.c.M.....}..?0.......i..^Wq5+..c.i.\x.0N..3.Y.c.iLo..{CG576.......l.q......H..u>.I!.3....rc...s.....-.. ....N?......\..Uz.LRs.1.&r......1...(.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	12144
Entropy (8bit):	7.987149217405128
Encrypted:	false
SSDEEP:	192:lWUjNpUL6MYr38ahEthiKhb/Zu29PZSAmn2AzzPeMBDhT4FknkVzDvXbzSPQxgSn:cUjNGGvr8NhiIb/zon2AvpKk0zXbWP0/
MD5:	5A06FE64EB811ACFE2ACF14787B66328
SHA1:	B7E40DEB25C98AA1895C9F7AB41784B30AF0025F
SHA-256:	C1A5CC18425FF45AA0AD642BBB36EF5337550FE7AA7257F73798E29744025BA4
SHA-512:	1830112A6F6D228350CFAE767878817E275BBF09B3DFF5C4AF20148E63871D2D8BC89C9CAE9524B2AB464BFCEE5787681446ED42F815CB39F9B82C135099C8A9
Malicious:	false
Preview:	.F+p9..R.W...1}.. ..L...9..p..W.u/.....J@&.!.`.^VB^7kO<.Qa.{.....t2.w.K.\|.A=.....V.....;N,....0.i..>..#.;8a...S.l.2 ..d..\|.OXo!>~%.....FQD"2j....@......:.-....l`.l.r.%...r+..m..59.....#...H.{(.$.z$.c..T2Bc.k.f.9q/G)Z!zI^.s.k......0pJ.......OjRi\Q...r..i....D.[f..W.].......V..O.....-.....4..dD....o..a....8d.'..Y...#...g..5.0..P.H2.bs.......e~..Y.../Z....TX...D7...%....D..8..@..... ....Kb]..B9u.U.7..ns.+..y...6>..j.....@..o..=..Y.....1...T.aA.s.5.ar../N.D..p..Hc.N.'.@>`...n..+UN.1\.M6....V..V"..w.1.r..3.^....&...X...D.f...p7.%=]E..8~w..)i...j..q.3g{.J....N.@./(J/.!_Xaai../......G..M.l.....T.p.....+.....=R...w.J.....gq..(o..f..1..ZrN.7.L.K\....e0.....Y....?....oU.y.H......6..f...;.Y.L.,-...CN}.....t.^])j..TX.B.0....h...YX...20&%I..?_.X7...:..H....1.7...,l...7.!.jB...Ss..m..o... p..&F...`..T.....\.....3.......>Z......^.42.}$.X..<..X..c!.....a...}%.&Q...Z.X..=..{.}..v?Dsk.v.I.../.^.VC.&.:......<...B\L.5..\|.h...@Y.U..e]n`.....=>...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	247776
Entropy (8bit):	7.999157945488273
Encrypted:	true
SSDEEP:	6144:g5EQHZVfJIJRFJDHdJdHNa6je+C+OcsAEN/RNrnllj7L:g5lHHxIJRbDHdJFNaaIcERTL
MD5:	BF457674459DF9DD9605C984D6C1EEE7
SHA1:	D9AE3E8BC3824682F1F3CA628E5098AD65F36C99
SHA-256:	231F3D89D5DC6FD7D42F97D75826397A6A894D7D68EE119D12C6C054D9246E41
SHA-512:	9F6E17272BD6E0D68F522DB749089BD6FB0FC9B592B29AE0602772AE1886C6B098B18D51AC486DF69B5C031593D29A0CB60E3BFAB51474ED4EE107FC133852A1
Malicious:	true
Preview:	G............t.uC..h.5.x..W..q8.G=..h.w......@......E.<-D..1..fFK_.q...A.UI..Y....;.h....=.i}...dx.R0..pZ..>..$o....k'..{...>....Z2-.R.y4a...J...l70........E..C..q8\|.C.v.5.L..`Tr..L.M!"5.n1......uC.P.....V.....rs.`x(.'...P...\|.1.j.qmdG.....2.....fu....A.).g.$.'..P...D.;A...8.9..G\|...pQ.\|...;..=(~...8.a.5..d@...m&.Z...i#.S.[...._p..,.X.... 3....W....;.\|.6.0d6k..6xa..v..]....5....N.U...Ut.....C...Uhn.Y..t.&7..5...8.v.\.....G$..v ..n..2Gk\:n@..~..k:...-HR..p.t.r.m..D/.Ak.lD.O..h....G.M...XB]N.TGNW"~........R....\...[...W..:..y..t.$.......\|..>\qf......B.).UH..=FO.`....b..6.,...1S....).YT`..(u....CE..M..C....W.KH.Ws.#....X.;.....<.2..F./.o;S...U.>-6..SD]l..qRs8:N&.e.Z.d..s..]........@wX....yS..u.o.{...:M.X..K.....<Z.3...1.......z..l).iG..O..$........$.l.0...p.n...g.X...A"....{]x..A;.g:M.....7.2H.>Y9..r.@...........D..b.~gM?..z.H...X..M'.~..Lq..}.a........e1..c....K.5r...Z:)p.G.....8.GI{.............m.L...tw..{.........3H..X..C...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	14864
Entropy (8bit):	7.987444433010802
Encrypted:	false
SSDEEP:	384:bqSsyuI8aHeB2f+eVxe24BuYoAPJftySkiRTuCzXbWP0ncs:GSscHeo+eVxJi5lp3xK0n/
MD5:	E962DA420D39A712BB4898193143AEF0
SHA1:	52D8FFDFE3224BD00A5538A22141AD22C547B149
SHA-256:	FD1877320B59F7BBF7305149B0BA4BE94DBA7721F7FF92B86CB6F4558AD0643F
SHA-512:	33D20DBC032D5A96C2CDD2F2D67A3E3BA12B5636CF9B0CCC585ED4A6B0C8B1133B4AA5E61CC763071D33DEB3067A325C696DD54F3186D78FB4B3EB51CCB5E598
Malicious:	false
Preview:	t._..T....V..g..".P.t5.u.Jr....-V.............~l.'.Y..#..X.c...}...x..t..Ii...u..`...+.....m....P...h.....9IA..HS"..o.T.%F..j.z%.........Q...../..RY.......o..u.t..$..C..i Nk....^.4g-...n.....7.8.k.S....#....&.D..E....UJ...N...@Rs].xR.'[.1c...C\.u........jyao..+.,.....O...A.u0..b..b....<....\|wB.....g8...R$.b....f+........u..`..c...6..W.jwG]...?.Q..P..EIt.+/m..p..m.[..].......Vz..7....SDn..=.A.Z.h....IZP.~....+K.>.....Q..1..4........0.?L....^y.....R2..4.@L\!....r.\|.I...2`........T.f.>.f).9.p....2hK.....o...2g1.p;..Y.....5.fu...j..:..?..i..Jn9(..!G_.<..] ..)...%C.,..y..X.].M.A..WAF......9T!.V.tG...{.....{.V....C.3.M...=.T.....$..[...#H.8...f....)....<..%.....pd....!?.K.x.]k...,`.)bchf.ma.$......{.0.O..43..{.....B..\3.l.=.,B.0r.q.=;..Q..R.,k.X......[.......0.....C..{......,...FY(6N....d.RT....$...U.[.'....l.[...9......7..h...t..b.}.[..fg?......0..9...L[`i.oV...'.......R.....f.H....b....^"..G%b.-...S.....Uv~.&.l..nS.6..k&B\K.E..].......

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	66176
Entropy (8bit):	7.997327644554625
Encrypted:	true
SSDEEP:	768:NkLq3FTd65MQ/94D88SYrQlUZn3Mr9oTFD9TDKyCzEM6QxEiZjvBYIrqxR2Apjhv:uQFc5X+2YET2D1CP7hZAROTKR/mMj5KU
MD5:	E363CCA84E98AFBD53F52AD50BF7AF2A
SHA1:	CEF5DD9194CCF59BB0479E762C59720C3375D642
SHA-256:	D6C8E052FF9AFF721B22BB3841941F16559D159FF72DE06A2C960CC6C6589903
SHA-512:	2D19F70FB95AE942804EF91F49A349BB575288E0461AA713B2EEFDB23CE0E652DB4C62F1E0AA61BFDA8327FDBDC5F74FBC0622CE961B938D68A9A451B06F8F91
Malicious:	true
Preview:	G..y....@.\|+e.W-R..f...A.F.\|.f8.V2.CG....b.(..E<......5....J.\|BZ......{..k.b.a...z....~.....-.... ..f...i.4...f.]?...yf..]./t..^.PHI9i.h}C'..P....Y.........N..5T.G...A......#.Aq._...i.....h..'.,...rS.W`..[........_.Og.@Y.+o#.....).=o..c.Ze5..h.+D..4...x.4\|...Y.H...k.p...)Xg...&zYv.$.m\|.E^.p..S..n....P..28..oA.J......K_.3g....u0=..`.<"~.r.:.#.]Bv...8o..J.G.Z..^...48G.#......Ds.d.K?'.y.>.....0q..TN.....1.U6..Q...w..8.<..d.yS......r......T...RC.}.!lv...".........!.gyO.2...dWI>.21......`...C.=l.<...b__.v.].V.4%.M.....5......)../..D.R%w...O..\h..P. ...<L.l...E5(...c.1...%..t.I..v.~...B/.-.v...t...SP....>W.V?f...YY...x.....y..{..56'`..._......C).j.k.Q.x.p.-.g.+!.)..W.0....o.lO..a.^.A...XD).....$......[f.w.C.y.A......${8..B;...C.Z......,.X....\4..i.%.t.oy..y../.n.......n....05.M.J..B..s..n90q...~....".6;...gkO..)..s:C...i.a3>1................Zr..0.J!.....T....GO.'.[.....4u....e.......L.{b..ku.......3...,....K.0\|..O.....9..! ....F..b\..?vG..

C:\Users\user\AppData\Local\Adobe\Acrobat\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3184
Entropy (8bit):	7.939349623331774
Encrypted:	false
SSDEEP:	48:PcRnyg6g/dfI1HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:Pcxys6zDvXbzQnX/QxgSvrTuZmGhO
MD5:	5DB59F6004E7FD8CC9ED574BDCD6E32C
SHA1:	F9B1ACAA1F76D28AF9DEFE511175F13CA04BEA18
SHA-256:	83CB797FE1FBBE1BBA5065255633FEEBF7989CF2106EE8FD2132C342208B41D1
SHA-512:	9651261B05EA1364ABEDB942BBF7B3AF1F0C216C9E0F8D55322836E9EE1954C99DDA9CF3D827AEAFAC0272F94A6924FBC1C7BD01E5D21226A9E795393D3342E4
Malicious:	false
Preview:	.....!.(.iY...q...$;(`D"...0[B.FC.....^#......]X]P....!+.ZU......#Jm7T._.=i8+.......LO...6..U)r9F.U'.A6...x@6._k_.".!O.-....J..q.q.63..8.l.L....`...aj.OX..g..L7..o.IK...D...1.9...l....:.DN.G.r5.6..;F......'.9..F..)......p,.D.....&..M.(....j.X.O.b..y&":.F.Y......-5..!iD.DJA...N.uMM.h..\|.[.aQ...LV..c.Q.xe+?...a..a..U..(..p...s..$;.~..2...,84z3...V.\|\|..7......Wau.5.#.....~.Ht.^. V~.4Rx4..a.1....t6...K..&.......[.}.K..N.>....\..X..Sx$.N..W.....,..h\p,..........,...E......k..&..s.T..c....U;\|-...aW.h..LIU.]J.....z...Y@^.[..'.....4&l.v.1<...........U.T.9;....B.\...'W9.QV...............C.h/..;A...;.}0.`.a.M....95.:-xE.qJ\.s...(.'....y2......lg...d.....)....s..}.o<.Y...2x..1.xBU...Iu....0..;.E%...^..ou...\L.x._....n\..$.5..9zC...4.^8....@..f....[].^.4.}....R?....m....wY@.x7.N...X..Aw7...........}..I%..F..%.:V....$0{.nWgl^.r#c...E.V.b.F..40H....V......m..+..}e./.S.*..Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...

C:\Users\user\AppData\Local\Adobe\Color\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Adobe\Color\Profiles\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Adobe\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Comms\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Comms\UnistoreDB\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	10768
Entropy (8bit):	7.983774967025065
Encrypted:	false
SSDEEP:	192:SWIBFHy56+HbaA1uzCiTMAe+u0ilFOif1SMB7Z+eJuLsaWe34EzDvXbzSPQxgSv/:SNFHyvHbZ5j+LKFvf1hB7CzjzXbWP0n/
MD5:	512BE4B95A1C9B9D88A09F8FCE1622D0
SHA1:	88797656F4EC77F55B61FCBC207F01944DF713B0
SHA-256:	1F6B0F30FA32486EC155052E66C7E96DEA80D8215ECC54B89EAFE3B9447B9BEC
SHA-512:	DF12642DB2942F6D218FC8684B930B9EA1D4AEB235C69AF79FF26CF0DBF191B11A3F9B4D761C9525BE2852CD1166BA802A47E0EEFFE242F2CF5F0439C48BD6CA
Malicious:	false
Preview:	.V.T.2...%#..0e..`2.q.c.=.../.L.......;B...f..T..E_.@jx....II..Jh.$..e.j+odo..I.!./2t8..L..+.).....AKc....<....-..x.0...8n....X_+.!Bos.I..P.J.$0.S.@+Hh..)...m.P..t..N.rv..r[.Z;..\|eg4z.(.vQ..<@.XF_M..g(@T......V.Z...(.....o.....h.m/.H..Mc.8.~2....%...nHZv0.A...$.Wg..n._.XL.(...'.9.b.. KJ...-/a_.fy{F..D...n...e.8E...^8.d.....;....?N.H.7.Q....&..DS.q.......P......K.Y{.........F....PL..m..g.A...g3......0.>.J....L......x..2..3.Z.U...Y\|.S....(...Zq.l<.r........`.}.....Fh.[....Y.BE>...W..R....=.!.....AN.\|v.d...'..BL.Bv..%.}2\|e....[-.1...+.(...<...@^..m.. ;.....](.U.....[G..q....q...^a:F..%..,.a.-.,.......0..?A....i.!H..f.6Z*h..Q.....2.........P..\|.5t.;.....>.g.1eG!+r.f..;......+...Dg.`L.....y.>...e.. T.......J..32W.;._.9..<.5...}...A+..."=...".3..n..L........O..(9.X.....f..l...Rz..,.duu.-@.Bm.k...L..,a....F.....k..{...h=..Mh...vk.@.y.T9s]CJ..z/U.]..K....'".E..8....n.??.piXF.i...9....4....+^..3.Qn...$...P.X.wRv..w.....#.....;.........J......q.....B9

C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3148304
Entropy (8bit):	4.984620529618608
Encrypted:	false
SSDEEP:	24576:6nUkiEPUT6phQlbRCjh5YjDqfRILYgXL/jrgAg2ITv97tb7cd7CxI:GPcuh5AQ6Ym/rLg2w1cdW+
MD5:	BBC631F172E83331BBFFE4984E94D4FE
SHA1:	CCCA6A530DD59F3ADECB75D55DF5325133434D1B
SHA-256:	9BB8826CBB26BFC75947F6179DCFB87D41F9FF97A070DA206F114738EE6A05DE
SHA-512:	05E10D60D930956704D08A37A82B308C1817408FF6E99A893ABB048B4BE168362C3C0E9770C421B326D1CFAF7514BD26A7AA974F064A2E27CDD523CB8A006024
Malicious:	false
Preview:	.39..%.N.G[....I.-..".c.I.M.P...W.@.Lk..W,.;sR...H#...;{Mp..Z...5A..T.].#rfCr.y...Qihsa....xD.G;+m....f..>.E6.h....b.6.~+~\|\..)b...........)?...V..k4g..;W.....e.. t. .oJ0"../..]...X.....[..Y#>4..S.?)..G.{.:..JM......I..]At;.$./.H}...2..../..L.;...)P.)?....>..E.xZ.k>..0.r..k ..,X0A,e..7.#......9..x......oT&. .. X.,.W.......$.......h.bY.W...`...;.=.W.U.....zr.:..g...k....l....5.....kD....X1.y....a.#.If.k..........m.J.....R.......:.............d....Hh6.%.w\...[....:h6.D7...{v...P..HP.=.z.I..L......>......./.Ll...Jb..([6.n.D>....".F.]...../...y.m8.g...F......0.]7U..CH..]r..uU...Y.................\.......P.......l:L^.F.-E..8RH.....7.P.1c. .......a..h........q.>.>.......`...........Yc....8''z_hZ..d$......^.........\.`...}.3.Q.-.9"..>C...GB.7.e.g{L2a v..\|.9........T..W..sY..0..<.5...1.,.5{......J.91m.\|..J."RK.G._....L....y..1.g.=./.dRT.=.z...$.'...{.3.mo......\.....I...."$g).?5v+.r.......-..N%.IP0....$9{.Z.Z65.Av.>.._..>&Y....zm.........'

C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3148304
Entropy (8bit):	4.98419248191977
Encrypted:	false
SSDEEP:	49152:O90Kxg3/ki/CUgQCR90Kxg3/ki/CUgQCR90Kxg3/ki/CUgQCS:OuKWvcNQcuKWvcNQcuKWvcNQF
MD5:	D241451136011A4AAB7AFFDEC59033AE
SHA1:	FFD200DD0E53D1DFAC1957B4890F4661F39328F1
SHA-256:	B82785FC620F78AD5DB6E021510E2817CF1676EE397C1B6FD6AE4B026FEC4DEF
SHA-512:	1C60B4DE40E6AD908BC9FEA639B24DAFBF10BC3F471BB6B9BC0B73961B2337177CD476AC49A749666D775587050F43A3C66C3D09C85484DE38F9B5E8408C7418
Malicious:	false
Preview:	KS..V...'....\..Vf.A..QK.A(..E.2.#.bBX]..RQ.74#......V.?..KL..f..W.!...".5^u.g.T...kq...o..Q.......u,N...A..A.....w..j....IU.i.......cp..._A....w..7.8..`.4..G.V........Ff\.K...1..E.i....D#..y..o..&g...2.}.....DDM7.......sV...m.M.g....KK2W..C8.....Pp...s......8.'.\|j....,.......U.X...h..N....<(.....c.O<t...`.nU._..f.:\...\|.Xbs...>/....j....`..3nPja%.i..c.......f7........xc.......c}#.U.m.{B...\|."..`h.<....E.6....l...Q......K,......nN.B...@&.(..a...L..\LK.5wj......J.}.+.L...i...S.F..e......... .8P.~...?......\.n..2.M...s.U.]d..M.y...].......N..H,/.../u.....@.].A2..{..lT3.zi..>..Ex..&..h..y#...T%..~...h.{^..g...D.....3.Ls.......u.v@....._.C2.......3......T.X..j?-(]..I....y...LW..j....../Z.U.al..e.P...".....%.N.B.V9.(..$.m.}..0...0.0...t.J........f......L..g...\|P<...v.S{d..k.-.~.........;....i...A}4._.C.I5\|..u.._5..5v..=".P$.....lH..xs.^y.....-...<.Qy../.I./.jz+.btD.&......>...#.....r.....\|.c...y9.P.....A.....aq.B..oq.9....$..V.C!&..~..n.

C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3148304
Entropy (8bit):	4.984861357316395
Encrypted:	false
SSDEEP:	49152:clg3cTanG6Lhs/urlg3cTanG6Lhs/urlg3cTanG6Lhs/uP:ca3dsAa3dsAa3ds8
MD5:	356980F77986EFA1D9CE3C06D71BDDAE
SHA1:	636E94183AABC280C4AB1AD658493B382436D639
SHA-256:	5634F22F6290F54BDCF7E053C0F51C4DA0C694B862DC5DD4C6B0DE07E0B8EFFF
SHA-512:	47684DAEA4BB76464BCEE496834C1C3AE4E983623A79C72AE86BE5A4C4AD6243483FADC59D37E6C7B04E75C9E6129B77BDC558F9878C6E0EAB5495179977C49B
Malicious:	false
Preview:	..3.9Hp&...e....gY......dK$....`.....spx..O~.b........O.I"SrJ..`.6&Ow....jn$6Z..Q..W..mnl....FX...xc-a.K2X)...r...oC>t..5Z...[j3.9.d..5."`6..@..q..<......'v....F.1.....l.7..B2A .O>..k({"Q\|\|{/..2..+.5.....?........o@..(.e..a.....6..I%.....xq&....Y../.....,.....E..K#B.5!On..O.F..;@hL..`ju.Vs2...E...A....6A..Z/......-.G.?....Co0.O.&..$.....7... ......~....E..E.5......M...d.%.Y.%~...YG-f.BJ..^....7.,...K...f..ya....A.f..E<f.....\|!..w'.3.o..i.O.V..p...Tl(c..C.7<.,w..K..[..r[?H..H6!0;"...NO..F.O.\|.1..j:Q.k#'..y:4.hd%...2.K.'.>.n...^8bz.RK..&F.M.....9Yj.....p..X..ObI..S.'o-..W2.(..q=.T.....>..gP.}.U...eR <.H.~....Yy..>[X....h.A.C.......h.[..'..Q.?u...6th.u.g..I..{....^S....,.P.-d.D..{..u.....P\|.\...r,!...a...(.^...u.L.o.m..^..4k.1...h......0.....U.Yb....>8..HaA..,r.}X...u...........s.qX7>.e.'.....7.}.6..\..1.....(.L.I..Z.G5l.\._.\|....I.W.M.X.`.T.O.}..f...Y..}Y. ...y].=.,a_..c."8^..Z%...1.......D.Kr..hG$.V7...?4.Q....;7'..d.N.....+4....09,.,..

C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3148304
Entropy (8bit):	4.985133821765021
Encrypted:	false
SSDEEP:	24576:K7CKtEHA+5wPNUkH22n7CKtEHA+5wPNUkH22n7CKtEHA+5wPNUkH22T:aCwcAiDO20CwcAiDO20CwcAiDO24
MD5:	45825C782EDAE8CE934550206D911138
SHA1:	47E52E0D00F2B07B03114FC0F9BA3B793E837954
SHA-256:	4B5EE90BE22933AC5FC133B419520A8878E3208C8E533723443E90CDBB68EF60
SHA-512:	0C76C87B7C2711745EBA20E3C04F3703BDB19F3712FED808684A9E9837118A27E47748B72C7193FF1B5C693E41FD60A344F1E5742BAB8569A690710BD16D0D7E
Malicious:	false
Preview:	J...L.......M.9B0.......R...nWk.s.m........X......K.@.xh....x(.4..C.z..ac.&......J2...7.{..Nz.......A~.....8.`G..;..n..._+......m..B.}......p...y.9..T. nk=.i......F...Z.~...~..h......dJ5.{L......$..x9]...q..7...:=..d...(...........lvR.R.@..D.a.......2..........'..s1v.c...Y=......)'.J.B.....}.....%v...i..8...2p.S\|9-..I.9..~0.g..7.[.PM..`......@.s..n'.t.'......eX.._..{7.}[_<%..gKbjFy........"...3.Tvn.....4v81.^k ......~J.....q'....JF#.....gf.E.4..1f..-...Pq...).^.6..dU....v\..[.'l...j_...8(.O.}.?.....H.':..K...l...- .Z.:ST....5.M....:...yO.`q%J.}{.{..!..o...6y%S.9..,. ..,.J.W....;.8....JU6.U5.G...I.Z.%...Zj...%....u.2.'....Dq-...I.u..^{.S.).D...q.5.._........)eC...\|.O\|^.......B..pN1c.E...j.Z~_.VD..\|. Y(.Yg...}...~..s6.$.$...............6d.i...nt^P...y=q.........ag....6.F..L7.......o.......S... f.a!V.S[m...1...!/..!'.%"........L5]..lLs.........#..;.Q..m.y.A.Z...zN\.E.^.F....p....y......rl.mj..-[.^....K.}...+y.y...".y.j..

C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	18960
Entropy (8bit):	7.98981641698304
Encrypted:	false
SSDEEP:	384:UHtdrQAua5pnfC7YvcvgCVzEdGWACMvzNEBcZzXbWP0ncs:GdrQInfKv/5GGWAC9uhK0n/
MD5:	2514234D747DD9169FF60C7E24C2E119
SHA1:	F72831C09586674B4AC095BCABE3EFED402739EB
SHA-256:	BA85E0D33A9FF67E9D4AAF2C2412A475223C105B7F602E4BC12FFFE1A819F83A
SHA-512:	1F0EE454130C2FD390D7A165C5C4A2CF2FCF17CDD6F51624281CB9C212498821A88973D99CB939CF0A82AC53B63D92E63686A0B03DCD003BD5E83BD295BE8C59
Malicious:	false
Preview:	p?.. .}6.[....'..X.\..zR.<.....8b#zr.h......B.b...:f..~...c.\|.[...d..U..~...i.7p..T..0.',I!l.n@..J!.H86s.L....,.\|c...>.Z(..0..h..C.>.......(l.!J..x...=..i..mzdb..B.....U....tu.k..I....Bi[......u\...$c&....g.A......V..W``(.....w-..:K.P.v.....x...$_c(2...0s.?WH.S.c..K.l...]...1NC...!.p~.$7g........`...O.3..G.v...f..u..n.......IC(........K.F...S..U}.....ZJZ8.&.r.).=..k_..D...<..Ae+..{?.n.@..B.>......6.....U......g....Q...i.:p.t'....P..l..^v........,z...Q....... -a./.J....o........)!.1..DdU..^.5\|.7.o..]I......].T7.....Ji.R..)..Z.".k..._8:.N.e[..m.qz.<.@."\|.&..t..c..?eiU'.:Xh>.i ...S.i.9?.^....u..{.xK4.NE.........GV..n~.\.w.."Z.>/.L.{w....D.0kx&[e2......^....o.U..\..?.s..P....=...E.b2..d.............Q,...W..0d...B...e."...rL...>. e....p..@..Ki.....@p.p..hSy.R.4..X..^...*.U...Q.(KG..L..\..VpdW...k.....f6._12.._P....Z...Kl.l3.........E.W....a...=U..U.r.[.cH...}.Qg...X.......#.q.=..5.".9.....,..j..:HS7K..M!.......L.,t....X...#gy.

C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	6294032
Entropy (8bit):	2.870280073319184
Encrypted:	false
SSDEEP:	49152:Ch77oL0Te1p2/PiZfoZiXjP+8ZvGSabpDART:Ch7sLEPiFoEXa8ZujbpW
MD5:	4FC18CCB2A65CB708DE831FD29323B19
SHA1:	252C2F60E7B88B2BBB6182D45086A0BA6D565193
SHA-256:	DD2AF98B62548FA92759CB2831828FFB71991AE326AACDFB4C07CD0A0C19EE27
SHA-512:	9F7B53D650EFC9D3859C6210AD47B8CC11FF88BD5164966DC87EB5CACA7CEF99D774DAA4850AF972E259BDF77DC22D866E716FB26A7224CD341D07712D0BDEA6
Malicious:	false
Preview:	...g....m.....DS%.q.9(..5F.d....Q.p.g..n...4......#6....sL.4..]..W...@....1.:.U...;C.?i...`z....T]$..w@......V....z.........u.c./..tXm<...uO.\|....p.J.......h\|...gq^...5.i.A..{..g^u.Jf.Y...z.....u......!.K.QH...x...,.)3..6o...r....L,..<...N2..l7.oR...U..#..a.iJ...&Vd....N./.kD.G@.......3+.g..2E..-....v.W.-$@.O...9....&..H .4-Z.6..:..=..Q.W)..^.g...{N...M.....vQ.C..1.^z.N...a.Q.....\|ib%.g..p..o..E....(/({4WqG.QQ..Q....W....\.. ....fT7....$[....;.Q'}.]f."\.../...'. ~t8.x.D. .%..F.g.Y-..D..XD....Y...7D6..g.&.....9...S....<....{X......\`........^JD.....;.pwIi...Z.c.."....z..w....Uc.:..$.J;.=;.._.d..<4K.O..E..h......]0..N../....F..\|.....%D?...v.V....0..h$..2c$ny..S.he..b......'..lv...e2..7FS.*.l...~...fk...<./.....DD...Vz,W2O0... ..o....;.C.......2.Gw...}V.+..!.K.ZBU.aE.....H.e....`8...].":-J..0.9.7...z.'.1C.0...@RAN.av.E..V..k....:N.w..._h[....S# Y..v=i^%...P...+.a.!._.:r<o}_@..^.I..r.2.!.U'W.....7.+.'X..uO../.w\|9-.Mh:I..D.LOWL=j

C:\Users\user\AppData\Local\Comms\Unistore\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.9189863355720576
Encrypted:	false
SSDEEP:	48:lyltJHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:lylLzDvXbzQnX/QxgSvrTuZmGhO
MD5:	1B158D81C36453886FD8623DD589D5B7
SHA1:	3FE13897BBAC78B526253D89765DC85ADE0C21D2
SHA-256:	2279E69C82BF1E8FD816A80CF6B1A8F1D5AE0B4F793B3C14F60937EE639EE0A4
SHA-512:	E2A2F2D3C04435381ACDDD82148B55596A5A70BD918331B41549228B6EEA41AF639F109DBA81CB4B6C89BA746CC7056C0C6FB3D70137E7A0B99AADD2E6ACA622
Malicious:	false
Preview:	COKa......>..OB....................-W1F^....\|k>.."..1....v.8..y.Q..g{..U..\|.ei.0.....m.V.x.(...-.a.0....q..!X..9.2....k.x..'f .Z..M.\|yI..%.....sV.oB ..=.`...Vn-P.rA.....${...s.8..Z.).u...k]0._. ....+2KP.;:.b.6.(...E....P......8".Qd..?5k...h....Z........_.mH.....k X.`.}b.J...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\user\AppData\Local\Comms\Unistore\data\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	4576
Entropy (8bit):	7.952300835817402
Encrypted:	false
SSDEEP:	96:xzVLy0/yS3/auX2FzDvXbzQnX/QxgSvrTuZmGhO:xzVLR/yS3CxzDvXbzSPQxgSvv0s
MD5:	BCC5F8939A1E1E6E125B67D0426307EF
SHA1:	5D2D9119343FC55F4162763EF06BF2E434569A09
SHA-256:	A035332A09A7E6C73D89880CC67785B806868BEBAB62961AF4241D413685D60B
SHA-512:	C541147C60D061362B97A4A14471D94DC5461ABE1BA10A14299735AE7DECEBD341F51559B9350109E4222F6555687C7D268EC1CB66A8BFBFD2A48AB5FC18D5C6
Malicious:	false
Preview:	..It...F.WG.(.'..5....~..W..M.2r ...)...A....u1P..........9.y.....V...E..."..X....\\...t.k..0b....:q.....A}kqS4.B...[\|...$...W?u_.j@c.u.v-.js.>.....oD.)..#....{A6.............De......R......DK.&.+p..h...r..)....v.....6..~I...^....au...T.Ij5-..xn..C..vD.). ..s..U.....Va..C..R..a..7.2..W...$...$c....Z.J.9..........3]v...e..R.+.N/..w-...9.^Ic.y..4......B...")..&.v.9.A.H.W..e.7..X..5.Q......O..E.@..sq...rLM.b....C.\.<../7._s5x.R....lIl...5.i.(%;K.WZ. .,E..?..s....j....P.......4..X..=T\|.._.7#...>`.}s..[....R.>N.......;.~]h..^S\9..5.Uo.6.K....3.O.....?.+.Dc.,P..F.\.d.D.sd.,.P..m.b.."B.......:.@.....#.t.H!..p.......n.CRe#.-0S...kV..-D.....@/.....\|...O..B.....O..&..'I....d......T..<..y..G+.sD@.T....... A..'.....r.Y...r...H..D..rI.........z.\YKc.i8.}3b.i.%..5.w...l.x@hV..jG.b.Rkpl"......S._{.D....X.2.[R...z.]w...;PfO..$..1.?.....ti.I.A.L\.$......q?R.iX.l.*...8.4.n.M..ff.].`pc."...5..Y.n....u"m.@.7..-!e.% i.......y+..(....Q...3.k..\|.rH...e.95f

C:\Users\user\AppData\Local\ConnectedDevicesPlatform\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\D3DSCache\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	68128
Entropy (8bit):	7.9975830398360594
Encrypted:	true
SSDEEP:	1536:canzpU2Yl74m1H5RwVis/USQ0s3IWI55wGNYsn/SwoGvKU:canz4l08HXwopj0SIWOBvn/1KU
MD5:	EF46B56C5AB04D5F861111434A862FE9
SHA1:	B408CFE1F638D95FDE14D96850E2477B465CA660
SHA-256:	F057C8505D2CAF979534E270D165027953F0E0736F504AE28F42D49A7CC5C5E3
SHA-512:	44873AA0EEB30F2D38FEC5BACA43FD35046E468A3249F28CC993CAB5DEFADAE0C2A9AC30853DA2DE70C9CAFC5D19428D0AF72A306E8AC9EA836FD94192DB87F2
Malicious:	true
Preview:	.h..d.5L#P.c.&.w..k..J.h..]...%/.1...sIs:..id..B..Yl..kd.....!g..s....~...c..........u.W.....j4..eHc.W.8I.+L(..........5..Oz.#.....'..-....vX....@.K_1.../..... 2.Mv.K..,.94.J..h....@..k..n...h8T.HdH..d3Mm.\Z..o....0N.6I]5.UGwt...eK.k....(Bh..v......h.M.@.....VR...=........_..\srr..y.;:I.`.Gx.....).......\......[.0X&H.9.\|#.....4Y....;~.v.....4..0.@$JL..~....7Oh5.k.....5...p/..%........u0..co....2.....gCQa0 G.h.i...W7..5rH...(9Y...>].=..!..H.n..,M......._.h.w.I1Z...@.L..Z.9.T *{.QS.A).X...r.a..q&A...B...!a..5.Jd..K...Qh...=..F..g.S.Mo![..aQ...;.].Q.u.f...2.......;...z..h.r......../.\|.wz.o.t.s..U..E1.).....K&$...^.YH...D..WM)..3.U.....'....E..........X..'J..t...~.o..gR.`.~.'...%....=.Rc......Q.2aUH....L%......sh c.\............/......nD.h.c=....E....W...e...c Q./..x.9\..s.x!.<d.., .@..&....HX...{oWM...v..p}...j. .s..j..........!......S9.J..]........w..U...M...b.....Q......A..+.e..6\(Rn ..[.P.$.D.>.....^.3>..PO.B.....a.x.r.x..6._..US...

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.922908972983853
Encrypted:	false
SSDEEP:	48:vG7sJ6OsuGHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:vG7sJpsbzDvXbzQnX/QxgSvrTuZmGhO
MD5:	F48D0230F737661638B2A9C6AAB12EBB
SHA1:	6D1D53B3778521CE427E85445CE82DD185F2E0A9
SHA-256:	BECD0A2996732F2F5A06DB7CE64CBE6ED1FDC176615305BA23DDF8C3138FC969
SHA-512:	52A5C9AF9AD4A003100431DD1C14C7570B557C86CE51B8C7279DA506CC002BD3BD6B552DC7B4BA35939CB2FAAE7B64CC48E60E4443542F9B9A8D26A3AB516766
Malicious:	false
Preview:	`.....<l..j.M..................2..P....H.....5-6... ....VP4iC.Ht..<i..yY~z..[..X.K...j....B..2...h.......^..u....Wj..FS....=.yJ.4.R`...}N...%.;..q...C]....z...cnP,A(.<XH.D.l.O.o......:].Th.....I.:/s.8LS..k...........Mm...B.+...V....R.].l..h......!.&..\|;....+u...y9.\|.....;......E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0834842116638415
Encrypted:	false
SSDEEP:	192:nIuitGp+HoLL28hMqrzDvXbzSPQxgSvv0:nxiY+oLwq3zXbWP0nc
MD5:	74F252DA1BFD331C536E7DA89CDA0878
SHA1:	E03B2496A85E78C69CFEF0BC0FB1C9B7BF1564E9
SHA-256:	7CF36A2E93406B24A467BE809D87619E74C06FC0DAFD5F446F544802C14BB1EF
SHA-512:	4D4B61DE604EFED0B42F59DE6F221B7914AA4C6F0E5B8A42D3A60B15FB99CCEEAD95F0EAB620D1CCA16CBE3CD5B90A9C67443CEFFB2633D3EF1C261D69B92D3C
Malicious:	false
Preview:	.....Q.]....J.ae#i..WW...HA..8../^!Z..#e$5.M9...xR5.).6Oj......Tv....&=N..0.`,+#..V.A..... _8hd..2F.e....7.G..fy."4?V..;..WJ2..p...P.>.41..L...R6...y.V..~P.\]e..-?s.S...A..C......@.[<.........co.H.'a...%..!Z....p...l.&.lg.....k.ys.....K"..N.r...q.....mL2.mR8.;0f.ov...."?x....:y..\|.i.%.!._....c..<{.'.\H^X%..7.K.....!-.W.?Hn..2...u.....C$.."&-...)....>..d.@w...C..).]..o...j"z.wj.".>..n..g...Md..B....[.@..w.:.\q...5.I.DW.o..lu.G...:R...A.D..'8.j....]..<ZiV.....^....vo/N.i..i8.........B7D.U.r...0.=.'../>#j...A..{.Y..g..H(..bg..2J.d.6...s.....w.d..P....E.Ty..5.D.....Y+.{.$.vK.B..1.........iG.....SiK...Q..3(."..4......y.:..6..C......v.$T..'.y....O..x&.=.fh.X.E.....?Yt...\|.....j+Q.....N....Bu..P4;ceP.<.....}.._..s..u...(........pA...RV.tva..-....gJC-!j.....ie>..;8..`.f..?).sLQ.)..-.q...q..8R.(../.......e..,...:.<rr...+TtQ..</...1..;.'..2b8/0.5nl..P...q..A..gz......R...L}.9z....8...g...Vq..f..n.............c.i ..-PSm.?...w..q...8...... ..K.w.R.g,m.]0.

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\DBG\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	7.929552757602968
Encrypted:	false
SSDEEP:	48:ceFELfVmSbXW9Bg0HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:HSLfV7bSBgGzDvXbzQnX/QxgSvrTuZmh
MD5:	65B7CF64A03EE134C4C850ACE51CE14C
SHA1:	53C49186B4A0CED0AECE12F7A2370DD46601F9C6
SHA-256:	8C0AB195B519373C553DE0853064A45F21CC0392DD2E2E96D7A0AD62575D4710
SHA-512:	9CFBE52B5A34ED40817461C1D7ACF50DB26628473258C9F5B52B7FA5088E6B9AD169CA8672F777558A97F60EB734550D7BA6945EF4664F0B3F87D7A9BA884773
Malicious:	false
Preview:	..TX.\Y.l...M...{..0..[+.3y ....u....NI.OBt8L.......y.:...m.,F..L..l.h.....<....Qi....nT.......@Iy..t........ <..[^.N..=9....6&~._..2.'.;w .rX.......2Y.!b..C..J..i....7`........ .c..G..3T..4...................$=AhK..I+b."]\...?.}...y...h...{.(.lB...r..8.VT....z...\...E..m^..H....EFg..J.;.B.e.\|....R..$.F....-=.>C?g..{...s.!.I...K;.._m....i.?.D~A4..?.9..._6\.g`...=.3,Kt......1...<..^6...&.Z.5w.n..}%.U1.!&.K........!Q.1$..-..._R9q...O....%.....B.V..;...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\nightskyreadme.hta.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	MPEG ADTS, layer III, v2, 16 kHz, Stereo
Category:	dropped
Size (bytes):	10672
Entropy (8bit):	7.9841245600783886
Encrypted:	false
SSDEEP:	192:9LQd+pVXCT1+wTHmXujhsUawOUmwtmYrddCOYWhxEl8UqHhMYRyluzDvXbzSPQx/:9Lk+pCiXWhlJ3tQYaQNVNyCzXbWP0ncs
MD5:	FB903970335A8AA950D51F888861F5E3
SHA1:	094567CE5E9D2709AD7A8681A8547489A398FAA5
SHA-256:	F11946F6EE88938B56483E1724D4FB2C083C4639D59C686334AE5AEABC487936
SHA-512:	C9533A35652F8B4CB3F485A12728BB02861E5C3C4C5EDC995E0A90A05588DD183449452B96C7D6618E5792FC02B5E6B948FCE2D0D83D895EFF96DE384F8C4490
Malicious:	false
Preview:	...3.u..o...s.4.`..).......Y.\|..N.aK...z...6jl....Ur(..6..uu.G..c...F..}...m.\.8.-..e.....{q..C..b..9.v.y.m4.......6L...D..-.........u....#..U.Mq.F.6P.C.du#..}.T.d.M.zu......ErEEL.w.{..y ...^..O...yIQ[...H.\|..h:...ZwF.)..S.+.;._.f.c.D..C.N.R....(.....5N....a..X.s.rH.P.Va.R.z...c.?...\.a.....@.K....T,4.iv..n.)P..(.+..X..G....XDd..p^~/B.e.....pP.O.z..S..F..C\|..H..NYr..+3.JM.....W.s.i.nDM.mD.x.s96......E...._.r...x@.rl?....Ma6...!]........."_.....D...w...b.....G...\|..~;\...a.....T.f.....S;.............k.G......-.....b.(.s@....J.^.&..,.,Z..-..j..%...:.%..aZ1.K.cX..:8K..5......A..@.......L?.ic.......iUql...~..hf..t.x....~{.2.5.J.t..1.D..Q......!n.!..\|].....3g...b 8.....`...D..I.....%....y:Rm......S.&......b.r...VB..o..1T8......7...../.Ps..Y....!.g.>..S1.P........4.......'....W.p9.j.'r.:@..T...Ee.b6.`.)S.j.! .....}:gT.Zd.......<Lv....G..N;mx..>1.P>.I(...c.......o~...,i...f3.A...p.v..){ac4.@^."u..fs[Ei.-.{..;.]c.....C.F.....U..J&v+.4*

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2976
Entropy (8bit):	7.935317287427249
Encrypted:	false
SSDEEP:	48:FjOmvaHP2HRs5cKxHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:AAW2aymzDvXbzQnX/QxgSvrTuZmGhO
MD5:	F1500F82A3302E73D187A25E67166892
SHA1:	1BA9A62D0CAE70902854844CED774C42F94A7E31
SHA-256:	24AE1545230DBC859F796D6929C40A928D8CC5B88538BA6A7978B70435CDECCB
SHA-512:	5BEA9329537A5AD463A606D2BCA05404387A35B6F6DE65BC9E3EFEB6557A86BB4414F2039A8BB0FF5D63FFA5136AA9D3B6C7252A8C18B0C8EF1290DB5BD1058A
Malicious:	false
Preview:	q.....h..iP..u.S.I..d..&s...9.o.K...b[..`{..;c.UC.....@..;..3..DL&...).z) ......R...q..n.g..{..4b......H5..;N~L.H.vv.......t/...c..=2.h.qa...N.....:]M.......~2\|......a.5.....9n....H.%..;N..!E...)...dZ{...8.I.+..s.....Su.^.....R...9j......8B=A.W..{..-..y.L.b g....B..q..C......B..Y.1.oD....\...c.^.....}`.q.]...m$n.V.?_..x.....d.....~.`f..;.<...K.+I0...z.Cnq....L=.._gk................lP...a..D...s.#q.a...-K.9Pe.jQ..{.c.c....-...{. .1...h...QrEK{....n....8vV..Y.^...X9........q...... ...k9aD..................@..kT.Fb.....uV....3.e`..a.S.d....:E`.Ma.e.[H ...8r.9.bT..{)K...-...a.....8.[.wH..1.y..=D.-o......K..:NDO..iEa.........&...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3232
Entropy (8bit):	7.947577017227642
Encrypted:	false
SSDEEP:	48:9uiHXxtUr72U+EUl7HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:tWSU+FjzDvXbzQnX/QxgSvrTuZmGhO
MD5:	2A11CC7B018F6FC5F076E13DBB0CF920
SHA1:	2548C71489A87D59B647B35E7AA5A7FA29AC58D1
SHA-256:	C4E1251D0434F849ABF40C603E424431204C68D5F74BC964630ACFFB1CFA57B1
SHA-512:	4895900D6AC324497E31C14C6718952158FAEDC79474DA19979989A8968B8CAB72A5374AF2BE3B4E6DA83EB59258CC3DD82FE3B74C25161C5D8F9F2B4CBA4A0B
Malicious:	false
Preview:	..a..1h.#....9y.\.M....it.T\|s..oJ\.p..k&=.&~....v.k......g.S...C..\Ax_..).hf..J...K.^t.d<...4...XOf..x=C..y.'...W:....R.P.....].kNe9kBZO.vSu..P.=H...'_...n......R..x.......R...5.t,.%.....}..-H.S..!...E..`...7.)g...a....F..{U.~..E..(...-$)...8..F..gh-.....P.K.Y....5\|...a'...e...a....6Y3...;.,..@.[.... ../...2N.ey....H'......:!fy.J.st@..>!C.0..Z.o..vw..\|.v..no....<^[w..(.D..u.U..N...)...}....._a3NX}VN=u.. .L.=...(.z.J~g...Z+....O..9......j..6.9.....D.n.J.....j.@.C.{..=.Mh?.F..s"....v@...%S....J{....R.^..j.../....8...~1...A.I.k...N.....3xT.o..C.~....N.....@#z.......nwTh......#..r.]....X.:...+....B.(@...UAYQ<..5...u~\|.Hs................-.(..t.\|Y.o...a.mt.1..ib.L:4..Q...tA..I...7..^.p...3.9.R..<9.L.g2.6...E..../4.AJ..%.b.....'...\..T\|.]`c..{"...!..o._.:.Z#....F..$..:o. K.d......6h....r6...U..%CO....{...s...L.GP...)..........d....>.4G..j...&A~%gQ.-..u.5 ....A....Q.-q...S..........E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBh

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	6400
Entropy (8bit):	7.973953819117285
Encrypted:	false
SSDEEP:	192:JUAzMNjRZHUN+clpeKte6kLSzDvXbzSPQxgSvv0s:Jb4NlhslOhLEzXbWP0ncs
MD5:	F4B2FD199AB52068DE7E8992FA68191B
SHA1:	00CE640C7BB7DD66A9EA948A704049D144F6E31E
SHA-256:	1904CB1023C163E6794B17019E11876C28EE8A6F3D3DD2EF305F6D13000640A1
SHA-512:	AD66414FE307D68555F4E4653A3A264AEA300E9EC9367458C2FBBC9E18F5ADD9E10597CD78A6652DC9A916F211D55E8CA0F2F3B2B9017F2B793EA299EE40CE9E
Malicious:	false
Preview:	.'Z=]"q....'..3..)_..d..."..+..O.>...b....W.SP..;.[.#.+v3l..o....b..c.....aV5........U......w`.G..Bf;...M...3.......6.....F....vz6...hHK..B.z.{...HR..._.e.7.R.......@u%.4....Cl.YH.8.....R..D......d......).p7.......l1hi.J`R.].+....z.].C.EM.....r.=..6n..}.. <....+..[~%V....5?...a.z..~Z.M3&.;...RBM~.pD..w......;.......>.J>E.0.....0..(...H...p...(.....nv......cF(}+.P...F..h.y\|.......;.=..?7hf.O.H<%..@.;..].4.u..5.c..&#j.9.\g&.6......N..:/@<..F......L.._E'.TAN...g..&.i.v.....\s...B..h..\|. .k>........Y.....(.....?-(..e..V..$._......D.....L .U.o2.-....{...,'..wg...O...go.^........~.1T..>.<.@.D..X....~..;.D.G....J..f#......ygxi.z..8F.UJD.9;....`.....{B-.n.\.-Y...........H.1$.2v..8. ...a>..D.....0.I.7.F.a..z.Yg.....l.c..L5j.......+...v_5...s...>..HP.r>..C..6..d.{...Z.\|.v.?@.u.(.y.W........E.9g'j.t..m......W..?.W....5......K%.n..r........\.....2q1....B=x'.@!.J)Y.>..{*..tv.........i....._....zT.l"q.kW..}..8mAvlYI..o........3.pa.hc

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	8384
Entropy (8bit):	7.979008229769024
Encrypted:	false
SSDEEP:	192:kelFKTedLbPCDs8vIZ9GywtrNI9zDvXbzSPQxgSvv0s:NFKTOP8s8vIZ+NIBzXbWP0ncs
MD5:	EF022283636B674FDFBCE45EE3A51325
SHA1:	A53DF4395A876C0FD451B8839B50E5E24C626596
SHA-256:	366781DC5F900848DC955F889AD525683A760BCCDDBF2DD883017B82082D1738
SHA-512:	6E689B05493A4CEB550F2EF1A074CBF4ABBDF2761AC45582249C3A3536A61E33A16F8F3767DDBCCF27EB86696E87BA8C8FCCB9BAB7C9311780076D1DD145C30E
Malicious:	false
Preview:	.q..K.z3...X).%..NH....}.;.\..q.".d.~.;.w.....xC...\.i.....r.q.cm6..9".Xp.(.C.Y.h?....#.O..HY..O>.U.,....hk&.......ZA....~...v...Q\.C.._..GP$.3......E;..]..&A.r.XQ....I....Y].i..f.@B.:..Z...$.~w..7...S....4.15...b....."i.......F&..".W.&.w..W2..c.2)6.u7....<.{.i...>W...9..0.;.oV..O....6.K...p.s/>x....PyN..BX.@9#G17......=4..)...N`0R....V..p...yp..\.z.A%..M.,..L...\|&.'I.O]8......0..P\|U....2zx....h".L..F,...r...:..)..&.n.I.Y...)......4...u.7..\|......[..#o...8.z.]K.O.c..@..8Y.......~...Q...B. .l}r..x"kpG.('...=j ..+.........@.r.J%z.o.i..mx.F.........k...W]........%J.>2r.u@f%.<.....z.I...k..N....V...;=..2#..k`..U........:.H..DF...}...<...&.bZ.o.\|...Z.".%bta.}$.D.......).9;<.W.;..DO........R'#s_........n..2.......e.w.5V...."._.'VS..l..(..Y..... hU...\|.6.~.F. .0...+..H..r>..{b..=-\....)3...O^/+t.%.k.9p.#.'i..c..7..P.c.f.....~'K. _.$X7...h....../..m..~......N.0...u/j...\k....*1a..i.....x"k/rZ.}.3.^i.N.I.]$..^.......V$...-..9.\|.W.8....~.e$...Z.

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2912
Entropy (8bit):	7.935318957940748
Encrypted:	false
SSDEEP:	48:2E3rkHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:92zDvXbzQnX/QxgSvrTuZmGhO
MD5:	875A395F954DE88D6B4A1C6CA13315BC
SHA1:	B93E36D57D8522017AEE9431D1E21D4EAA7B0F02
SHA-256:	B2C47699476607496D6EAD6E6AFEC6F4975E7C467E84712992525A9D94708A39
SHA-512:	7683ACDC3D2C0AC896633BAAFF60F3D44A51C925D29FC6DF37B9DBF03F61CEA1BDED42D23BEF189146AEBB140E1A006E1BE10E40D2831E36E7BA2D171D5098E0
Malicious:	false
Preview:	......1....n...J......U{.A...@..z<...v.KG.m...b..F..Wo......4Q'.l.ZI~P`.....b_.}]C...[........c....r]ING.g..dh..K.N.....S...@..).:\|.O..]>..wl...0.6..............r......H...L....9.....................=..k......$.Hz.9...F...;.....B....\|.36......E..^..-h;..9.k.kn.D%4......'Z.I..R.....B.p,..O.}e...#'...jF..f=.....>+..O...............<.C.Y..:6....y../1<j.'}.^.. .YVY.....N3q....c...H'..X~.l;y)...w..{...~-R6.Q.A ....>`.Yq........^#..!.\|].G...p.....M2j.P.9.....Q?...f...\|)3.r...%......s$.~...}C.\|4 .)(.UD....4...m..N.;..")...L...)9.1..XD.W[.\|.....1E.h.#V.F#+Y.1U..!ZI..hN.Y...5.!...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NGenTask.exe.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3104
Entropy (8bit):	7.935243417802913
Encrypted:	false
SSDEEP:	48:nFMpN0EoO8ZCwaqFHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:FMXn8Z7b9zDvXbzQnX/QxgSvrTuZmGhO
MD5:	47C589B6D4D283C4E568E704A51E937B
SHA1:	F751B86E7DA5BF454E198D3E02E4BD5FA0667E55
SHA-256:	27107949104809EF368F8FD25F79CE0ECC732244DD0EAA7C122752118670E5EF
SHA-512:	40E84F710518CBCF69DCBE929D7F2C24E27EA7CB123E54C22D28EE470EEBD1C3564C80DC7219DF1CED2526053A636A34CB8B96603476C4D82995387EF9707704
Malicious:	false
Preview:	...)e]..I<w.xG....f....,......J...@..'_.x>.#.pD.ZN;..cYu&.i..f...PsM.k... .;.F.k......_{..n..^}F.%.C..0..........!..(}....M.="iu..-...A.d.....[...8+..^3.........}...:.i..R?7.4.b...fw.L..(Y.,...._..!7.K;.n/.._..f.EVT....F.d..u....P@Z..g..#'<.!$......).._Yw.......)..=..._.....jt.O\|.1,4I..\s.M.]%..s..j.li>...A.Uk.Bu.[.$.[...^.g#...}.n.....<.(..9a.-v#2.....%{.6..e[...0...).Xq.......O.f.@s3.T.h.e...R0...f...PQD_..;Ro..L..m]..Tv..F...TA.t.u[.(]..]...F..8..:.4X..IY.....k.9..M9..{..S..bJ..D..)U..a......................%%..t&.U..z....../..y..f.....Tg.c...G@...'....."...P.."...M..PT.@..6...V9Q.G..x5.!.F.T..z0..y.n.._...Eh.iy.......U T.dW..QfO..b.....4......\|...Cm.^.f.e..{.<..&......Y.E...nq.\.Z.K(Z..y..S.N.Lf.z.$>.9.....].....Y...p.2..=.I.t....E.V.b.F..40H....V......m..+..}e./.S.*..Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	7.962253189086328
Encrypted:	false
SSDEEP:	96:Vb2Tzo8egpxXgTyvr3m0q6edeMioIzDvXbzQnX/QxgSvrTuZmGhO:VgogJm0rAHiXzDvXbzSPQxgSvv0s
MD5:	3DE3C3116D216B9E1B5AB910A6A4E9A5
SHA1:	7F9CCB63E8CD572CFADD8288BFC98F1CC8E1C678
SHA-256:	81C3CE2E2D5631B8CB32669591E673375EEC37A65DC310C3CC94F36393BD7D9D
SHA-512:	5CCF5A6BA5C0643C3339C47210CB4F81E799CC0939CE7D9B51C57FA7CD311BA304A9BAEBD770244556A17D24741AB0D6E98A58B2BFB296C84CD7235F6D1F853C
Malicious:	false
Preview:	...=x....bY.. p:.NA...1R@n.....AzA..[/....tl,.R..w..H.I.Eu.bz.L...(-W......ggj......&../Q}..s.i#0.u.s[...C.!;.G....t..!4.g.......N...n..=..T.C...PZ.=.s\.iv\W=n.T).pD0...G:..o.........F.oOa...2.:..+....I...=.....b.7..0O...,.Qxx..Z?...`b.$2.....&.M.....i......9..Js.c...p...\......x...v...^W.".G...-......iS....M..{.,../...{...i?{]..[.D.=..U.f..9qU&....X.:r.8.......O.w.#.....dj.-....i.m...Om.+...FE.......d..O.q..).y..q..h.R.A4.....~B..,.c.q..ZQ~...5.c..l..\|H....PU....u4..o=...{")..........7..z.j6'..>....ZL.2.#.$:,..1.&....%..[...W. p..D.L.=.I=.<.:0.....a.{..+....3.]/p.T.;...T..`....o).@g.i..B.z.L&;x#.5y......}....;.a8D.O.wm.......`......3>..T.O.#.P...F.+..t..g..1..h.X...............~...Uzf..:._..H.&B...Tp.y<...D{I.dr.y....-;@>..iG.~a...6/..?...e~.S.hY0..0.ZG.R..8.O&.Y....... .n.,..N..g..Hv....Q.$....7o...$%/g..=.L..h}....>x...&.".0.8pX&...Lh.A..T.~-.K.;..L.2.....%..V..Ih....x........\...v<9.N.Q#.2..>....\|m...A@.....A...Roa..5z%..A..-....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2912
Entropy (8bit):	7.933597853437369
Encrypted:	false
SSDEEP:	48:u1tP1VLmajMHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:u1l5j+zDvXbzQnX/QxgSvrTuZmGhO
MD5:	E3B2D8B7B52C58925D0F0666B50445EE
SHA1:	CE1EEEF36DDFDAF960E2A15A5AB8FE7C80C8B309
SHA-256:	44332FF4719CB057E9EF2D86E6A8B4763BD599CF977851B85E6AE0B331DF3BD8
SHA-512:	CFF591E8560EAAD353A0632ACE3E6D7C6A61E3B211EA682C3B7980ADDDD5854361C8450A34C1804282820954658F8DF6088552AF73F8DAA833D8A56EB077EB38
Malicious:	false
Preview:	..k...fL..f...IY..Xc~.&....QU..`._3.....L.....%.`@Z:p....nr......0......4.....x`....M..a......H.).>......A.s......g;xX.....F....!.N-.... .}.yn.Z.\g.C.9.........1&K.......`.)b6!....4.}.Jk....@..{.(.\|c...R[...........a...9~..S... ...3..;.......XVyFx?R(.K{.w....'t..Z.2T.nE..._...._.@.......AI.x.+.x..f....R".x^.......K................2P\|0..gC...Vw...;...[..;e....A..Q=.A.Q..D.@.XU#.90....A......).5.p#....t1NU.6..m..;...a]..bP...~....2).#....y.p.....[HI.G14....$..6..T.Dh..5t.y#K%.2...."...V.ESB...d.SG.p.Y..>..h.%.i.......,......J..T.......A......'_...e..>0Re#...B......d/......E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}

C:\Users\user\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	13648
Entropy (8bit):	7.986809141036012
Encrypted:	false
SSDEEP:	384:wTM1h053lBxiIYLRKERmZKypqzXbWP0ncs:wTkh053lPmLUERnyp6K0n/
MD5:	A346921755F518899E0583D1915940C8
SHA1:	F78864E353B27CAC5B2ACF711E5FF11D7BAFF7DE
SHA-256:	D98DA7A927DD22D5487DBBA1BD7DDE3CA66002CE9841FCE15A4A358961D19B81
SHA-512:	DB6CF94FD31812E5816CF7FA41D12F20888B13BB82F586708368B7AF58CA617E34FA47551E5FB0F8F8628688AE6647E40880A3ED21D15A0B70F302F1716B8586
Malicious:	false
Preview:	..E.......w.O...`..,..}.E.b",..j...@.i.>d~.\|...O....qx...c...g.U.y...Z1..#...%1q5\|}..q...........p..p.....-'p....6..'.L....O[.H.....H..`..Yj...a..V.}B6.r../.........&3.D.a&...X.<.6\|..I...W.".o.8b...W.;....pm.`.@..C....U..LH..L+{.?..#__..9Z....}D....U9.....Oy3Ha5B_...5...tK<...,...N.O.,]K....np~.\|..S.....x.K.4.D.....R...N.......U.>......../(.Z..!...N.'.{h7..b.3"..r.hsn.R.....%..?.G.X...oet<=.\.A....j..Ct..Q..x_.?..yJ...o.m........B.}...H.0.5\|G?L..P....L....y..(._....h......._.:..8zLt.:....I....T;.._..w>l...A..>8....}\.g..8.^.....7%^U.-'t...W.../.uL...1{..YLWy.zQ..lN?..uD+......$?\0.....2.TNy.O.r.^c....b...NHQZ.^P....z..,,+....yf..=..Pu...x.@.l;WR.T$..Cc..N..Du*.E..RN....?Q.......X...e@f...8..H.d<....s.[j.N./'.........)..8.g.K..k-.aK...3...(v.....l.4....en.q..@.....[.zW}.+#...R.6.U^.h..8.I....i.zk.w..6..`9....FN^qrDm.Dv..Y.......kD;..].~.c..D[."... ..k}..k....;e..wy......X#.u..u..4.$..g.)]..:.V....jz.n...^=..Ez}.H...-.........D.L~..i..b.4` ..U./w..

C:\Users\user\AppData\Local\Microsoft\Credentials\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Feeds Cache\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Feeds\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\GameDVR\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\ESE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2672
Entropy (8bit):	7.927223514358803
Encrypted:	false
SSDEEP:	48:Exs058xISPHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:wafvzDvXbzQnX/QxgSvrTuZmGhO
MD5:	E952A19B3250DEB388EC594DD1D61BB6
SHA1:	BDBE10876B2931622A247378FA6FF61083105592
SHA-256:	D62082C2592B9F35D26C29FF5FC14FEA415707BF312AC306098BA9E5BC56FA3D
SHA-512:	6A08A2D04220579912EC2F36D9D243887DC4BB49ED0D5846EC91513E2D156E0E6B5DDBE1ABB0C34957AB89BD3A4B1E55117AA579E2D5BB803E7C1332C6F10E31
Malicious:	false
Preview:	F.s.z3.?.... .....]./......2.?.....Yw.i&r...E.....s3.+Y.SO.>.<........+.I.....[..FI.. .i.2\.[.................w.^$....E\.VN1y@...(X.`N..6.&_Zw.\.......0 W..5zN>3.d]7.......^..1. `..\|........Z(.k.%1.5{@..N%.....N9}..4..?![...uB<u.V......)buqC.3y....$s........O/3..f..J.....}0..5..B..)......4.[............$JR&.h...BHd`.@.Cr..fW.z.......i.\>.Me..-./%...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v.....

C:\Users\user\AppData\Local\Microsoft\input\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\af-ZA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-AE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-BH\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-DZ\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-EG\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-IQ\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-JO\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-KW\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-LB\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-LY\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-MA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-OM\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-QA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-SA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-SY\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-TN\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ar-YE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\az-Latn-AZ\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\bg-BG\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\bn-BD\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\ca-ES\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\cs-CZ\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\da-DK\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\de-AT\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\de-CH\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\de-DE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\de-LI\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\de-LU\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\el-GR\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-029\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-AU\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-BZ\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-CA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-GB\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-HK\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	modified
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-ID\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-IE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-IN\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-JM\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-MY\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-NZ\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-SG\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-TT\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-ZA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\en-ZW\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-419\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-AR\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-BO\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-CL\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-CO\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-CR\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-DO\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-EC\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-ES\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-GT\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-HN\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-MX\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-NI\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-PA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-PE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-PR\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-PY\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-SV\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-US\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-UY\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\es-VE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\et-EE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\eu-ES\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fa-IR\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fi-FI\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-029\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-BE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-CA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-CD\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-CH\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-CI\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-CM\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-FR\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-HT\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-LU\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-MA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-MC\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\Microsoft\input\fr-ML\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Local\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2608
Entropy (8bit):	7.92492344146295
Encrypted:	false
SSDEEP:	48:LqPineKUWWHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:ECTUWIzDvXbzQnX/QxgSvrTuZmGhO
MD5:	F3B90097C64C70DAED0012847B3E49B6
SHA1:	B8E8F3AB926F74CEDF51897BC61CDD85FD651D08
SHA-256:	0C957B92AB815D52D15EBFBB12989DB8BC042F3C9F3990C2223DEBAD46FE6A8A
SHA-512:	E8958722E1C1063545BA0F840D5BF7ABD9F0A8F452FC6642393F550E5E90233D791E52446C6696623DE1610F40F2CD45DAE6366FE83003288F1D458D7BE9EAE4
Malicious:	false
Preview:	.v.2P.=...w.......k..d....>Ali................kY..\|/.:..-....H..SJ..T$...r..In..\...c....eS}..L.............k.$..._-..F92<....G...7.h.Gj..3R...Az.4.<[[\....JPYb.......b....c hU\|......O..........o...a.._._t..Z....G..`....c.W@..D7.1!}.._.Dz...M(tm..:....bR..;..a'@k..)H..S.b.....H..W.H.N.xJ...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2608
Entropy (8bit):	7.9222375949306265
Encrypted:	false
SSDEEP:	48:K2ctAGTBHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:toTBzDvXbzQnX/QxgSvrTuZmGhO
MD5:	142DE640566A57028A2FFAE2E3BF0866
SHA1:	1EDDED15F80504F0A17DD5204F13FBA195CBDF10
SHA-256:	9D2E02045F08C4495C4E824FAC34C25C5C2CD66BE903170232FEF5861AB0DBC8
SHA-512:	F16540411BC2F16F393F51CAA9F3BB09E28E620DB5D37B7598D7A7D3509555265F75D2F571AC607DCF4B213201C6B32CCFD32BD436D0CEB1D1B8C27D7082244C
Malicious:	false
Preview:	{..7.......D...y......!...................W..h.J..Xd..5......`..N.......(@.......".........d.vr...q...5.`...l]...{..]N..BA(CO[h=q.Q{e.1.............wN.gn...O...<.!M.p.)....B....'.B.c..Q.{1.y.B`..~....'x..V....f9L......g..Y:lll.a..+.^..6......`...h..".7...>..y9.A.&.........C..g.........E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3216
Entropy (8bit):	7.936671608028448
Encrypted:	false
SSDEEP:	96:I3TuvsnPTxjzDvXbzQnX/QxgSvrTuZmGhO:sTuvs9jzDvXbzSPQxgSvv0s
MD5:	12C3FC45B4C1C2A3E697B73A7503F585
SHA1:	A54C7DDE8F15AECF191A48433158AD6A0DAAACC5
SHA-256:	3EC23B53DD019B6EED09FF630D2D4C347D1838E73D892E8F1AEDE593D1B87054
SHA-512:	EA42B37BBCB3EC7CE2C152F32DFE8D94D36D9517443388A52BBD2E87478D040AD9BC1734236B63710F750D41499B1C91B71BEB59E092A4DFA21DA120BC718B1E
Malicious:	false
Preview:	....N0.....@...Lt.Y._+..k/.1.(...J..;.'...G........`w.g.l...J..$.e......?^..T.j...."q,.&...}.....a........~.}=...hFP..F ...f.o=.[..\|h..j....8.<{]..ay.a.V.1.+..{4.3>....2....[..3..Z...}.'9.n....$.....5.9"..."..7~.w9.v.8$..dn.(.$..^..uG..5.%.p.".....OL..a..\.Q..5v;r.X..#............y...7..PP.U..........Kz_...6,.Q.Z.+^...Ab.R..3:.........q..+.ud;.K!..k...g..G..>+X.....DH..k..?O.......D....O.9......va.e...,........53'..E....M5..]7.#..~F.0U..-X.%.a.F.4j...7..z...G.O..3........P..ME..[....$..'8U}E.#..Q..P.ft.Fs.MJ.?f.e...\|.kP../ ..Q....Qp..H.8f..p..j..1Zi[.L.....=..t...;`..d..bJ.o..8..2..R'!.~h+}...............N...e....]I..$H`8...l...(X.3...Hb..!.w.mh..B.6....R..ei....n.....@.g-..}...m:T..X._j_Rc.T2.....&m._.i..`;..[.gP.].F.K.p..?.8_#....N.A.3.x..:+9~m..I.)...U1..fsj.....)7...V.Ld.}..7d'..C.....8Y...........U.....C8.j.\0.kx.."..-.1.b..y.\|..y. ......E.V.b.F..40H....V......m..+..}e./.S.*..Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..f

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3008
Entropy (8bit):	7.937378060075637
Encrypted:	false
SSDEEP:	48:BOL6JBEbuqfg+KzF4fem4HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTFA:cABaKhGAzDvXbzQnX/QxgSvrTuZmGhO
MD5:	B19C04744B1E3C097D5BC76015C8EB7A
SHA1:	F29E09F3B44CDE1CC445DF54F237F84D2D31516D
SHA-256:	AC3B0064ED8BD8C3CDEB4D635179EA6E55DAB7B5667DAE373390E22BB9B7390D
SHA-512:	313A79C89719478FF3220051D740535C3F1BFF01F8EE6BF7FB093CE68C925B8469299EDDF6C6223C00FF4672389EF18C8D415C3AA0EEF57C354EE9F4AE88F174
Malicious:	false
Preview:	..i.us.z.h.Qb.....c.BS.:.h_..FX6.B.c .O.jx..i.E..D...X.h-....{.a.oK4&....]..4..?.....~..E.mg..Nz......:.L..UdG.'..M^...j3h..m....-..m......v.PL.s..&..om.=.4....Gj`KF.8.......~~..\|..<.<(v.."o......+...\|...(q...N...g.{.z...m...F.U.[..0drz..{{c:..n~...8..l.$......9W.k.U....0.2\7..-.t;xu.ql.........Y'..2'......9}(yt......n.S."@f.....yt.Z.j.8%W.lK.....zh.."..}...).QD].rKy...y..[.'+...c..(....h.7....................4..!......-.{...w.ur.;TjC..t8.:..f<.8......$.i..+.Vv{......k.......?.v%@.}~#S.G\..yy.?1e.......}..L.~..L...L?>.d.b.2..T.<x.Q...]ui$........r.....<./8......F!U.WgD.wcQ.:.q.j...B.t.u.vA.Q....p.e0.......AV..T.....2.#.....J......k;[.g.....Ki..Z...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s*.0]...(..Q{P...t..s.+...

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	12816
Entropy (8bit):	7.983978451199157
Encrypted:	false
SSDEEP:	384:ZO9yQLHWke+FX/yVzXtyzUmy1gw6eV2zXbWP0ncs:A//yJGhymneVWK0n/
MD5:	611C1F74171D2E3ECFBDBEBC72B2F5A0
SHA1:	1369400B39A1D0BC5F6BE2FD8BB523DACCFC1986
SHA-256:	7CDABCEFD53BC10200953C9F46BD4B1B3B7FB49A0933CB31CE7FE9152C1A60A9
SHA-512:	2072BC31039ACC0D0F7FE46016E9DD2B176BA18654E2FCE308211CF527055E15E5A44E9824F8348B2994ACF1AA8BF4F5787652D03360736418C288C70CF11437
Malicious:	false
Preview:	..#W\|VM..v....-.....F..8._..d...P..98.9..'V..J..E...H..%!...P./h...t.oy..LJ..zZ.E......Xl"..O..j.......[].U,).l......J....+2)..H..OQ..=V..4..7%$.&.\|.{.5Jj.V..(W...Y....v6...p....=Y..Q.t...r.....z...]...L.Z....".._../..=.4.Za ...e32...)...H.E....2.;..q..~..A...[..Zj.....ZP.zP...y.".aO..Qi.."?...&m.h...G<O..T....zo...{....4...i(...."....j.b....o.........t..w.H....$..@.x.?..o.(.....E..m)..n...j>L.,..6\.........a="..............51p..:.........g.JR..St.....E.......k.....h....aw.M..`&.=h.m......$vC..-t\.e.f........N...z... .o`[...{..SU.).......y<.........fn<o.^........q-!.*..C..v.".\..y....;Q.X...8.{..w..=.D..4p........ii..A{u..4^....ud.gF....5{uJ.%.k.5!...=.khX.A...c..2?c4.sh.mU>...f.."}..p ..<.9....Q..$ve........-.hZ.'..rk^.i(..E.....S....0.H...O.{K.@LEEx.w].....l...^\02..B...H.~..J..5.....C/Uc...ZNq.A8H}..G#.l.8.:F ...tm..A.i...<.2..Q..........Ky.f.w.8..M......`/C......&sP~..W...s.-Q-...F.a.......%....d....s...Q...{.b.._.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	26736
Entropy (8bit):	7.993733631341641
Encrypted:	true
SSDEEP:	768:utMGRMo4wbEDKXpSvRF9SoY4Y3mfrV5T/4/dnz28K0n/:8NzqK5SP91O3mfrV5rI1TKU
MD5:	04CA2E57BFD55D258519784A876423EB
SHA1:	3FD33FD86B47FD116D655E255C277191A6C89EE2
SHA-256:	CB697793252580328CFBEFB1D6FD1DD329B97FE45B1E256538C62B5274557667
SHA-512:	D614D63ACFB7DFA7626508572B28898D5CC8364B95C6A9054B46794D21AC77D7577B238B70BB7DF37ECC3FBD4D87D5A999B63494577E27ECB7F096C80C8689E6
Malicious:	true
Preview:	S......o......8%8...zQ\.....Sl.H.h./..7..Il/......D...{....}Ch....!.zA+....A.2/.....7^.kSx.\V...\.J.........G.O,.........M...$Dv..n=.\..%Sv /....Gf.@.Hsc1.9..`0....h...WJtd`..o4...<..t...[.4..s.,..6...........Z0.Y.....".`.Lc....W.....J.&...a^.[H{..._Q%;.{Y._.nK5m.B:=..iL<..(.....X.QH./;.....Z.g.5Zo^....'6K%.w.`{Z.fe.0.V.O....X.........6LDq...K':eSpV(.R.x.W..^\|B...5.E.O6...,.t.t........>......JRk../.3.....G......h...e...M....n..r..@!j..ok..lh..^\|_.%..&.....b.)P_...7J.E.._...w.....Q.lOXD.0.k. ..<.....Z-Pe.\..8.X .....{..d.M...ns`.........M#.qFf....I.gr+}...$.4A.z..&...@.SO....\|.P...:-..2...[.E.B.F..g....r..a.F`.........Nj......o.$.Q..v8.._O/..u<.L.;0...F..v..J...t....P1....`g..y..Z.....:~...h.w...6.2.1kj.M...r..C..h...>g..nd;...:.6...7.p.N.hYq.;gG.......)(}...^.&...n..*]....8]2..._3.U.,...5...Ol'^.-]n....[......` ...f:r.:..D,..N.....,Q.K.2Z..\|g...D..r..._nU.L........e..i....U.4n...@.Al.P?.N......9J]..O.........GE..U#o............P......7..Y...k.Ut.F.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2848
Entropy (8bit):	7.936889417153609
Encrypted:	false
SSDEEP:	48:umAn2sFndFAbvml/HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:umFsldFGvYfzDvXbzQnX/QxgSvrTuZmh
MD5:	43205EFB9D4F30E94443E1968128EF1F
SHA1:	0703C4D22962B83208AC7C66D25743E744ADC2DC
SHA-256:	2C3AD2998FCB635C56B03786FD30A93070697A6F35E63CBB084DFC542101DDD5
SHA-512:	1852E8E6E22D8D3120A8E30A872E5310175F7F8527CF5B15326D3029FFF9E1EC753B03CD22A3E456DF23E4629E427E3312065D9D8128BEA30AAF15E0FEECDF6A
Malicious:	false
Preview:	...G.q.)h.gC^..V.X....R;.&......hF?......J.6.19......a.D.g.T..D ..W.nn./oxa{.\.....".(If~.....O..7L+...)...>....IrfL.v.q._.z..!q...lIf+rr.X.!%;D..cx.D..f...Z?..~.."..kg.....X.s.<r{._....y,g.O).....).s..!.gf...V.PU.h..C&#......?.....?_..........5.N.h9..2:... .................w.]Wi.YlQ...@..TS.......}.{w21..>.h.@3++..@l........O>...8.t.G.q+.PYRG}vn.f'.B\.%b....tX.<.FX.......-......H...9..i..)..."p&..:xQ.<..R..^.6Fj .l.g..){..e."......3....]-O5...j... KS..r........^.M(.2.....A..............j..N.S...}..8j3...7..7.0..~....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s*.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII..

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	17040
Entropy (8bit):	7.988167072588142
Encrypted:	false
SSDEEP:	384:qUQana3Rp3bt50yMs2bvHSXVvOkNngdEx0c2CNVf6WDzXbWP0ncs:qnaaH3pmyMRGWkpfxHNTK0n/
MD5:	A24EF24B088EBD62057C8C11142FE0F9
SHA1:	719657995824ABBEAC5AEC839BA32C0F68F96F48
SHA-256:	96380E821DFAA07695157ABA25B4E587E996AA2C1EC6BB149C5120B14805C87C
SHA-512:	B42A9AC926FEDC3153E73C42B454FE883352D46EE993847C09B0AA90F770BC9296B0625AA5621CB016433B095BCB222F79BB237ABA22082A0197919FE0EF4DC7
Malicious:	false
Preview:	..q.H..._.P~......R"...T.N.Q.d.>../S?..u..?..=H)....37..h.\|[.....(..........a.H..w...#<<........B.Z...n.O.,..wY.K..6.2.....~.........3....:+.n......y..........nq..+...u."..FO.E%..-...Z.B..T.d.h.UP._...0...x.:..3~..B.dO..;...y`..wcdi.mZ..i.#..AP` .#...V<....C..r.~..f:.p......m....mr{...........Y..R..K....V...z.......3{..A..n.#..#.=..2_,l7BO.. .D.0.$..?y{!z.!..d\|..B..r.nh.c..v...-...40[.........X@>..$.IQl.....D.a.]O.Ca..f..f..M..R...Bh....>HK;.....Ps.D.....x.z(.I.T[....;.HC....r...N....4.cN.-1...X...Wh........../...S....9f....}.%.raX.(g........?5..KA..g9+...j..?....Ux-.&B".;..I...Q...r...1O.....j.H.L.'%....m...8.n.=.........c..=[...iI=m..~8A.>.u$Wc..O.......... ."<'joZ..C.ls...w...d.._.a......{..\.s.j../..b....-..j>...D....R'U".x..LD..5....7...z..cs..8...q...0..O...<Q..}....\.......lly@...gp...#.[...c..0> 8{...5..jx...y.....k.e...0+.\|.U.j...?.....J&rR..e_\j..Vle..*....Hd..A...x4..%(g.......K...:(......N\B.o...;9.)..4....37-,

C:\Users\user\AppData\Roaming\Adobe\Acrobat\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Flash Player\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Headlights\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\Linguistics\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\LogTransport2\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Adobe\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\AddIns\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	336192
Entropy (8bit):	7.99955349129961
Encrypted:	true
SSDEEP:	6144:kw8IgkFsifiV7ni2BDor93GYITwRWln1CP/cTYfzfLuZzwyhYryDbAcfFsamKjL:H6niAEJWBmoQ/yqIzwyhY+DbBLmKjL
MD5:	EDD8DF9A8003929EF86DAFC243DF2446
SHA1:	62F026A05A9E37312D3AC7FD625385AB5523F662
SHA-256:	030A28DF60267EDA44DDE90C95FBCB38F3936FB08F31D5E68F46FC554FA71EA8
SHA-512:	BEE38E051C6EB1C93382B2A474393A885573B6860D4EDBEBE833E889DFC6E09F063F1CE6322544E1CE34B0B3B581B59CA5EAD6B5101E757535600AF281717291
Malicious:	true
Preview:	6..B....>......f.Q..A....%.k.q..............&Z[..`..N..\...+i..k.[....~&....lY7.b.M...\|...i.>.5.\ +...Q.!........-O.f.;Ve..sG-.qb.s..,..r;.w.Z....:I.Y{J..O..<..pN.5.=....b.}JV...~H.{.......T...S.eZ..........i.M...4.<.(W......X".D`.. ..]T<'.%.....{...%.6.....r...nV..Ks.Q}#.xS...7/r.....)..1..1..LO......4.f.[X...?M..w..8J.]JyCs.......1.Ct......\|...,6. .....5.]..y){H.....a..-.'c....RI ....NPa..._j...t...m.o.&8.%.R..........?.5.eil._V..mvR.@........{.....W....A.,U..Q.}T..+....M.x.i~nX7tm.W...j.........)..l..........:.lP..H?+..M7..6.0&.V.zm.V.yt...d.V......\f.(.../...Z..h..8R.<v$.m.y.d.n..B.....w..!...L.....u.B...........GA.l.@O.?//.m..1.....w..U%.v.......?....j.....v^.f.......K.pBya&.....'.a.g.X..-I}.x ....,..8.8.x.x.....O...#l....0.y.:7.X..(a..q....&...h.h.8..\...4.d...j.>.....M.i.U.O..z...9XH...RZ..X.0...iLO..t`.......L.[.9.....j4.!.....&.NJ.jIB.V.;. ..........8.F.....v......@..WR....V.T.r=j.t..FQ....k4....lJ...aj.{. iu....

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	299600
Entropy (8bit):	7.99944873767974
Encrypted:	true
SSDEEP:	6144:qYmRSkt43TLIs+izOJaOYkGlCdh6fnhB+pQCloVlkJJyqKL:qB8JDLIsjz+T5uQhsnhBcQJoKL
MD5:	37038E766AB59FFC00ED94DD17622687
SHA1:	A580E820A01EED109E9BE9457BFE385D21241B3B
SHA-256:	B6E26ABCABCD4B64A101457E63703848288F7B868A20C6D42BEC1A6D1C83EFDE
SHA-512:	D3084E8B6E097B4860A71F9DFB4FBAE9FA319C70B2E4872A1A470B8C202B5C82855950892C95FD0C0E37B6E4D2A13E210505BD48215EA830F9B02377B3874A61
Malicious:	true
Preview:	.E.5r..,...p.\|)!24.y'Z._.Uc.+.f"i...)..........NU..o...@..N....o7...U..'0.....Da....._H.....I.k$1.e.&.$31...-......+.....>. . w[.......'.H.......M.....R..{.B....."...".GYT.S.........~..XN...Y.'].5.6...5....6(A.(..%c. 42!./L.yy u....R..w...H.`....(R.6=T.K.Ej....!.6....N...N.=H..,......E.r....+.....~.....q..`..f..6D..?.q.....f....M.3... ...J.#g. .........h]Z)]..\|...Fj@.l...!:..q.v.nh...i......n!.az.o..)>f.T#t~...d...z.B.Ul...t.5..........G..og..i.V..[...6...c^..%.T.{.....qd&d..Kh-?....................kK."...q../.R..# {.v..p.. .mgj..8.#z.x.............2h..JU. ....%r0....^h[.0l.....!1....2VY..\..L.tV.[.5..[3w.Y}...i.G&...F..T...Q..M.]>....R0<.Y-...X .W"...."[O@.L...3o..L.d...i....Q^...F...[...]..y......:0jN.c..Y.}...h...x...^.EV...VY.S......M..v.g.{...C.+...^..e'.T..e..c3xq.].W:+.]..S2......a...}...}Y........4~..~m..?Y...8..[...b..5Q..]l.K..r.H\.#..Z..<.....}.......M......A.T...0..7&T........&....:..<..mr` M.@..o....5...M.$..&."i

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	271248
Entropy (8bit):	7.999300250172361
Encrypted:	true
SSDEEP:	6144:lyBu8Ec8k/VBoyOXCYsn8b38GAjyB9bwKyOWJ4JjRZbp8AMtiYiL:EBu88kpGCYw8AjyneO84dDbH4iL
MD5:	158AE354AF1CF0688D186BCDA22D7C7C
SHA1:	53A05CBD6FD362297E7DD2C0D2D6D67274E5D65D
SHA-256:	011D24C27D5559C493039F27E9EEF022A56FFC9F0D6E0A4366DB6FFCF9A66070
SHA-512:	0E73BF27D4B4BB67D9CAA14D4268033BF98FB7A984B3C29D7A4453AC25F7631AB508A88F49B1B27EEF6A8BEC366BDBED5DC58F68ABCC61B43D1853D15765F9C3
Malicious:	true
Preview:	..c.....$.].`O~...._KS...Y..N.>P.\|.....n....p.......I.....K...........!a\|P..D....2....C_.P.?l.]..........\.+.G.[.-(..5jf....E..r)..vc....j \./"jZ.......b..1V......($.DN..;..h.{.q.(..Z.j.0..^%.S.>.D..4b...g....>.;.....p.{.........d...q....Z...U..8...M/.....i.a78..e8..U..<OC+..`D../.^r.-aU.....b...9.tF^...aHc?...?#.i#.. ...b.~A.k?.M.Xd~f..8y...`...-.......R.`?8jcy/.>.......c..i....)...g.x...h\|@...`...w.L.....k....m.V.5#.%W.8. .....Y......3.7.n.....;..8..\(......>.H.;....R...I6..d..~w.f.#.Y....O.b<..z...@~q.+.9..@..hq...c.=.............H.T...)..2>.w..lS....~G.k.C.g;..5E._.E.9y.,o.pa.M..v.4.[~..W.>...<.a.5.=.=,..-S.X......=.[>..\.~..g.70.....5x...6%/1.;.........9..A..x3r!...z..w.Q....1......Op$.>........qT.6X.[..S..m...'j..8k.Q...2..p.rL.<.....:....!...Y3v.Pn."...(U....D....j.x..+..C..?QC.9..1&O.k..dJ.Z j...i..6...I./n-.].L..K1.7..1b..HQd4....^.c.(..?.....D..&...8....d.....F <..Y3}p.".....qo..(...[3....s..mv..i.hW/.R.d5........

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	258944
Entropy (8bit):	7.999226728161431
Encrypted:	true
SSDEEP:	3072:wuNUMTQsef12M+2H4krgl49axmW1WjwWvV4+a88PAFXoPf/Xn8rlKOiQ+HoN+IUy:7E2hcXan+d46Xq/XqlUwwSZV75QgL
MD5:	E245EDA5D482AE61D54628F59A2FA9C0
SHA1:	8E19FACD4B602EF464D247DE264187D9CA113EA6
SHA-256:	710A67D7F4E29CE0C1066CED873D69AA6AB6A7541E928316D55E50E488410F21
SHA-512:	9E4443D56C4D273027CC58A3540CED475D94181CE021E1ED98E5FAB2FAB8D873D1C5E46336C7591EB1B057A43029D72849541056C24F60FDF388C77032CC258F
Malicious:	true
Preview:	>....XO....8..._.z"..KK..rD...j./"...+...n..tG....=`.1..r.`.x...19.ot.@..bE..N....-.9..b.. zX...a.-s..2\.....\l)[..z..[\|>..-.........Z1.A..M.D.=...Ay......t.R..wlX.....NUk....\a.G>..o.....Xv..T......u-....E,.{.X.Kx8K6S......)....e.9<..../.....2..+..#.3....E.q;.[.....,....S.".........=.....w..m.f}K_.x{..'..t......!..$x..K?:..]..]z.. ...N.....W$.}....k......$../x.A.a.k..<.gz.....9E.a. .N.kY>..g4^...{....,6.{b2.VJ......./.A...Q.w...;a...l./..c=..M....0.......z.....Hr.{m.y.>@.i...j...x....]+P..@h\n.s.Z..R.OKDx.$.........gD..r.......6..K...?...k.n.q..q.3.NL..:.A........^..}..c..bg..x....6lP.1#..<P.N..S!..v..0.x..ki...N..M...-.4l.ot.w..i...H..<.D....6..pic.K...oP(.....#.\|\s7.p...sn....01....03..............e.C.~-v..M.s.....)..%..K.....fj.x.v.L...V...9....d.\|..qY.......!f.m...Q...P.BD..../.......vP.(.s.+c.it....K.(d%.2....]g.d.....O.:..$.....O...r[..Hx.9..]..U.?c0).R?Q..Q..U....d....?m..:./U..<.okK..w.K..qr....lx.p"..Y.q......p.w.@.K,...(t....;

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	254032
Entropy (8bit):	7.999245734638632
Encrypted:	true
SSDEEP:	6144:2xVc8SanGBQfeX3Jb8sNpS4IUoN04w/451SG/NPntyL:YcEnNfeX3+s+RNtd1JnwL
MD5:	CB853951C4F191F332DB30AEFB125ACC
SHA1:	ED0C85A22D2C7E78E719944C0DB3D516277115D4
SHA-256:	C34625405BF57A6B3336BA041E228678E1F46586BECB02B378123DCB67A5DFCD
SHA-512:	17ACFA0C3395985FFE46496A9F9F561C08DD836D8CC2F4994914987C4FDCDC6252089390A71C7EB4E2012E14879E387D1F5F6B8D333C457F14A5091382E99FD9
Malicious:	true
Preview:	.!g.0T......2.r.W..2(IL..# ...........z.D)<U.0....7i....... ~.;..bht.....\.H....q?]^o....8{.....'...>..iX.*y)...I6......q.Z.Z.../.\|J.'..^..G'.W7...NG@..3 .uZ.,.@.^.k.Jd?W.z"..s..?.V..g.-....e.L8.n.l.]...fKx. .O.<pY......a..K"...O...'R..8..^...g3!..n..~...L>A...y..L..H..T..(X.4..I.\|........'./.Bm..lr$.n..jX9.f.M...3........4...^R.;...u......eeP~.3...1.L..^..j....j.;.H<....:..(_/.....N.@.3.,'N.D.....L.U....]..,...?..y.MB.7:B..%X...........7..=..f.2.i[2B4..J..-{.K...q..,5>?.w..S.......p.....;..K. H.4.e........cA...nGE/s''.=...Br$..+..eu.f\|.........vJ!.R......g.dmOc.8...x.1n.[o...v..O;......]I...qd............0c.G<.y.p\|....dj..q-.k.._..;..(.^.P.\|.pAk.F.............S....CJ...0..[....H......-...ag..^=AjB.i.... .S...=S.E.y....x..#?r%5\|...>.....m..U...J;/..!....).l~>`.... ...$..l$h-m=.4.^.".g..18.}`]R$..V@....(....f..:...9...a,/..6...I...........t....\.4_.E..i&P.;WD...V...$....`..v<e.8s.x.......q.v../.0,n;..[e...=8.R...71v......+....<{.

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	287392
Entropy (8bit):	7.999423178540531
Encrypted:	true
SSDEEP:	6144:0zQWQOk/LhGFQr2+KfJTLPjdPEGV4r8DzY7ECqoIx+5L:7WQOk/L8FQ2x3hJLzYYCqoIxML
MD5:	C72591384B7C853914DF556E4C2D33D2
SHA1:	39D3C05BD34CD97006FFFC38FC6A53C35268565A
SHA-256:	37B0707D762417E0981989D81376200E32FDD4914E725E57D4646204F35DD074
SHA-512:	038C007438A82FE4D88632A2FC6DC34A84FF04331A7441323BE5D444406B78881CC9E93E3C8DF8881AE1F151E6FE8F78D98DB57C951CC0F4D0E192F1D0FD8A3B
Malicious:	true
Preview:	rn....}.....y1....DR....p[6.5.H.(..(......+....i.......8....M.U.....`}^.P.X.;.b...fx.!)....T..wm.".1J...).<...,......NG.lN:..,...&.....n..Y.........l..D.U.U.A...[igk.P.8...Px...I....Gm.n...;..j..?...c.2..B....>..o.^xw.R.>...5...pA~...n,.~....o..?.-.AT.@....]...-.@.'B.z.F..q.o..........6"^..g_a..Q.X-......)=6...0..=z........U+s....-.j...:.[..@...tH.."\|Z...+X......a..........0....way&h..?.v..-.....u...l8.=x...3a(......yT...)....R(S;4#..:.^..5{.n....Ho..@.y!.!(.........ub$RX#...b...Z..e..M..i...4.!....^.A..[.....5w.-..m.......,.o...wg..ypB..r".....Y.. .3'....6.......[..>k..c........W.u..wwwB...G.CT.....P.3..7I.....3.A.....\.Y..9\..]utu.F...a.p[F.r.H.....i...).~..Y.jT..z.{.9.....;..]......H.....n. sF....b.+t$..W.l7....8...<.........%.b,\|'r..Z.+..F.?.2.:....1.Y.....O.'.Jq...w6!r...J........b...0.4CM~..Z;..26.....Z2.DYp:k...)t...o.....}n&\|.t....(...TD.pe..C..*.H...... ...Ql-L...W!...`..7.xE.`.....z..\|...AK.......I..K^.{w..O.QN..)o.1..I

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	297104
Entropy (8bit):	7.999396038689258
Encrypted:	true
SSDEEP:	6144:FpYWUmSi4MtczMK6z02+BablGKuZTPRjI05zNu/PAkSCsdL:cWUml4R4KY+B4lGKKTPRs/3uCsdL
MD5:	F9EF2A2F1B3C0410EB27B1A3C773E8B1
SHA1:	23649F93B73B024668DD82E0B8896E25E04174EE
SHA-256:	27F8C65253A48D7494819A8BF9917B2B79055472E09EAA652BE43DD95DC5EA34
SHA-512:	EE541A90F66F7ADF650F50C09A1DB0C171A1997DFE3B1EC27F0E2DAC4C4E74557CE63B1670E16620FB73337CEB4761272DF1CD63356EF1E18EE00319B022643E
Malicious:	true
Preview:	r......+.M..........7.Ic..I..8.8.+~..-(u$N\|..].E..B..Z..L.}\Q.K~..;.......\|d..4......n....,........._.....\f.....7.a.~.g. ..$...W..!.]..y........;a..2u.4]'.yE.Y...F........z\|........E`..Xs;vE.7(P.#~,.w..!c..."..\<C..,[Y..c...;.LI.. .c4w....\.qp.?.y..U<d...U8...0D.$.)......7.n....\.....].]q.\3.X.l6"9`cp.>...:......)gHj.# .T....@yp...c.....Gu.z.G}.................iE...7p1."..a.M>\D.U...wr[.V ...$....g.u..:....U.......=A.gD.,... ...am..[...F.(D.!.._..y9w....E^.H]q0.n...f.Z.X.8(.".UAn.+....J.~...d[....7~^S.t_m.=.......l.n.m...n...0GBg^..M.T.X{.&^.rT...oR.w$=..e....g.~d..^i..Hi!.\.;.7...S...X...=......4...$..jc%.v$...y+./]..3...<. ......vi.9X..SA...............G..].c......H..}..Q.mx{..<.u...H<..=K.$....S"5..+.$5.0..]..J..@X..H.$..1.X.r.,......gv..A..w.;.%)..:..}D9.U..R..&.Ut..E.~.5...q.Z$h"]R......U$\|Eq-....v}".k..N.p./..l....6.n.B.w.d...../;u.xU...G...........O.....o.j5..D.(......t;.......G....k..\.=.......g.......1..h.aT......Hg.._..aoF.@Y`.:

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	273232
Entropy (8bit):	7.999326008210098
Encrypted:	true
SSDEEP:	6144:3u3xHLbuK/C8M+aG7OgHzPenpsw1qo8ceDhucL:3u3x+K/C85KmCnpRclcDcL
MD5:	EB9B1E4DEEA4C43D0D3FBCE040108D86
SHA1:	31A81F61BFA4EA518117CAFF97135EEAF2F8C834
SHA-256:	ADC87E42DE1C582997960C146584D32466A1938C53B10E3DC04240CEC16A7EF4
SHA-512:	6E907439E47DB0D932DD1462CE3BC758A95326503E600677577A2D1FAFAAF7F5B0C038384F06C5356F7A8BD76DC15612EBA5FCCC13E0E43B28A2DBD1E4716BDA
Malicious:	true
Preview:	`sC...(...h.R.r...q.q...\|....d...m...Y1.....(..5QBDK...:2..Po...l%^R.rj:..lX....Z..C3"KUi..}=.D.K.J....\.Gli.i..3.:..7..\|}..[.....m.#W..b.X........E;.]..X.........OJ.6..t... U.h.+......z..%O..(.Z.x.D.D...1.%.j[.&K.@g<.Y.6....F...B6.\.&...V..'...@1?Lg...y).. ..D..0.....4....3P.D....l4...48Y.a&.{.F.F.7/c..-.oY....R<.g=..t...5.eN...c....f......i.>[o...R...i..0.].J+.VQ.e>\......m<.eqn..q......{..T......}.)b..f.".k..?.......s..:.M..G...l 5.II.?W...:.....3}st.?t.......PF........... b....9:'.Pw.!..9.C!.5.E..!.@...$...\9O...B...x.Y,r..lPWvg../...................+.A7..cq.'\.v.V....9.\.'g.SO....cV...{.,;...........=.jTC%..&...}c.............[R...(.4#........YOH...t.1I......?.P..w.LN.{!....%.....1/.B...V.g\|"..A.]1.....hC[j......!jj..7....9..Z\..x..Z.u....xI..6B...d.G0..4&.Q.^F. ...%...s..b.j..I..{..UlMi~.......w..E.Vh...2Z;....%.....O..4c">N.f...N.P@..x..wr.<.X7.....wp.....9D...Q. ..\|....P.../.2<!.....&+....i6..A....g.x.......86..K2.P*$...

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	220160
Entropy (8bit):	7.999238382755826
Encrypted:	true
SSDEEP:	3072:r8tmZ7egbS9CawKqgr2LU3yr+hAGu3ihsKjmDy8A0VLiUFv+Y+QgM0lKGcfMYZ7L:YI5Stw0qU39OGuuhjKtxi+vIQgpKGmFL
MD5:	43B648A506A58B00E7DB4BCC99081B90
SHA1:	F3A972233F9BA6E60803AB087F563050A2EACBA9
SHA-256:	26B1AF4E6FC5E9213ED3783812F84108F552792D4CF5DF09AA2EA20ED7F7D1A6
SHA-512:	20903E93014769189D995E1357FEA2377CC6A3A95FC81B6073FDB6D621215072CA5C4F75B60C71CF999FCD52C5A1CCD8F96335B2709D865CDE059E10B70D8463
Malicious:	true
Preview:	......#PR..^N....z..!.M.@lg.._....X...\|1..b......^..)3....%.9.R..K:O9.6...tqv4{..... 4f..[.w@......S.+.:....l.mx.0..v.....p.X..iC6/).....}........Nw.............1.....r.......C#..GW....CZ.{.a.....k.&...p]c-..LC.........\....u.....tM....Hx..X.....lu3....~.\?T#$..2..r.%?....f.m.m.....#.Hp.UD7.5..~..u.....ku.ghSD.8;S......@1.....E.So...aO......^F..A[......3...F..a......?.....P....o.p.t"v....t^...k..^.-9.9..n....."bK.A>?).....@..+.~.a@...o......m.F..)r........PE..B~.S\|..3.M.~....K..$.2..4...%>K.]4.)..Us-=..}.Bj.Y..Y..+........t.;.`.?"......4..x...O.'.IYcj.....Y......<...*.uhxd.x..s..3o.&..Z......C..r....../.)....Z....<.>3....w@".1\..J....E..:.3...:.I>H. .cm.6..i>F.......y~....3. ......OR......u../..C/o........0.i_.....z.K.e.....&..3.14....0...f..:0mZX!V[.U.l..h..N..-.g....Q#.=.vm[...P...4..t.......Ra~.8..H.W.l'.,,....R.J..}eYt....\|...o\6I.>@k..+7...#T9.82...Xh.b...I.].v.g6=\|.P..6.e...+..:...6../...Q.~....:.f...PA....^Z.v....Z..J0M.K

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	257808
Entropy (8bit):	7.999237222089416
Encrypted:	true
SSDEEP:	6144:l/IYU9cBC6Tn4iPCvzje7QPkWPX+cdI+WnL:Z7UeMjfePWGcFGL
MD5:	E53FCD0526DF1886CC232A41A31EDDB4
SHA1:	87D3CF95924E6AA2950CEF7549453A76FB62A2EB
SHA-256:	FF9235D2F6B1DF95A8096B2B7E9649A1500F93312F89742AB24A4601A2D1447C
SHA-512:	FC7B5F0AF7E6F882EB7A57A0D54DD546C5744BD34C00B9068091E445B0E64CBB1335B9FBB8E026D2CD5F9AD011F36D1106321B486B69D6420A993E402AFC7D13
Malicious:	true
Preview:	H.Q...&.)....g...F..S.Ph.9.=...i...5.........w{f.k.YZ.~.........H.O..Q.H.A5.w.il..oO..e;5.....5X'.b.msm..p..Q..!.$f7..B.h.......P...2.&4...)..h.H...<(\U.\..K.4uz_...)n}=~jpCF..S.kC.-..O.Y..{.jYF9..(X...<..u(..J...>...h..tO.....Yn&U...)...F......kM.f..\|.K(.......,.".,T....X}p.#E.oq.'dw..O..u.T,.0...V)....N....7..".SL).V.........=%1..>3..+...r..L.,v.U.......x(.......tca.......3.^..}._.]..w.d...~.".d .....n. ...w[...J...j%F...K.....R.Xw...O".k...QX..uCd'.~3~E...nhQ..b....@.Tu.o..P4..60.......X)L.W7.i...-]2....o..>Q.D.S5.W >.8E.[[.2V>........M/.}l.......e..t..@.....+Y.G..C.<......O2:.......X.BN...n...gz...P........;...-H.[..(.......zI1...t....Xn.V@..>...........Oa"=5g.xu<5M...Y.L...k;./...%y........d(2.B...}.."......~K.......^8.."...J.9.Y!..y..47Z^.G....i......."{\|J.`.Y8.,....\|Tr.%...-....9....;dq.[K=.Z]...../.f..R0...C.....-5.8.b=dp.=.i...K..z.o..a^.......bcx.C....q.ye,.f.....?.......0..D .&H.Tm.T)...\|]..Y.@.a........9.z........

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	253920
Entropy (8bit):	7.999250074069355
Encrypted:	true
SSDEEP:	6144:L/IYARym8d91HJrfezrbT86rYfhFWAqzmb/QL:LArvAprfezrcFfhcAamzQL
MD5:	8FA9E4E9E08FB3DBF1A45EEA7FB3A40C
SHA1:	7B4FFB6A59CC35354EED6E992C50DCD74EA26EAB
SHA-256:	9A0DA02A8671FAF30BCF2C8D40B2AEFFB0173EE1DC711E351FCEE82AE3FC71D7
SHA-512:	56FA91885BD2065E0D2A16EF96293899ED9BA68C17E6AF2B3D27208C127EE019C6B8F11431C9553704FC87401EC7BB16DD0FE57858C24A954C189D86F4291CA0
Malicious:	true
Preview:	...j+s...........skg.....[.V.mv.yT...e".\.....nJA..(..a[-.Y...n6..a....\z).......#E...gnE....}6..oz.t.V.6..pr..j.C.....l.n._.#.(.#...J.Kv..EV...q.L...z..h.b....:..?.).U...3..-......v..+]v......a.Z........k.0B.'\...%..p@..Sp.d..[.o.(.k..C.n....Os.. '...#.L{n..)S]..Z.$l.M........e.....X..E......r..yaD...q.d.7.x:.FK5Z...~..W.=.,..M.e.>.].f.UF._.]..e.P.^n..A...i.=......4..b..Z:........`.m..ObEY....l{.Q.LpO..4b...r....?G ......=..4...kM.^."..$f#.....a^.Ea....bZ..i...,..o....hI...nD].Ci..s...Z.8......E/^..hp5..&Rh-....F...\....f...6.{...&aV..S..im.....F~.r..:.n....8N...3......E..v..f4=.h..._.s..&k..3..n....u.en....B..[...m_?D..R.%h..G:....gjl...#...#...I.gN..P....<......L.I.8.I..Od.........>..lQ8Wm..h.......C2i~...)...t1...?.R..[.iajG...rZQ$#V..C#B.I.?4..{...?.w..t....[F.....~........!.......a.......W..._8.J\5....),..:^#.......q..cY....;..Nc..T.d..z.R.hX..f..kX.....X.Cv.....cH..aW..6..{9.K.Y....@1..b.~.(~....#n...P.5.......w....

C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	347248
Entropy (8bit):	7.999435503961594
Encrypted:	true
SSDEEP:	6144:51zzUVkAGoVOg7cQrda2aK0v4/jPvk/wky10Vjhg6pNS/u+rmKyYC+EhL:Hz4KoV6QD0gcwki0VVg6suWm5L
MD5:	2B468373BDD80DC7B09D5AD5068B2777
SHA1:	05F8F8A38FF14C75AF63DD36D7B7C3F3443A4299
SHA-256:	B648CA6781E057B84C79F939328506C02489D42C65A14A7089A1AECD6C328DAA
SHA-512:	1D6EDB7790BCA54FD8A07D1DEAAF3F1C7A86BC0D5B79BF226CBE837774CF1F5FBAE2387F5E6013DF073B442AE8879A303CBB7A28E74118419709DF24FD28D566
Malicious:	true
Preview:	.B'......R..c...(K2...Z...y...\|#.E...=..?f..^../?.F`mV......t,..X...e.\mZ..L.....?X........g..]$...=.na.......l.x/.x.<.`........Bi..v=..........t._..'h?.V.K..%:...w...'6...c......x>.R....N'ZT....'6E....@F....Y...u=.k....g};{....Y=...."......?.`.K..s...Q...12F"-........x..".....?....8...b.........s........z.^......f...M......{..dF.\|\|(.pa..+.......9.4i..`UJ.h4...j.C...%.RD....U;r.....2.$G..f....f>...%..I.\2.T&.pb7PJ.`1....3]2...lC.~..s#.d....M.\|./..:....Y.+1.....H..c..5...B..~4.;.4.?...p.P+...rM........C..=."...f..C.3V..CU0-....M.s:y..b..,.Y....Q.0!.q.8c.B.>...].v._..x.".../..t..,.Gk[..<.....]@...\.d2)..k.6.....8z..g1.i.q.3S......M...0T...1/...9.;.@9...b.1...>.f.s....6..b..^.....V..?.v>.u...=..ZA...1...?.lux.qs.(n...Vr...y.W...Djm..]..P..lsv\|w.......0.m..*\|.t,.7$...d..IQ..'.s..>.D..^j&W$.r+V..(J.@W.M.^.:$@.$..Q..0....K1.G.....K.....Pe..p22w.8.h.C.%.B^.......b&.=...4.H`...!.r..-U.i.>...=.3..Me..\.....\...........}Ia.

C:\Users\user\AppData\Roaming\Microsoft\Credentials\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3708631
Entropy (8bit):	7.956059925303717
Encrypted:	false
SSDEEP:	98304:LzCxGCUY4FfJLyrkNEeEukdHe3mBQlqgNsf8P854annqjGaGahPN:LG8C94DLikHbkdHe3pDsEPuDn92N
MD5:	611115D61AB6DE4293735B7C2AF6E4C1
SHA1:	0E452104B02ACBBEE2AA248ADEC0B28CA8D8DD10
SHA-256:	41A9F2B7D1C9DE4E125A380D53CD33781662FDD976A1604C6E74F789188411AA
SHA-512:	2004758E49639AEFDAB1793C53CB323AF3032128011606414FF909204BA0DA56E539733D339F2EDDE7BA1CA388D868993E9FCA134F4BCEE8363E541E28660999
Malicious:	false
Preview:	3....`....d.\5}y..w.6.T.\|......./.A.....i./...+.H..A,.O..."D..F....y(1.+.......g@.Ci...,xu.zt.Xw.ib^.Ue....$..[p.(I........f6...KzV;.M...=....'..%...+.V_..r..D.h...M\z..'....iC.......`3.&Z./......i.....,.#..'..Q.o..C.... M....b7L.....y...A.....i..A.h.u.."N...8i......r.D.....9.t./......'.%N.F..l..@'....I!.+.ja.,h..xwT2Px..oL....v.WO.h.....$.:93E...H.i.#.I.......eOi.4.>.s_D...O)C.\3..@...^p?L..om.w=..tR.$.T........?.j....".....X....."".z...."(.eB..y.M...Fz....S.].>...................yD...~..jrF.P...q..2..iz.9.....w.41.6.s.Y.P...C]<.!5......C..\.B....(&U7O.5.OAv.tp.E.\|.^=...th._8'..#........s.?v...........9EN..s.u..4..~>Qer..>.V....Zh.....b..e.t....m..KN.tS..O...(7h.....5xf.."....-.^.....$W..Z......S.&..L........\g.....o.p........aL)1IL......y.4l{..o/..A..<.lx.7......u..:....e...E.i..`.+..E....B\v.T{x.f.xe.!.Z..Wu.:..D.k.......A(.....&h.....x.9.aU./.<....:...qY..5.(u?..].1.t.....[U_Ak].?..y%...Y..%k.-.!...?.=~.K..M.Y.]?...

C:\Users\user\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Document Building Blocks\1033\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Document Building Blocks\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Excel\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\MMC\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\MMC\services.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	96160
Entropy (8bit):	7.998255279863886
Encrypted:	true
SSDEEP:	1536:+XYRYjFKCjsuHpp8lpXZmDqg5bVf4QNLFnQkA/iybtWM/BF0RGNl6nnKU:8YRYjFKCjsip8a5lBLFnQJFt5BF0CgnL
MD5:	2CEF96B147D0000338B5E8D3B664EFC4
SHA1:	F07F699D629A464C80F4CAA3F829A10BB2E6956F
SHA-256:	0C85A1532A44148180021C2E2BD0A97BD916F0CCDEB77F8DD7CA86D5B4353DF6
SHA-512:	A4CACCFEAB1C6D68B57162ADD949151C64E624B0D09F83DC60341CAED04FEEFCC1EAC30C400BA6C232BAC6D2F186AC33DFB8D27985C881BCD776E9770F2DEC89
Malicious:	true
Preview:	B\|.TKi).H.j...R...T.b:.5.=..Z...nB....(..q..,.j.j.. 6.e.&...0.&A{7f7..K....K.E.>.N.F]A...q....jTI..[...(...D....#...Z.W'..U.......g........y...n.;.....n...g5.e..]W.y...O`..E..<o....bt...a..=...bb.............-..~u..z..0l)l]...+4....$PmlL...0...h%.p..U...`5s....5....lv..?..m>...ja a!....`...du.D.d"Vyq..7.P..x!.g74.c.<.k....0r(8Yy.<.VD..gKx.c.W...'"E1..%...>.g.V(\|/..u.....^.Z.}.....\|..8U].+....X..`.p.\...m_.o.......l..A...E........:b[..67..L.....q.. %}a...c.+j}.....I_......^....r...O..Rh4gKE....w.....yQ.JA-g..H=..A'E.^.i..C;..s..j.l..{=.S/.UM4wh.....4OZ....K4..".L..tif.f.......\|E..u....2.i.......)...+.. I.\3..6.J....K......__.<..\.q< ..~....[..:...............M..../.;g]1D.S.....Z...bu.S.v..:.UN;.......Q:.g.Q.Lw0.M._.>...E.....P3y...Pk.U.....=TTTD.....;.\/...&@Vj..Z..\|......Y3.Z..4..w.+.r......'p....E.....-l.<Pwg.w2.^.P6.:..3.~8.7n....Z.@......z:'..u:...j.r.q...2wp.......X.,.H.`u[......X.R........rC.u...1......,..y...-....Q.+.+.....m..JE!.Z.

C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Network\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	40320
Entropy (8bit):	7.994491915709473
Encrypted:	true
SSDEEP:	768:rTFhe/RE215tR1LNgFQikGB/FsubB4IuQyIhMAeHiINkTK0n/:rhh2RhrlguEa4kahtYnN+KU
MD5:	C43A83D9F84F0C11A58072D1BE1E2761
SHA1:	24769A5F3B355A60DF505019056375D97C916CA8
SHA-256:	C744D6AC7C81D83F824D01988EDE42820B8DCC5FC3001272B15F7019A02504C5
SHA-512:	FB1B9BA37C0A34C2C0FB3F66DF32EDE3FD447D46EECCFD908E84C5D2B3862A3BEB1EF25F2B06BFF911B60BA1024FD99EE92F5789F01BAF968B0835F6AF01A488
Malicious:	true
Preview:	.ns'./Vd.../.<O......Lp.1_.X..B7..-r..w..A..\|../67P[}......{.<.....Ma..2...3.S..EG...r..%..8.....c...yV6...U}Ml..;...:.N....2.v"....(I(.mW.~..+...R..P.$...PJ.]..W{Yn..J.<.r...~.@hi V".pP.a(..\|D......N..K5F.W.nS.C.C....=..e....Y....o>.5...$...i..Mo.......)U..E2e.r..7y.z.D.x...~...`.....-....I..,.E....n?L'.k.m(...?.]nS.=.b.[2../.hd.}^....[-......y./..n...S...@=~.pO.(.:..9.u.O!.......R.F.l!...Gd.E....S..`....Se.D.{,..WC....O1......>..RE.._.7.m....o. ...'.n8.......0....C....}P...5... ....).>.Q.{..l...rml....f.........<...<..^t.(e.........@O.J..-..:...zW.. ..........1...j...u$..d..r...b .h ?..\|....T....p..&..+;I.....[...p5......9.5.}r.. ..HQ=.....s..X.P~......o..M..=HI L.X.....{.F2[..V.E`B.x.k,.2.B...yY...q-;h\|.86.\|@rsA......x.H.3=.h.....lh........~K..k.@..C.....c>..6..w..E;t...... ....Q.h.Kml...& .rS..h...#..>\|.<w., .....D......eV..3.......(YW...w......1.'iI8,..R..d..#,U..........A..bx}.St.`eNH.9*J.U..Srt-.`.y[...HP.(F..Pr..x55r.eC.+.?.."..,

C:\Users\user\AppData\Roaming\Microsoft\Office\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3744
Entropy (8bit):	7.9464449956616505
Encrypted:	false
SSDEEP:	96:fAKR2fKuLr+/aezDvXbzQnX/QxgSvrTuZmGhO:BC2CezDvXbzSPQxgSvv0s
MD5:	734CEB2D1032691EBEE02ED2C1092BD0
SHA1:	6615D3D9A7CD2735B91B6E77B0BD0127C97E9A9E
SHA-256:	8B119B76CE8FBBD81AD60D200C55CD53E74DF6CBC1E7B1FA62CD999C4F734D84
SHA-512:	A0B0CEF81AE14E4C0E0A7DDF1D12F49ED98100AE20B3122652521FFEE2F562565D04C144ABA617E32E152A6D532B58695A73351A67FE15381E2250BE88351A77
Malicious:	false
Preview:	.0.....>P...,B.n....[.%q{po~pL.K9.;....0....}Evz.0.......HB.A;j\j......_....J'...r=a.0..1..9..^F.......9.p...bRe...,`..!I`JBw.>4....5l...W0b..!.1..R...w..P..n.j..'.....W79k.....lS....5....1.x'a:'f......R!66..y...F4.....&O.ho......tG..k.v+P{o.2.[.:..."...C3.."bT.4U...x..p.t.c4.^..Y.t~D.!..~.......ALv.BR.%.B....oD.=..d..(.?..mx...R.-.d(....N4...\..oBS./Ee.M.....w..WZ3Sq....H...J..ZX&.U.c.I....bs..o.D..HX/S$I....S.^."..ii..q.h...u.^.X.o..z.IK&U....yT.U.G~..C.+..d......v.....,Az.v.....nF. ...J.vx..7......5.......$.V67QeR0.#.....B..Y.E...;..AS{..V..H..N...K[.<)l.;\|=&..C.......V.W..Q...Y}I.>.......n......I..v....uK..~.,v..C.zc........Q..h.....?.1.hj ...NS..4.........G.....s+P....=[...<0.....5..{!.T..#.......c".......P1....c..9.t.....U-`.9...h.j._.1.e...T...'......,UN.#..t...@=.B+.........l..&u..4W......{...U.G..j..N@9wY..k.i^o.v`...H]...g.Atp(.w...N.A..LZ1I. ..E..!:....rlH....G.=>/M...&U.%L..z.R...k...e....q/.s..@..)..).*.G.D...U$.

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2608
Entropy (8bit):	7.9312102725200955
Encrypted:	false
SSDEEP:	48:NBZoHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:DZCzDvXbzQnX/QxgSvrTuZmGhO
MD5:	6859A9A1838234E36C8BDFEF058F155C
SHA1:	4248452976AD62E6D632A48B748DE861BC78911A
SHA-256:	C92E5964B81539C9B59C007E05B0A3314B371814CE05AC6B86177148C5199AF2
SHA-512:	9DCDBDD0D4DC4716E0628222E1CD0EA382E7ADD084E5F8DBEF3087B7F50286FCB21153F404F0C64BE3354DCCF62B3F64BC89B3B38764B8A93D905669384E3A1A
Malicious:	false
Preview:	...a.@.OH..l[D.T{EH..../...N.....................P.r.u..e..D0#=7M....v.......3....q.#.a.v..e. ,[p..A...1...qf..T.....9/.p...0.(..XX.n....J{.....A.!O..De...y.z..,.Y......~..?..?P^.."{3.[P.\.z..4}cw!\..F+4.%N.wD...f..?...M.l5..?.......{9.N..........ms....o.%.&.....}a'......e.x.....0..p.D...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T

C:\Users\user\AppData\Roaming\Microsoft\Proof\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3040
Entropy (8bit):	7.93468260986521
Encrypted:	false
SSDEEP:	48:Q2ERw1DIH2Fi69HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:QK5IWQ2zDvXbzQnX/QxgSvrTuZmGhO
MD5:	92CFE73B94D4E3D0EF3497C51E3E0F6B
SHA1:	6C1B15F6A6D4CAA698699925D056814C8C96C8BE
SHA-256:	1BC011A6551F4EB948FF28A17B74680F5651F490978750DF8078703EF08816AB
SHA-512:	40FFDA6431764BB373610B3BD7A6C438D5D4B3CA4FCFD9C6635DFFB742B71641B6B76D7639C683B2CBC573AB3A8BA06958D560DEB4AC699E9421B49C6204E80E
Malicious:	false
Preview:	.8q..E.J.....DhS@R.)..Q.S..m..q./7Y.....O.TE1......N...aWa'W&...c...CI..`..t(Ae.>%(...F.Kw"k'......]A..52.^..i~..A,..P..W^.8Z....F...:@.T.....e...?.FbX....n~...o...'7.....F...D..[.AG.9ap3Os..Q{..#..7.n0....JO..:....S..!...Sj.%;.`..P.3.?.=1.w$.su..z.~.'...T....j.)lmO.sRY.......+..(.....j"..UR.&.-.....x...ty= .........._..K. ....Rs.&.!..EX...\l.^.Bu...wBh.-...lRQ...'......d.hR2..g....p.Y.Q.w>..0q].X..\|..2.\wn. T%.Z.8("i^w~.Z..EQ-3...,.................9..q..L.W.5......n5)l...YS..K..B.&...S...Y..e>..I.K.w.9.k.@.2(=@..m+.hq...!@'.t.llN....\|.mg.....ph...}....F....{N_....\...]......$..n..E.L.>.UK..^.d...[%..:....Y+n...0.M.i..{BB...#..,M.LS..f..p..VxUa}....&T.........e...B...b.MM)...... N.....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w.

C:\Users\user\AppData\Roaming\Microsoft\Protect\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\8a95f74b-deb7-4d33-9ab4-dd6c9dcc72dc.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3056
Entropy (8bit):	7.936963335609301
Encrypted:	false
SSDEEP:	48:p/sCGWYE0alqir0ITzHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:pECzYE0alqFIT7zDvXbzQnX/QxgSvrT3
MD5:	0B20C278337473F0EAADA423FCD2F09B
SHA1:	D5B8E2EEFAABDAB6C0E1982F284A2E58A5431B6C
SHA-256:	D51A1C774917073F4AC3B1E5C76FA25EF4CFD06881F76A83FAFB64893939D124
SHA-512:	FA14D3CCD2065AF58C2249422F91E426DE7A49BE93EA2852ABEDDEBC7316A53D216FFF4D83A632FD76E4EEEF2DF216961935837E1F561478BC7DC98792B6C4E2
Malicious:	false
Preview:	....t.E.0...1...c.. ......".F.V...h.F.(.k.\t.i.B..L6u.-...2.Z../..."....^q~.....~yT..5...J..9@G..+v.X...r..0....)..\gft...{1..L....G.D;..r;,..+.Z..........T.h.{{t.K....}..,..LY.`M...~.F.+~.9..e.}...e..r....\|..w...xO+^...(./]......\...:....)..X.=.J............=}VB.A.h..#...U...Y...c......R..#.........K....!&.K:VgjM=..Q...B.i.x v..5b.z.O..hU2.}.X...4..<.;F.}W..#ux..Q+...Ga..aE.Pc.yP..i..V7.8..q........>.Q..Y.F........D..=#. P..YfOl.......;.................\|7Z....S.3Ep...f[?...............k<&w.....K71.Lm .Uz...A.....BO<.q....1.......j2.3;.H.Y..q........ ...'..@.j.....V.p.....T....Wa..Y..<.6.i!...{.....c..%...<..d2........+..L....-.Q...).u..gh.....F....L9....7"..HJ.z/..x.uF\.u%....L..E8..b.P...L....E.V.b.F..40H....V......m..+..}e./.S.*..Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a.

C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\9f865c41-9b31-46bb-a4d6-3a4dd4f71546.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3056
Entropy (8bit):	7.93215039746475
Encrypted:	false
SSDEEP:	48:6trfqywYzOuo8D8HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:ryueuzDvXbzQnX/QxgSvrTuZmGhO
MD5:	6CC7C9C981B5E7B217274A601987638C
SHA1:	DC2BB4D99679A616CE32596A2A397C1367B39F8C
SHA-256:	5BAF83ED563ED63468CDC8C637690D7E6B6604C3E588C8B7193F5B4112876B76
SHA-512:	520719EC586A2B40E308FCA7F3AEE75DFBE28995DFE937581EBF9522B5CCD4C4040DD1520676843633C940728FE3DE96970BD38F1E55B2F41D61F5C0E3A9C396
Malicious:	false
Preview:	...@...T...Qo.w....H..B]..+.!..".a.j.ww.v.0a.r}l'.(}..)[.45.z....M.0..@.U......2.qC....G.J.....2iYC .Pc.(.c.i..\|.=\s.W.....U5.kN\...Z:.v...~..c.r.PF.A.....2...[O.sH.L...6.).I.6.1.'!.-0e.q.e...../Z..^B...n.....]!z.`L.Q.H...w..N....W.`.);.#..F.(~.n..P.$BQr^....~(n...s...).Y.h..#.t.......c....xr.@.V/8.j..i.2.$....w...D..=.t.eX....~..M..`.-..sa.n.2b.9....0h..$d.g.Pk..6....M`"(....2h.sa..Bl...$..V...ao.]x....s.l.3k...7..v.W..l.....f....<..ET.>{.....v....k.................I5...s.u...!2..c.Z.......iY.......L4\|B?..hw'..O9..$.U..i1.MB.2.O.....V...n..%...o.(!\...>.I.cg.L.l.nRkY>.\|.HV............"....'...Ue.....mT...[J.6.(......}.=...T...."{<./.t.a.S.<6._ze.D(..,.v.p8.F}3....9o...F......P<......k...XK.,.....]m..v....E.V.b.F..40H....V......m..+..}e./.S.*..Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a.

C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\Preferred.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2608
Entropy (8bit):	7.925242265853072
Encrypted:	false
SSDEEP:	48:bSGg+YIHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:bS/UzDvXbzQnX/QxgSvrTuZmGhO
MD5:	773B63CEAE414AEEFC11791E68FEAB37
SHA1:	AFCAEBB61442A6444DB36B6CE92FA5EF1B7BFE44
SHA-256:	BFBF1CEE1CCB1EED9A4FC1A7EE59067AC68CD5BD354465EF5C22662E16CAD4F9
SHA-512:	6901023CACE7C7C553DD35449E71C8A52D3CA0DAAAAD13B18BA7CF2870958C6D14FEFF2219EE664AB819D4834328F89E388E7F44BCC8E5CA6A05EA4A7E6EB6D1
Malicious:	false
Preview:	'H.N...3.".M....p.f.8.....T..-..................)e......zfN....(.-g8..VB.....e.%.r...=.>..H[....T.C.W8......8?.,z$.J...S....[.N......a.8.q....TS..f...Z.`3..>../n.@..>.g.Y.J..e.n....o!.A....}..rz......Ef..9...P>...7.b..qK....y......N02X5....w.c)...In.......bL.[$. Ht'.$...=...o.B W.?p..bH..\|....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T

C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\b447570f-a033-4f08-b9ba-8608ed793858.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3056
Entropy (8bit):	7.935598451392687
Encrypted:	false
SSDEEP:	48:R59bm2Ylpf+fqySGVSHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:bdmvmSyczDvXbzQnX/QxgSvrTuZmGhO
MD5:	D3AE245B8A5F6E1A2830B8CEA16E0345
SHA1:	A6881FAE50C4E31D82AEE7A6804AA30C524E868E
SHA-256:	CFC323690DCFC82CDDBE0DE1541226EA9059642334ED0574A5A0BE3AD06CC17C
SHA-512:	D8093AA72FD72BCF36889DB5ED3A6FB64BDBE13F4E582176A81E13E4AE8A54160A94FBBD7D746AB29AD652895CC371C256F4BFF476083FB8A0E5A16E1D1F308C
Malicious:	false
Preview:	..%.(.a../..L.........r...a....Q..O..T..V..B..b..$.0..96..IJ..I...m.B...'..kj.WE.....Y...8........X}.g..Xu...r8....2.;......\...\|}u`U...'N....t..#..."[.E})o\...>.....B.._.......".]..$...a....t.....>O..~.j.xpw./.w...Y.F.G..0.R.,......Bb..O9V.W..ST.....e..d.=..].P+...p..Y..M?.I.pPl.iUQG.4[.q....4..}......mT....:..y+....j.''.r.C<........?..7..7q...V.5R.....81..l5...Y...n...Q(},..x.&."3..5.{.B....7.aQ1....5............wz.8..g..b.....4...-<.PU....H....A9X.....................]I/.........9.~S.'U.....fC{.Y.9.lj7W....O.g"5..]..-...o..p...yL.e..~.-M.oW...~...kZb."b.V..........=....Q....Q..>P[...It...=.d...Kw..3&....6..k.!8PC.D=/.4..j/[....\|[..Z....H...r..=.TYa.....q.?....iS&...@.....w.3s..?2N;........x...h....Q/..`=p@...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a.

C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\f46745b7-7051-49e0-b579-fcf31786d9fb.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3056
Entropy (8bit):	7.934091061407567
Encrypted:	false
SSDEEP:	48:oEImrGa7NPUkuYq8s65GEGHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTK:fr1NHHs65G/zDvXbzQnX/QxgSvrTuZmh
MD5:	3BEED93F4FA02DC2A15581A5D5D28A34
SHA1:	8F0860D82673404FAEA8C80616E03C90A893089B
SHA-256:	EA47953499BDF95FC7E988B7C54922E7FB38B7A9C3DA87AD0A8D21F217AC98D8
SHA-512:	7291B8BDF920236817F925B9BB6ECF48CD88D0F978CFC538E1350888CFD5F8531EAFAF7E00BF1EC2DCDA48343E0173C13464274081075F1661B2576FE2F697FB
Malicious:	false
Preview:	$.kyX...2^......=.../...4..g.....3.M.~S....\|1-.....3.5....W.z..R........X,...j.L......6........'U.g.Q..q.........]-4.MN.eb....`a.RT:....5.i.\9p.....zv.....S...K...X...B.\|N.mM..d.......L...l98..L<...".n=&)}...n.G..xo.Bd..g.\|.Yv.....A`7<mu..B._.J.&Y..'g......;>.B.m..$...6......G...g.......+...(.U.H,..t.A.`T.66..8.K.~....!.i..o..`CO.........7......@...)A...e+R(3...N.Y.......R.c.....]..q.I/~.-.o.%.....f.W.qhH.F../..x.m,..)..3j,.Mr%.....n....wD.!.................B..42Y..1..+.`..K..!....,.....no...=`?...k.....R.......'a..J>FJ...2O......J(...;.cM.h.wu...h..x.....<$.U..y.$...0.Hv...-(U....a.Q4.0...o?...{.z."U@...&.....qF...E.b.....7........j.......K...;V.eR...y'...`.5S.).....#.Dq........K.7.....Ll...A.v...E.V.b.F..40H....V......m..+..}e./.S.*..Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a.

C:\Users\user\AppData\Roaming\Microsoft\Protect\SYNCHIST.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2656
Entropy (8bit):	7.931278994943017
Encrypted:	false
SSDEEP:	48:fbVET8DHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:xEYLzDvXbzQnX/QxgSvrTuZmGhO
MD5:	7EF757F23D98993E91E99DCD1006F110
SHA1:	5DA22A916F7DE03462435862052D5E1A748F4136
SHA-256:	3BB35CD5DE4E15F8D78E4805E0ABF83CE7ECB0297FCA2377BB1DC977E1945F64
SHA-512:	C910EC5B2F19A29A8E1296459121E519FE35CE24637205303BBE04F2E1270DF1D6165A48FA887F9F8106C115F0837FABC3CCC6966E76D5DD8D0F6A64AEC15756
Malicious:	false
Preview:	j..%[..C...x.......3..#DH.B.u.F...t\..v.&!....M.eg....%&...kk\DSjs.hx...QL....................D...z ...<..P.S.ZpY..g[...+p..GO[(.F..t.\....-...L....u..}.OJ..H.\|.<...DF.n..B.zd;q.....n..i.....7....}.{GW...q^!..\|..[[W........../i..^.k.....Y...#xC.T.Go....../...!.4.,.....6...........%6t.[7+.I...~....R..7.2.J.O>...[.,.v.......}~..sp....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L

C:\Users\user\AppData\Roaming\Microsoft\Speech\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Spelling\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.919077369913704
Encrypted:	false
SSDEEP:	48:YH/f4xEnhHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:gRhzDvXbzQnX/QxgSvrTuZmGhO
MD5:	13D030F54DB98A49088BCBB5CF248140
SHA1:	E66870D5F8D1BA7D2CA820D267895E5F2CC01946
SHA-256:	F7F7733968E49E4C8C9CDB4BC2AF4A158CECA712DCA9CCAB1D8D1B8814C1CA6C
SHA-512:	0891CC6FDCDA545C36CFE8482778ECE8ECBE2CB6F47E8DB8E75B3C56ECAE2A698F10CFD8D3479A8587B7EB65F7DDC534AAA87FFB4BFB731E108EE030223B1022
Malicious:	false
Preview:	s:Q..k.k.!{........................8.wb...+.t5.(........-zM.......S.I)..5.l.NMP@....y.;`CGo.Z..m-w.D.U......R.E..w o..5.-....8..................Sy../...L#^a.. ...i....?..&.X....r..3l.Yk....p..._...P\|Z....P>.V....J.7....b.QE.E...ej......^E.9...P..U^^O..bWc...k.........u.%...q.......E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.922264740248071
Encrypted:	false
SSDEEP:	48:rcHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:izDvXbzQnX/QxgSvrTuZmGhO
MD5:	CF328C94C5F71391C5FB1EF9D654AD49
SHA1:	FFB1D12F41F15EBD055F9714F4C2D6DDD61D8090
SHA-256:	6B61B70EF3DE1BC8A72F3DEEB53690F820A97F156F1ADFC32462A648D50AFB96
SHA-512:	4DDD8AC90636A7AB81D2F5EA249C204E684FF26C0164BC07030A91D24EA8331132B730119C7346114979D08C416857234FD162F43FF219A7302039B44ECCB116
Malicious:	false
Preview:	...w.....~G:5..................Z.-._..ww.F....DOW.].!#:.L.wF..P.a!q......p..c..O......K.=.97.I....I(f..I.&V.#.w.Q.(...P..e.O.&....EBk.A..n".rp.d...S.5f.8...j.v..r.E....[........>.fV...2.]...!...+...1..1x.....e.\|3...^.`...e..1=.\.MH.._..Gg.....m..&.......qb.r.-..4A2...1....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2592
Entropy (8bit):	7.921898670599499
Encrypted:	false
SSDEEP:	48:C4boJiRZlHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:0ivdzDvXbzQnX/QxgSvrTuZmGhO
MD5:	0602780D30D2551BF118F4FAEC3039FD
SHA1:	274F90E211745806044054A275FA810C8A9FCC29
SHA-256:	7A979EE6D88244F376AD28CD98671C9220F0C219D2393B4A89A93C2FC75D7733
SHA-512:	EA14ECADB49F040F9D28E5FCAC583DC929EA88A14505C2779F0DED980899CA85AD00E69A0004BB43914CDDEFE148A04DB08344B7C291C1148A5D91E9A635A98F
Malicious:	false
Preview:	.Z#.........1..................I..#...:...M..J.Q.rGc4f.Q,...0.q...!...;...>_.I6$.O(...u..C.".....4.U%....)..x.........Z.P...R.2..3.6..Jn2..8...F5..B...@[Olg4...{~w..T.S.J....!...FcXH....d..p.@..C>$...t..^^....L..-v.xJ...y..~...)a/~...$...O.n..BEYz.1\|..l.7%.@....PPJ.z..`..G..E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T.Y(._.,'.8+.'...

C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Templates\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	20528
Entropy (8bit):	7.991420667485425
Encrypted:	true
SSDEEP:	384:VoBk6vFcK3GqFOLc+VyRezG0jq72DbwfkC8Ov8AQdfiueOEu/43zXbWP0ncs:UtcgJOWR7B7WbpC90AQdKuYrK0n/
MD5:	81350B8D98E8D84241A4905BDAEEF18A
SHA1:	09A2945959FDE6019C034944FCE7A169B2834F96
SHA-256:	C48D04FA0D5EA5BF526A73D817F67F12CFD1C39DCFFBE6A7A253CCC2144E89A4
SHA-512:	78F81F13A7D86A9E9D2B9275A2F246027CCA425961B1C4D4ABC9496AC7649635827C53DCFDD7E704108685C88CCACB093D184D667B454A2BAB9843DC86DD62EF
Malicious:	true
Preview:	..V..v...z........h.....Th....`vD.P.y..3'eV.FUm...+..k.o/(...Mb&A.........ii{.V...>....;.....p...]^..=U.^.'..%(5:..t.M.>G8.'.[#.#...........B............I6.(z.vA.o.....w............c... .....}."Ia......8S.Oc%....s.....C\|}..ug...l...uV."..,!6 i..n....IK..].;...k..V.....-g..[..GMI.\..Q4O.D.....*.m.{....e.._S....^<...m..@ds...di.A.<D.;.{.[J..:...5K..H....f....s,..!.%.\|..g.f...er=..9:KD..ZC....:.c..om.......b3._..B.f.B..)...(`.....G...>.....{.OZ....R..t..8....`"........S......R.!...o......?.~#...&.......%h..ch.q......`....S.n#.,@3.\|.sU.L...J.R`.U.....j..j.:...}x2....e0..'>.r'.Q..{...\|i..`.+.lVT..&?.O..ne......>.O..._+FTZ.....1....7.Zz.H.[t..p%6........:.....T...^'.M8../.r.GHu...6q.R9.....OF...:H.T.....8.I.GzJ...A.g.7TAt1......Ru.....VAa. q...8....P......x..i1............R.uh..IMW......>.h....0.....Vh.."....$...T..Thp{..X.9w...2..U..fg..C.[../.^.....A.VF?...3:A.....K...d.a..1K}L@.^W.q......Nh.?.+.I.,[X7..P.......%.........9.Y...K.\|E...

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2608
Entropy (8bit):	7.922648097307397
Encrypted:	false
SSDEEP:	48:KEKgJkaZSxHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:gg/SxzDvXbzQnX/QxgSvrTuZmGhO
MD5:	42202FF704F80BC4130B4E949E9B9BCB
SHA1:	954A3665CD9E53567D192F1026F649A8C658E10A
SHA-256:	C3095F826DF86CE8CD05A9C7F331CDD49481AD9A0FFC902031BB1C308E3AF059
SHA-512:	804A66F6F477DA8AAE0638AC6AA34B2AB167196C916848D14934DF8A6ADE97E940A350F1DBC3C7BE75F4CC311BD62203DB7AB26C628F6F894CF2D8CB6498912C
Malicious:	false
Preview:	~.d...Q.A{.....f@Y....aN..u.e..................tz.^.P......OF.....9...Qr?q..).w.K.......g..A.l....}z@&g...k@......W..7.m>..i.8O...#h......{..v."d.T.C.y1.K..v.~.B.\|..83-..kp.O_...4...=.]l.&.-c...r.38..9,.xAZ..p..<x.$..j..0R.&t)c..9....%....}1.s.$9Z"M...fE.wl.XF.CM....}..k..!.r.......9./...;....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L.V..>WW.D..6..V<e...h......U9.....)oI..X../T

C:\Users\user\AppData\Roaming\Microsoft\UProof\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Vault\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Word\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\Microsoft\Word\STARTUP\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\AppData\Roaming\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Contacts\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\BNAGMGSPLO.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.949911904628041
Encrypted:	false
SSDEEP:	96:dCQeqtCdeekq8cpzDvXbzQnX/QxgSvrTuZmGhO:neECXkhazDvXbzSPQxgSvv0s
MD5:	9D184565830850165FC6A9FFEE731C08
SHA1:	73E2565D347801E8E7BD84124F0234D32A51D180
SHA-256:	08A76D901FCD5F506CD19A3C3BC58863C73F2DE7410780CCE9149E20F2297A54
SHA-512:	7A923F3C6113B1C86030F091381C0628C61324CDEE253481DC36C0829E9DE78DC6B10D0C432E9B4B8826B15378D0E506EC3BCE39D0A8F65A3981BCF8010F368D
Malicious:	false
Preview:	.......oe...-.i......f+.}.........M-Y.Sm...!.J.y).--...5..6&....V.T....`.b`iw.D..UM..X.>.m...<....5...5..'Y..EO...M..H.ePG.....H..IV.q..e.L....n..T=..HO.....y.. .._.....zhJ.'....^.!.4 U.~.L..k..%.. ..&E...j.....L8m.Z...g..G!...;......h.C.}J.......cD..........z.V..r....+.7./. bnL.....3.-c..-w. b...NB[...F:i..ZJ.gJ..[.-..G~.....{K.....m@W...1....Q.O.Mv.F`1h(.g..H.....Y..N@..s..^..>A..H.....=..;.Y-!,....%IN).......cS^..../.5.....:..&~....S...>...}...L:..J0.-.>..Jc.z.!.#.&.....X..k..yj%.7...C.h.4.......P9...;.......r.z..ziqb......M.#ne......y......h80 .0.L.{.8..S...Qj..}.<....3R...6.0F3.KDk.7..u<.7...Em.T.q. :.5F=...S..q..`../m.#...m+.+..x..;..."frK...^..X....\Q7. ."....9I....."tv.<...8b..3.D+..A..6u....../.......P.8.v_.r#egY..c^).....f.p.>qyX^T..\Qp.a...iZT...............2.c.`(.....9".vS....`O*.z>..\~...Q.J.6fP....>c........a.j[b.r..j?./r4)..\|.?........Y.....O...5.Hp..l.CV...@....6.o.7.......vpP....V.......y.N...?..\|. U.Q."..x....].1..nI&.

C:\Users\user\Desktop\EEGWXUHVUG\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\EIVQSAOTAQ\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\EOWRVPQCCS\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\Excel 2016.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	5248
Entropy (8bit):	7.960922101633427
Encrypted:	false
SSDEEP:	96:FV/o7E1ON0zj2zrMX1Q2SZe538RcVpyzDvXbzQnX/QxgSvrTuZmGhO:FVWE1ON0zI4y/R2gzDvXbzSPQxgSvv0s
MD5:	BDC170ECF40E01F4C23E8AD098953C83
SHA1:	FCF223AAD499FF639FDA2C9AF6EB73C6C5B5AB54
SHA-256:	B1FFBD9D91683566AF68B9057D67F4D35D44CC4A02CF0E7DF3DBDEFA1BA4839E
SHA-512:	5F9E40585EF7384074AC16D99B386428D25500DC57B00C74E1A4CA3414C768AF37008DF38DBAAC24AFC30455EB66BEEE52CB5C0F85FC89CA25E45C76842D4C16
Malicious:	false
Preview:	.........>k.0(.S..F\.-...A....Pr.....%..]o.....T...7../...%".e............'h.\|z......2.....b&.{....1TF..5dp}#l...Jl..54..0..w..g#.T..G.Y.O3...y.........[...&K1..F....N.gg.q.%r...6Oh."..G...T.\|.~....OLc.....w2.r.cT...\|J..2.h..r..s. q...O.j.Gt..+8...E.z......#.....9gk...u........2h...).....Z.9.4...{z.$..6.U...q..JX.;l....u.x{R..s..O{...........[.8...,..M..2.1.".3..v...nlS.3..=......n...{....oCqn. .._....tkY..K^..G.}..v.!.2./>...%Y...%$...D.\..L...n....wBQ..JtB.kmk.)b.."\|......:..]..).. .v/.>0.....uyAi.C.E...c.b.....P...g.k.........1.L.....l.E.R.K..[.3Db0.....F.8.S...4X.Ot.,.T.g %...R.....,2..e....x7..fFr....L.W=...t...=.OM.07..sk..0Ysi.I0Y....Eq...7..Q.. ....=d..[...C....(...ls..f.....7...R/h{;.F..w/....#....2....f$LLT.q.`5..uB_}O..F7.+.GZ..b..:.......Z.L"c?o>kg^.N53Z.~F...).U...\|.B.,'<.......mO... ...S.q...k....+.....hbg.8...S...[0..6..K.....n...%#.o05V.EMb.Fp.B...i..u......a.:-.%..B=.'.i...v...:...Bq.>\:;R........I......,~..

C:\Users\user\Desktop\GRXZDKKVDB.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.946218744771702
Encrypted:	false
SSDEEP:	96:oTr0Qbh9dJFzDvXbzQnX/QxgSvrTuZmGhO:oTPbh9dJFzDvXbzSPQxgSvv0s
MD5:	D076D7F84D86605474158F28957CB0CC
SHA1:	6F8AB11782576E60B905E64FAD6F15C0F8FE3C6F
SHA-256:	6E0213AE6BA99001C8A93E8979F60ED6DE2003BB64A88631EC3144053E621F74
SHA-512:	3B606464AC352F5B302DA8E4292F1C701745ED5A9898D20BA72459E4B369BC8C49EBD1492F97F05BDE68B4445BC57E2766A78A50D43630B25DD37B40B9873B46
Malicious:	false
Preview:	pnIg.n..nq../.....t..@{.a[...6..~.lI%.~.3.........z...8..U.2^^.........._..>.wK....._..(b...&.!.q.p...pN...Hj...jA5xg.{..1n.sts<.o.8..b...t.....ZT.J;i..`....7Xm......W.6.....jX,.^{...Y..W=C.`l~...7.[.G5..zj...(5.m.O.k7/.!...d\|.&......(6.n...}]sG......,.......)....u.KR.1......(.^.yPh.....~..0..s?!..[......Un.+..~.......N.C....[.l.....;....Q.H.s..R./.:TRS...L.?.#.d1...5S.".\.....!'..=$..Db{L.atK/nL..A.......{.........O.....(.......-.42z..k"...3..I...S.......1.!pJ.........S...}..x.l...(..^....Ai......m..`...5.j~...X.9.6.3.,.o.........U..H.PzJ....i........@....Q...6~...s... ~.Y>....6$i.Z.............a.........%.J.B.8S.s.L........0t.`d."B. .b;.3.K?..z..c.~.R...2...:j.....C..BKG....y..Z.......n....sVtC.X~D.~.c.....b.=.G.rW...JL.. F6l..~S.}.r.iC.U...m(..,.......i..cy.\|!.......$.T..C..&..S..7.%cF../._\2.w..B..w.....w.l...#y)...x....b..j..* ='[..l..$._...M...!..H....C.y..P.S.'.r.3....^.,....V..d/.`\|_.....B..~.:X...i....s87.}G..*a(....p..R.3z

C:\Users\user\Desktop\Microsoft Edge.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	4000
Entropy (8bit):	7.952043551200852
Encrypted:	false
SSDEEP:	96:7uXm6Ftik0vsyzDvXbzQnX/QxgSvrTuZmGhO:eFtihEyzDvXbzSPQxgSvv0s
MD5:	ADD3C4CD196560EBC443CA6FC4F3EE52
SHA1:	FCC59786AD33DA7D5E15BEB7D7A5B98F9A3C1F12
SHA-256:	F08F37E91F971C9561C60B4253B26C04F74516AE024B5D4423CEACF810ABBEA4
SHA-512:	1553090718264AFE27E7B09E7552F1A938A40E11E9CCDF70FEA4FAD1AF1CAF01A7A79DFE8C1F5ADF181EAD9D302DA6E692E8ABCE6A37AFCEA45DCA14D2A54354
Malicious:	false
Preview:	......\|....:^d'..G.[..=..O.].1.4..a.......gU...!._,..~?c....R...P...."V.x.....W...w.'..A&..`g..t/.p0@.....k.x.m.F.w(..tr.;....KHs.i.t...Mm....j+.!7$...qO.>yQyM.G:...W..g).X......4...L....)..5.AP...?:.S.sP-.&.q.nt..{..qs.....z..j.p.1..pQ.d)....._...8...?....6.....o.."..p.z......5jOQ/5.. s...z.6...N.,.w......b.,..o......U?RG...:....>.AAn.'_.[\ .Rk.e..E.g...V.....0d5....[".<Q.\|......#.....M...}..+..7K.......P.....QI.^s&...7:@ .'.G....A(M.\|I...KE.....H..n..4L%...fs..7..k.._\|...L..<C...u..N..../O.k.J..g..rs.P.3_...L[e...n8....Q.f\|....SE.X.6..o..sm6..cV/.?....7.6.G...b..r..>Zb...v...H,...`.........5......."C.i*l.~E.V@i.U.y...T.......#.......O.OM....=?..<7.4.c...W...."....HP5<..6.o.)jC<...WV...&.........2.+<.e...]M......T.V..'.!.`N_/.~...[.)...].m.s....N.3;Pr!. ...J..!V.S...#....To..7...."..P..X.\W..x..^'..O7...q.k..MI.....z.~i...9...0..mk'..v...\|GP.]w....k3."xhGs.)eI.k..lj......[..n..P.....^$.G.S...GR..}2mNeY..."...h ......\|...-e...5.... b.w..(YX.(.

C:\Users\user\Desktop\NVWZAPQSQL.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.941642978809134
Encrypted:	false
SSDEEP:	96:MZV9QtZJZ5q7hzDvXbzQnX/QxgSvrTuZmGhO:WLQHbkzDvXbzSPQxgSvv0s
MD5:	DA117A7365E7218262FE0AFD53E4C916
SHA1:	BEA7FB2F38125BD0E81E4F4F699F2446A9C7D30F
SHA-256:	B3A2B89BD8288DC6B38DA3231C80A6722B198ECBD1BF8A04B99DDDAA11A327D2
SHA-512:	6B0FE3A437A625450A071FAC22E5BDF3926B07BB8DF0037BB93578235FB21DF7FCB03D5F1877AA49E42CF828BCB3D551E623C3021E821ECD450D59C4A4B1E869
Malicious:	false
Preview:	..x.....(.?%.(W.W......b..`Z...G6.....F>...G.2..{.]Q?..I..,a`......e...l.R>;..=n...........y....Cx.......}.g....#q%..r...jTb'...M.l........#..%6...7.t.4..8....a.3.Ir.d...V=.3.].mI.....Y.]........K....t....{...(O.G[Q..j...p..5...[....o.WE..G>.f. .B.v\|zz..y.(....=.w...D"..........c...?S!...O..[.e-=d...S\[.8F.WT(...O.@n..d.B.AH..[....r.9.rm."...M..<.e~;..V.....D/...6.g...T.1@t..w....g..i~....x_d.K.9B..Q......g.g6..!?D./.$..;o..!G.@?.......g....K.s...L.!....../8.H.wl.q...,.U..g.M.e.>.).......c.T.f.V...@$.\2W.l...`..9u......U.M.[a..._.w.r..<...j.$.T:..ZQ!./S.o.u.9....r`....e....._....RR..@...o.....:.f.oro....L.Z.....j.#@.Y.eT.....O.I..G. ....Q.......9..!...`. 1.y..c...p.(&.n.:>Z^..../...k)..#..lwqo.^..z%.]`...P.z..V......lA..i..Y....{f7!.........U..I....=._/...4.q...."....N....m....g.!...#.uN....,.....}B.z.)\|Ob..G..48.^.....J..".-.u<..._..S.^.h......].J..n.H.......+..+....,..7.....C.x.F.[P/...>.$..~...A\|.(^Z.~.N.>..X?..G...]n.............$.

C:\Users\user\Desktop\NVWZAPQSQL\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\PALRGUCVEH.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.945732506245158
Encrypted:	false
SSDEEP:	96:E9++Jij5XN60bHzDvXbzQnX/QxgSvrTuZmGhO:E9+yij5I0bHzDvXbzSPQxgSvv0s
MD5:	5755DDCE9D3A7AFBBA4209EC8D8B4FE6
SHA1:	DD8B4335B13B5AC0113D950F17C9E3F3E9C6EC88
SHA-256:	BC63D15B2B100F2357BA765FDFE77B11D9004919CBE46D672BC7F7AED33539B8
SHA-512:	0A4E3A1DEB82A1E97D4CF1FDFDFE8A45CAC3F02C79CF1B498C7A47F473AAB02FDC2819B4504B6ECB25AB9C554F320529004644E873466B34221DDB3129E9A706
Malicious:	false
Preview:	Gs..}7.)...........#.S...iak......l..6"..''lE..}\|,.).V.."..'...A...(U&o..\|O.n..v.o.>.`.2.T.....(....tx...h....m...g7Zx_..wT<@...+@!..S.c.0g.?..........y%.{H..=...3.E...9T:.....66....O.2..<&A.......c.]C......'.;.k......&8.<....j..N7.o ......Gx,$.c.[...v...}......D[B.V.Q...zY...$G......B...DH.x..i....[...NG+v....9.e.{d...z....7..Z.,...o...Pr.I. M..V...a.D....b..v...po@.W+x3k..d.@.\|B.0....2..o.)...v5.....cO....!... .j.....?`..........a..Jr.BR_+.e6^.......$B$.....f$:D.UKC.q.V....Ft.hj.......i.(...u.......-.......S....iy...-.6.B....6....F.,D.g.....t.Y.Xd.v\|.Hxrz.!...J...m&.X(.sW..L.4^..c."...`4Lq\B..=.:.pLE..kRTV.....8t-.........I.}W.`..c.-.....\|...?.I..P.T....+.u[.y.f.v..^..Ytw]..b.V.5b.a.nkt.z.{W.../.p...w'M...i...z.Y.R. .F..Y..q...ts?....6"... -.1.n..;.V.j.).'.H".)U..........C....D.....D.i.\.G...d...Xr...}.8...x........5.E...C".c..fz..E.k*.+..F...A..35X.;...'...'..bu.....oaq\.X..].5...[.G.{S......W=.c.R.2..90>..Y}I.T.1f....U...'p

C:\Users\user\Desktop\PIVFAGEAAV.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.949290256579129
Encrypted:	false
SSDEEP:	96:qSFL7v5NtUMHIy4QRczDvXbzQnX/QxgSvrTuZmGhO:/hUEIy4XzDvXbzSPQxgSvv0s
MD5:	6B1FEC065DB3A8BDA62243589B281656
SHA1:	37887F55EF07F29499DD4BE4B30A986B7E37E61F
SHA-256:	E9067B5E4C04E10AD7120838BB2FFF5B45E438523957F4B6855AABD72DF019E5
SHA-512:	8ABE730EE75651DF0F4F755D41829B8EE2ACA23538C15EA902C5D94C8252C8F8976F2A5B23CE1E4047DBA9BB73C4253A5D3B7E2D67D4F9BD2B320E7CF1EDF964
Malicious:	false
Preview:	.>.s.r..:....?m..(..\|&.Gw!eV.@..2..2.)......H.,.UXX...s/-.u.?...7.%O...:g\|..h.f....~.)..Z... ...J.zo..?z>G....W.....m..dM.mG.g....D:j."b.+.j5...dJh....=4........2W.J..=.9..=@$v.@.L?.......Dtf@...=]ne.27.MF..Qy.4...E/./%4(..^6.oOr..o5jy!....yL(....9./...I....n2mXo..5`.^.-..1b.Y=..v.v......^....jT...i'~....X.......8..........."k..C"...o.]..6..%...`O...\.2..S...p.%.......w...sg.0..@E/PsJ._.w.H..8..Z......;...9.....A.}..u.....[...}E_....s@.j..1{.....Sj.J....7.dS:.O.h.4`....\..C.s..M..^..RS.X......y.......L.SQ.....C(\|.j..f.&........6.&[Q.NZ..Tv+X=5k..[w..K:.......DA..sA.)......>C&q\.CoSp......k.?...$.......h..l...W..W.:..g...4....}\.g..IrV.....S+q#.......l.{x}I[..3...y...3QK].....a....`....R......?.H...}..y..[....ng=.-.' L..^W..G.R.R.k.H...F.&...l...R..9g(Ka7#J.F.....;......A#...20...&.7.....yJ?.}..6..F.F]..&...i.K....Bf.&..9;.$...../.z.....f./T...J./....N.OF.r.H:d1..'e.,..\M..E.M.>........[........5A...~....4A..E......+.....[.&....i{

C:\Users\user\Desktop\PIVFAGEAAV.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.942266974971257
Encrypted:	false
SSDEEP:	96:Zbn2cU7O+ZhQPyzDvXbzQnX/QxgSvrTuZmGhO:Zbyp2azDvXbzSPQxgSvv0s
MD5:	36304334FF32D050207A8FBFD33E2762
SHA1:	64F7D4D15EAD0A11372B13441EE2B0655D893361
SHA-256:	4B85EB2DDABBE9875AA77E98D3667ED67F8032DE9DA3430304707AF288CFAAED
SHA-512:	7F2F8994923E6CFD547697B8743CE4D24E387323F66FA929D8FE3CCE5052D896EE7F1F91508E52B8F53BA52A2F2B6B35A7C703B6D40FD0AB2F63054FAEA2A053
Malicious:	false
Preview:	..^....uuchvZ..0.t.v...nVLZ..3...=.h8..O...-.......A..S.FK(..8....[.%y.....8W.T.'.?.q...n.\...)...Xp!w@.[....Ts.....e......L..H..,..7......ck.}.0.!V.\........enx/.M.r...}...2.l.dK...RN..:.........2+0.....%.@...n...d.T.NK.u.9Sv.>i....s-.n.eCy........!.%........J.tM..pD.+f..p..+.....m.l....g.~o!...0.P.....b$....R....M.L.4R......w.}rD.UwL.P..1.M.L.K.....0.{....&...)....:.]....t+z,w...........k.$..D...<M6.g.......e.u`P18...ah..Kc".......~e....~.s.../uo&9..V\|.[t>n'p....D<+.#Q..{~....y}.QC<.o..../.)......gA.p....M...c..t.8..~!a....Z.4q..D.z......>..?..(..#.A..e."R..p.C...B...>......oO....%...F............Q.R.'._..%A.R..c...c..wp....;..-D.M...[...z...L.K...;.n....V..u.j).n..!.k..b....v.{ .Z.@U.Ti6....@...V......b@Ye.....;.....x7.^3..t7....Vq.....5.8j>.[;]..7.U......r.3....M9.}t.?..I.a.d`Z..D...=.A.Ij.....ru.Q%).DcN........qN.r.+.......q...V..`..~J.;..W...!.m..si..$t.wB.!..._..kL?.k....."..P......y...j".<...0.8.Uh.V..,.St..u....y.'

C:\Users\user\Desktop\PWCCAWLGRE.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.948733688468094
Encrypted:	false
SSDEEP:	96:lRelnpf7pcMB6jHRBsviqzDvXbzQnX/QxgSvrTuZmGhO:T4pfGtH3svnzDvXbzSPQxgSvv0s
MD5:	E93E32AE9E2A722EEFDE271F652D4C90
SHA1:	8D440E6D923F03EB82BD30734C15839EB9AA4E37
SHA-256:	E3A084B82B3CC720546F2A573AD4D4F7BCB843AC44452B1D952965B7122EEC5E
SHA-512:	8722832C346C527FF6BA592B1177EA9181DC243B7EC8EE20206FDFD7EFCCE862E7FA51289D7E834E79C5DAB75395A0D3753B70D27F0FD1BED3EF5072560F7A7E
Malicious:	false
Preview:	..F].)Y.!.-.6..6.\|.4....^....w...z}..;.^g!...d.....P,.E......ga..3;.&.}Q\m...Q.E.\.?P.sB...i\|.6.w...as...N.r..X....i....@....:.B...'....?.."....?.M..)40.-l....R.B.......a.'.H...H...<[..p...Ol...'._.U...uV..? .4.Sw{..".;m..A.t.. 3.rj=..).4......G.......ac.Ys..J.y}......W1ys>.!...-.+..i.....ES. .m..4W..4.k....`......k....sJ..[>....Fk!.y..@......`.^ae.V.lF.!n.ym..Ii'.Ht....r.{.p.Li....}6.KP.&.K...m.....9K.L#ys9.jF.x.Mqu...y<D.d..#...P.@....Q....9.7^...S..n.5/:.W...h...?!~I.....h.>.%1.(..........e...-....:...&:.3V.%...v....:G.g.7t..${\.,L..fHlH....!..0\..R.....JM.6..n.....2....%.E.T~K...'..Va..i.U\..F..a....Z....a.D!.M.....C5.Z..*..?q.U..>.....U1...i:..........8H... f[l.vu..&o\|.f./..t...&H.yA....1....r..s..q..8.S~..^.,.7Ua..a...B[...DO.n......3.?\.?....x...j.m.g...!..N..'......Hj_M).".jJ.u.m.".s@2:..W...!9]?.W....5`...>...Q%..d..Gc0...._.q.h....e8N..R....R.nL.X.@Nm.........7..5^.........\|...6.K.;....r....-.B5.....dX........5[..O..

C:\Users\user\Desktop\PWCCAWLGRE.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.945077703218607
Encrypted:	false
SSDEEP:	96:gRTxIcyL7FORcBOj8XzDvXbzQnX/QxgSvrTuZmGhO:g5Q7FXgczDvXbzSPQxgSvv0s
MD5:	30B1B9D602D2CB013782C9F3954020D2
SHA1:	7152A7CAD12849512E4C1C6DC9AF3D4CAA79F8A9
SHA-256:	0CF44EFD82C8513B9000D8BDC4F298DCCD89DB0D413F4282A006A4F293E93975
SHA-512:	B9E06E8F297669027DF6A3EC27C963D4BC5C5C14BEA351EC2D81E17A3F7440B4DCCCCC255FA3D5944073665535C032FA3B984F7E573E9B2B8A9078F9A1FCD062
Malicious:	false
Preview:	.9.&.R"`ZE.F.L......P..].L..Ft...u.......d..FC_...j2u[$D(.....+.\|.{R..+.j3..5^..uj[]e..`.....,.F........... ......-Q...PRw...w.:f.....&+......a.........X.D...GqJl.v.......\...E..../......v....u..b....!....H.t\k%O_._t5@.....Y..^1...K.....>.;B]F..)Y.c....Wk^.....b9...T#.......s.e.\|..R:.p......>j.oD...K.....w2.z....21......l..J:..;......\|.;.`...a....._J...4y....R.....Y;........0D.I]H.....=[.$.U............l]"r..r..8.0f."./.g..dq3.. i...He!....\...?9(._Z'o.t...N......c.=....N......yBq..X.'.'.]k..+.#"V.=ZD.~..$a.?.i.......-..F.\|nr..+`EOU.i...A.....O.Yk..[z.....s..8V...=m.g...'..=...f..._97.....o/q~;....>XP..j....W4....P../.d..%.......{J.y.bb.D..........E..+\|..."...H.a0..T..i.;.7......B.n.........?K..M..7.D).t]....X@.Q]...q.0. :./...iy]....r.~3...1G``k.....p.\.[.r..n.(I.:..9....I..+...Nt. .m....X\|...M.w......'q...2..y.G.....=...5!....nS......E.Q...}F.....7.....z.S.w..k*.......n~.c.+'M.Bb.J...j.?..%.....y4SC.14(.....H..

C:\Users\user\Desktop\PWCCAWLGRE\GRXZDKKVDB.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.950433387459161
Encrypted:	false
SSDEEP:	96:h6Wc5EhnZXCTFfLN4KODN0gzDvXbzQnX/QxgSvrTuZmGhO:MNahnZXCRL20gzDvXbzSPQxgSvv0s
MD5:	23FA6E8CEA6FAB16D7DE157593D891D0
SHA1:	EA91BB3BB73DFFC6DFA35F988059E905E8B8688D
SHA-256:	1EBC7BCC01368B6F865FF91763E542536ACB13E879588BDECD84F13A83B72240
SHA-512:	6EF2DED69FF567AEC719C7EECF8A4469BF4491E84E22F8F89762E8B6F8A26388C625BBA50B1F9AF3F554826E3AF223C9F84D8A9BD9A2898BEFA96921CA29E7A1
Malicious:	false
Preview:	~#.....3.J.......1.....1.q...uCK..}.......PH).~3...l\..ub.a...dJK.l........6u..L>..h.Cy.M\|.Up]C.g......M..\M0..C...)i.......u.M..e..J.9Kq.a.f..<.8... \fz31-.6.un.%..Tj.._@....]EF...N.{...3.7.._..............k;?..(..Hz.....z.M.4n.......B.lp%.Q.......>g.-.....Q...3...L.....;...\f...X...i.a..-..A.u..\..rN.... {.z./Gz@&.....:x!.4.Z..+...:.....)_.%.........K.(~B..MR..OY.....Z..]....V.?v....=l..$D..&...<..+$..%....R...)-n.if..A..;.....X.p............V'..Fu...f.:..9.p...it.....C..X..c.L.&...Z.f..9..(.....C.>hS....U...W."..N...... ...[.4'w.Q.4.o"...CK.....1..1d....bd$@.KZMKmXY..j...Dr....w2.....c.8..t...b<,K.....l:=..L....*d...u~w.........cg.V@.8..t#...."K...n....J+4.B. .a..R1..._...0I.Z..Vn......N..d..I.......o....e......o.%h....l.Y.U....y...o.!{..N"4M.......,\..[I.^..0..k..4.;..Q.o.z........0.4.Uj-Zz.s.:.._..6....I-...j..Y..E....Z..!x...u.l.=.Lm.^.F,55.?t.h.0j.........7... .y.x}...`.[.........i.c.Dh....!-....@..Cz8.a.+n.5..X.+...W.3..ABET .i.

C:\Users\user\Desktop\PWCCAWLGRE\NVWZAPQSQL.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.945019897394088
Encrypted:	false
SSDEEP:	96:qAW7+deV/izDvXbzQnX/QxgSvrTuZmGhO:qt7CPzDvXbzSPQxgSvv0s
MD5:	B5235DD9FC8FC4D4C72C3DB399D83928
SHA1:	51120A24A015C596C561B297AEFBF597C3C75D4C
SHA-256:	5E322BBD14478E03C45351D3CC015940F22C0F734C14F5BBDE69E951E38AC270
SHA-512:	D4E3AE61BFD4E237D24DECD0171D7B4AE01FC61B98CD359FA1E35C27A61DABDF3916FB71D2BFD166418C6AAC56FA8DE8D1A8058093183859FFFC4AEBB6A38B21
Malicious:	false
Preview:	E../7...(b..L..u..ly.vZ..........1W.m/Z...>o...K=tx.U..%o7..{,R.!..Y. ........%{2.P..z.TM...).......Nm...-..].XX.0....&g...B;.V,U@...s...x.'.O..aN..1.z...C...6$B/.y.e.#..b.<...k.K...B.>!.......,7,R.Y...-....5.O{c+z.^..s...$.<h..M.../M!..m..~5G9.c..R...U..+}{...............c....!..C.g.l{>Vz.......z3...:.aH....'..7.i.`......[..9>d...4. ......v.sV&...9...?K..@%=.}..R.KQ\.V..k...zd..3......'....>G...l.7.L.j.Jm.........Ig..1?uz.G[.....7..Z>..{.zq..m.M.y...G...N..}-..q..^-c...?.@.:...."x....o...l..y.A@..B7.\|..$.h.j..X..^..GM.5..z.`..l.9_...-:...Wp3.'s..@.n ...E.2.:.N.F.T.f.a.J....<n...jB....,...........?.........z...[.Skd.g1L.{...to.r{.....t.$.... w..E....y..'x.Z..kf./E...7'.......;.\U....Vv../%D%.<I...........x.V'S.....6........V...J.........,......b..\..7>....^RU.......+....(..\|z.y!.QO7..g.;.j>f....mJ.v....W$...6......m..}4..s.#s.(x..7O..>........t.....4......9.D0s(..Z..).......F8.~g..a..q@P.X....K..:u.......(..+..N...i.0q.l5.....*. .>l.

C:\Users\user\Desktop\PWCCAWLGRE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\PWCCAWLGRE\PALRGUCVEH.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.949551228330882
Encrypted:	false
SSDEEP:	96:1TMM7ljL9z9sLZ8iJzDvXbzQnX/QxgSvrTuZmGhO:yMt/sqiJzDvXbzSPQxgSvv0s
MD5:	6DE6EB0E89541B9CAEBC5D6EDB0348DD
SHA1:	978C81856593739A1B05BF9757C6A8ED5928BD2B
SHA-256:	BD1E3B9AC440A2C6BE060CE632FC98472010C51B62698BE3C5DABC45925A0762
SHA-512:	7A50CCE5662EDD8EAE21C1554F507517302D743DE268899174170AC8995810139DA499E68B398B92EB68677F0A365D8EA68D4F1B4636BCABD04C19B287CEE3C0
Malicious:	false
Preview:	...\|:.......-.W...."..3...u..{3........!.K.M.u..".g.=.O[.c....mL@,W.Z..B.-F.w68..oG.<d.......UN.fm...LkN1..l..m..4b...Z<0n'..Q..J`./...P$.w......DH8X.z...E2..b....U......a3...[p..bw..HDK.......-.}Y.okV..3.1.....".B\|...5>n...V...Yc".'........"....6i.xi.3...X...~<..$.g# .....<.v._.....+F.i-`%.......s.H..%...Im.h.f.gC..9.-...g.m.Ku....:z..C..\N.~=.......t....G....X..\!...\|.f..&..m.K.".......c..j.N[..Z J_.....Q.[........2B.F`....k..]..;....%..!.....,....E #M.5.^..........{K.C..o].H#._o.P.#..3.....G."..0...B.h9.....Mk..0....0"..+....X...........AX#. X...W...=.6?Fq...q..Q..'....5..F.J..\|.O..l...!N...M.5^%...Hc.....T..o..V.i_....r.R^..........%..()...zR..N#h^,..0.c....57xH..1..$....!tM&..?!.W..0......#9U`....(.C..+..30..../...GotR.q.Qz=..@F..Z.?.....).\|..6.D3..&.... *..N)..~....\|...z.'.X.<..e./\|..K.&.2)......a./....7..~.t.......yD..6:}\.s.(...~.i4..n'.CV..0.......@...v-.@A.~.F..l3..p91T..:J.R\T8<U...%vF..3.6.SPZ!...7..........N..~.$>..

C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.945311268504466
Encrypted:	false
SSDEEP:	96:L9MtxWbv6o2S/+zfSVzDvXbzQnX/QxgSvrTuZmGhO:BUiv6s/+zfQzDvXbzSPQxgSvv0s
MD5:	460630CCE881CE9D460CE3DB6656C422
SHA1:	B51C26B59730D356A1614E091A494AC592311FF4
SHA-256:	1E52C1E830045DC925CF9B991151FABB3619C7D2C121E8CF1683CF113B5A563F
SHA-512:	F1CE5E0CC76E5D6D5E8F798F9ACE57F633F126E2E4171A3C8F8E5A3ADA9F84F600E384EF1B719CF438C67BA8B49D046AE9A13E2BB8EF577F37234F18386CBD47
Malicious:	false
Preview:	.yLFIC...>w.Y.....r<..D..... K}..."(......e..T.Q.......M......TUQ......V.'5..G....xv3X$+.).4r.../.......D..Rtrv..V.D...ybW...Y..R.....?..XA.n,..EH..;G..5..g.u..D.P.}.....).....K.E..2.16VG.d......Y.qK+.gD>..k#......s........#<..%~D..P...H.]..T....j..h...2..../x.x..B).\F...!'.r.?..a.5.^..Nz.".b=.......@...y..Z..y.. ....{gn...w.s$......&.m.\|%.......}M.R.t^:.Fs.q.#.<A.x2\|..(....in...L..~q....-.D.../......H...K.[g\|L..<:.Z.".....!/u)$...'I..S..8.C6.6\|..3G..r..@r.h\|.^'^#..i."....P.Id;ZZ....z..=.Z..K.r..`...?.<....pj.P...^.. .?....X..Qh^)......B..(..Y..;%...S..j...2.=.&C..{^...)..\|..M.Y...p.zi.?.yi.z.C.M}\..\...sC..JuHm,.C...p..jE.......>........M>..hL._..1..j8....fE.....7].fU..f...Ta.?..../....<....W..`.."\6\|......B.8 h.4.A{.q.v(n'.F.W....R.u..X<y..L...@IFzcS...}.:.]E.,..lP.......9..J.D....Wl.-t2...Ew..h.......W..b...............w..h,..=LJ.#q.S.^.Mr..~C.....9........A......x...0.V.....>V.H...........b.PnP..n)...LO...b[..dw.......

C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.943039301102839
Encrypted:	false
SSDEEP:	96:hM/SiD9B9pfDUuFJnhzDvXbzQnX/QxgSvrTuZmGhO:2KiDlpfDJFJnhzDvXbzSPQxgSvv0s
MD5:	DDD4F8F1158CD6E8C2181CB3B07E0452
SHA1:	3918B0A3CD7CB9EEA99EEB35E1BDE883842B8D63
SHA-256:	D1516F816BE03FA3E0C7208EDB3C4E1C4A09D7AD23E781656B8C4D601E79B28B
SHA-512:	8C099EA716316AB614A05CA127EFDE82405024011915B34CC2EFAFF74CA6EDC61D07089A7AF82B5D8B332E2242520D581BD7302026FECBE54E87C665AE392142
Malicious:	false
Preview:	k.W.ITG.P.kG..i..D...%a.&..L./.l....y...y.>..\|I.1...P..t...^S:....$.F..Y.~...p.PQ.+.DE..]..e.~.]}s...Q`....Q%.9.^B..y.....~g..Jx.m.n.....9K...P35G.......T../....."....O&..t..n..o..m...\@.>...q.kM.OiR...t.V0...s `pe.=..........-nf.%D..(..Q...7.s5..Bx...Q.u.Vj.s.".X.U...CA....6..Ql)._.S..z3.\|zqv.e.bna.d..U....zg0hKqG`..@..@... .2#&).Z...S'.>..P...R.O...i.c.~O.G<9............,....2....TSZ8^.....Z......Y4......6@.!......{bh'.8F.W.....d;.J.Rx.0.w..P.G.n..R.'.A.(@.:.2>.!m.....]......5...)...Y..3W%..oD........h...(5..VXhO...e.IJ.5..=.qR.y...i`.Fx.........b}.......`.nY.S.9K........L.{......Rv/.;\|.O........_.........w.B...\|.>..S....-Z7.....0Uk.....be...C.....GP.pY.Y....BC...U5...D.&>.O7].+.H-D.k..S..h.)..#......UA...@K.,.j.JR....b.....`N...:.fI....cL0$...J.!.Q.~...}...[L.IPx._..H.^.h..Q..".>I.5..E.pY$..@$2@...z n...mufl5.\|.}..5.D.H...#.Z.nl?E..........K.).(...h0k.5..Z.xL.).f..i.,z.F.....W8..e.>.....{. 8.=.$.=..p...._.%...l.

C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944462647601403
Encrypted:	false
SSDEEP:	96:ScBIDc1mmLJqzDvXbzQnX/QxgSvrTuZmGhO:S4+FmL0zDvXbzSPQxgSvv0s
MD5:	D32AA8F22392D15DDF5496AD5BE611C5
SHA1:	E2B75FE24FC01B96E6E0C15509B06A40A19A753E
SHA-256:	F650A94C857173354B281FC40A8D58261DD9CFEC479349AB27175D47A57B41C6
SHA-512:	6FC7E16424A00199465D11AA12CBA3B520B97863F4349BFFB2860A09577D1739450D27DD8502DBDA57FB421952E752C89040AABDF3F5F17E0C8762ED53247592
Malicious:	false
Preview:	.........5..B..h.qkzsP.....-uw..S.....]....f.5.#\|BV.$.d.9...^...``j.Js....b.K...-...h..w..?....K..L...N.e.}V..Q!...N.......]...z.^..+. ...%........V..-.D.^.g=0.....{.0........<.yT..3[.../.D.xY..6.t..;...V.$.R...3tL....>q..f.z..^]....C..p..k^.1..)..........bC.`....~..W]K...%h.&V...(0.u.+.....).......M.....6...._..2.......h.~X...#p....?=......w..~..j.Jk}.d7..5..+.y..bw.K.....W.V*...d3j.........&..U3.....C...&5'.....@.wY.fl9.'77.-..M..NwZ..x7x.c.q....W{..F....U~.f..U...`#...R...d2./kb.x..u.C....W.T..&.g..{....>...i....@.z;.E..%H<.+........0.....\.QMr.!...$.....XOw.....9....$......>..p`.?...r...s.V.ku%t.#.({...X.~.....x.....d......?....P...(pd.Yc.7.2...0$...f.....S.....jFA.f....2\8..<\|h.._4.u..z.....w..7WM....VJI7.vs..)...F}n.{.d...\|....v.....k...A(o...,z....a.d...........v....\|...YS..#........&N.fS....oT..:.5o...6...}.s..CGQ...C..i...V......P.......U.$.i.m...p.wn.....B].V...w.a......A`.).O.o..[N.m../.ig.....+.\@.\|...P...m..

C:\Users\user\Desktop\QCFWYSKMHA.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.946284754171093
Encrypted:	false
SSDEEP:	96:xXtVrgM4j9VjVOrhVozDvXbzQnX/QxgSvrTuZmGhO:jVUM4j9RVAhVozDvXbzSPQxgSvv0s
MD5:	36BD8B6D3F16A7E946932604069642C5
SHA1:	15471D59AD3F66CD3CB977ED348477FD854E5239
SHA-256:	E3373AED874A5C985152557248C9BA099D65AD699BA490C0B810E2868FF48AD0
SHA-512:	D49153EC1C8A6DF9036CFF2CEF159B2D63F4E882093F8E7C1127715ACA7B2643E78F7F74033BCC4EA62D6C2D6E73A2F3172997C12A4A0AF97C86B7242C1785A4
Malicious:	false
Preview:	ijM.3.@.1...U....c....{.]...z..V..`..{.:.".....y.=.q.9......B....-.L..{wf.i..9X. .....sLr..";...Z..b#.D&..2\..........N...f.B7....... .Np..G...... %.o>.^H<.....z.)VdP5.f..I4. B2.S._7;...^Ap8~s.=.......{6..;.....)l ..2'..Yu..w.Cd.%aV.......P......X.=..ht..V../.l..._....D.......[E%"...."F.M_..jnb.h?yE.O.]).!...I...`..4.-....F!H9.p.V.t......'r.\|jP..:%.F.......l.\|S.....6...k%,...J......UM../X...._A@..zX.....-%.z$.l...q...z....\..1[d..7F..HbA..1...kI0o.f.".5.=k.U....J-.>b..lQ.4.."#..rk....._0s..=...Q!.K.>....(....eM.n.....E.\|.=.V..rF.I.'.M.zL^.b9...R{{w7.......jl.-.{...WlN..#.v.C.r.8..!.S..;dD.....s...q.K...i%..;KpMUo..K.j%.n&m..5w.hq<...=p.l.c....(c..c.'..J.#F..3..n....m.-..z........;[O...h...j"... ..m..T.j+l.dH....#.......z....+.)}......sO...)..fA..p...z.q.d1..d.....E...$J...4.;.i.J^.J7...h..........s..29.< a_.U..{.Ug....7.......$..R......+T..\.....q..N(...&..9`.....#.J...de..AA....G.JwqN\|......0..)[.`....o...g...././~}m.UU..F]..

C:\Users\user\Desktop\QCFWYSKMHA\BNAGMGSPLO.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.9462320099161134
Encrypted:	false
SSDEEP:	96:zrH5IWNfs2f4GzDvXbzQnX/QxgSvrTuZmGhO:/uW+w4GzDvXbzSPQxgSvv0s
MD5:	22BD58D5FE38FBE534199CD4D94B0BC8
SHA1:	3DEA3A130944ACF680B9A4AE797614A128E52EC8
SHA-256:	5ACAABD780C27F332AEA3B3B960295B3A2178B5DDDADCE3D54648E9CAC11D6A5
SHA-512:	FAD1ECA7306BB65E2BF814426FB1949B2F2E8A9AF1D26E947A16F335F3FE269D08A167B4836475700A16CA7CD914E34486A2AE237674AB84AD8127EBE8C69808
Malicious:	false
Preview:	... ...v.0.....We.N.:.........Q....R.....7ruCZD..c...y.L.F9#+h....\.H..9cm.Fc{.....LA..3.......sG......@..l..{hd.S.]2.k....V..f&........NI..g.Bj...._..I .... y...A=>Rjm....Ch.jBr.k.W.....8C...L^.H.;g.N{...G..iW....v.t%i.4.........T8.i.5.V..,.n.....R.....0.....5o#.LU3...Xh...mA..n..~..\|......D........(.....@}...6h(....^..H...@...U....A`..!.-...,UE.......F5.U..(.wA...iX..a.XA..t...K.Kf........S.z....kK...ef..^..6XZ.z...'..../.....nx.s...})g^..4..;.f.Q....h.j.H........._.a._..K<.G.E.#7..i.\|...xi\^R.......&h...L...2......t.jb...}..!...@r.."...+4.......iMh...s.cg].@..._..0..r....4_.?.A......f. ^..YVYiL.....=wB.."......@..~..{ix.<.[l....#..-...a........I0m.-....o..I.r...%-.j....Q........(..HTFG.1!.6..G.VP....0m....H........_...\.......=.#.).&+8...........~ry....Q.....l............v.1.$v..:..j...^U..!DS....5r8... .,.......gh@.z...;..w...=E..0;I7;..RH.j.+"..(.,....<.NXP.n.....Wz..._.....q.5.$<...&`.#.p......!.X..v[.@.%..$... ."...1

C:\Users\user\Desktop\QCFWYSKMHA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944877501377426
Encrypted:	false
SSDEEP:	96:7VG/PhtevN9XBm3ZzDvXbzQnX/QxgSvrTuZmGhO:hY0S3ZzDvXbzSPQxgSvv0s
MD5:	8481C3DA236A4D26E2D24597917708AB
SHA1:	5BB531C9350BB1315BCB4809285FF892725EBB34
SHA-256:	4602723E6ACA413DA4130D8B5A2C73AAFE63157FF1C85748475AF8689D6785E5
SHA-512:	91357EAF126DC017BD6E0ECD96ACFD0610986BA865A815EEA1F81304CA2CAF2F5B4FC7DC32DF7965E87C8AA1A36F8B8EC04430B7B3A171E14134C9608A498FE2
Malicious:	false
Preview:	..!....=F....R.....U.h..H`D.L..;l.P.bm]...\Y9.W^.?.L"......>q.<o...P..C?u/..X..y..P...Y..T.~..O`......p..}...[..w.N_..g.V.6..1s..-....3...IsI..1...U...._.>x..g..2.:L...B...m..V.z.S....R8.E..D..R7.I..r..q.I...5}B@1..BX...K.y{...-.:..".....Y&.?...nE.Lr..]$_.}R....@...W.o6..R9.Rw..2....~>.5.ia.BKv..\..~..c......j[.....W.H^A}S.Q..77.<...@2<....f.'..../.i,B.......3S.....2tdjB.;l..........r.m?.:%h{.7..P.......U.z:.....fV..1...w.U.7.}d.`..........0^.N..3tG..x0..{2.E.x....0-ay..v.....=..O.......R.o...p...T@..{..'....>..M6..J9..2.1.......m.d..r.Mh........x...ik.nS/A...fP.........w....w..\...N..[....UR.L....*..IL....UytB...z....h...-....................2]@....-......m..d....g.....![.v.I..LOz....Z.-....St....PL>.^.\|,aY%8#}..<ZZ%..T..].2U^ ......#..%..X..3.T.x....P..0."......E...C.0....'.....h..)...<D._\|.SG.x.0..A..-3...`...4n@R'tvi......X..5...&.-]M.Zc@.t...&7B.Va{K....P...5.m...r...B.B.<h.F}.E...^L}..........y...h.......K..n.R&(........n..

C:\Users\user\Desktop\QCFWYSKMHA\PWCCAWLGRE.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.953879860743707
Encrypted:	false
SSDEEP:	96:bAgxGcEvJLEGM9czDvXbzQnX/QxgSvrTuZmGhO:ocGJLZFzDvXbzSPQxgSvv0s
MD5:	AE0A94B4EB89183272A20CD8665C002D
SHA1:	5215FC59362E3533DEEA0F5FE6D8EF1B5E0E5373
SHA-256:	04EC19F337D72D01B0123E254004A4E55C0CF5823ED94BEB53C89D7DBC9638EA
SHA-512:	4E931AC90DEFC90F10E1F2EE494A3505AFFE26C2E97357FFEED73CEC31C8B81A31A41C65E03732B38B05D4FC4C7C7B5E2BD865E75D894617127E7A5E779ABC66
Malicious:	false
Preview:	?=...Y$....6?...r..E..[.DP.y..l.0.F....../F.....5...)...~...W0.q.e..s+..IX.Q.k\|cgZD%[..I....M..`N.;v.........H..V.....I...>Y.,.r.r..&2/..j.'.%J~(#.....$...._.A$;_.=.....:.C..Z..`.......Z.....(j.\|%......,...{.v...'v].K0../..I...W4.O.......J^.j...&z.$.HC@..j........!%x.6A.kH.5d.[......b...4...X..M7..@.Nm. .g.....\l.rM.0..e.B.E.q....dP.`Y..z..}.../............H...3W.S.../....`......N.i.... .`hN.........i.9=gH..../.P... ....#.QsY......]......:.+<......PI...}B..S..Y/.Z...&.L.ik.;>.....b;ECP."...+x..HA..^]..g....t.A%...Yd.M<._8.)+u.7.9.b5..64aw;.p.......X........)I.....(r6....E.y..i........5_.d<.I.3.%.ghfA..I....n.Z....L7.u.{.s..Y.j.GZ/v..X...#..^..$..`.8FEV.%.n..!./.....>.....5<N..HK@..> .(T.:..WR\|qY...,$d.......!......b..c...M..../..h[....:2..J...f..2.A...AB.eu...A.>..`.Z.y....O7..y.H..M.:.........3.e..iDL{5A..G...Q.9..........e....q.8t[...>......-..2..6.....o[.)..'.'....%.;... ..a2.....lC?..}x...O8..e..EF.[.1.`C9(l:........P4......."b....s.

C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.950964071698003
Encrypted:	false
SSDEEP:	96:N0fADSbf6dSR79E2zDvXbzQnX/QxgSvrTuZmGhO:N6AD8mSRlzDvXbzSPQxgSvv0s
MD5:	201AC5E978CC9033DFC5A7B9488A17EA
SHA1:	1609772DEB01E4E0DA836FF03E7DEA354EFED4F0
SHA-256:	BF88D7C05F8C6DCA2327C176B1490F111B8C6648BC46DEE50475EA5F453DAEC8
SHA-512:	062295258066D9A547E701E4543DF67DA4CD0020EA42EF555F2C4582F5AE2DD3A9EB8EF0CBF53E80B0458B8C5143258AE92D5EA751FCA558C9871AB44C9BDD07
Malicious:	false
Preview:	.w..K.0.>...2.o2^...m.gz0...Q2.....C;.....,ES.+.Cr..>......\............].o>.J..,.]....h.D..........!.u_.a.h.G.&...:...V.7.....k...@.z.}@...{..g...U.s.L.z.s..._.A...h.6-.I.e..L."..,...D.{c........CD..]...m..3w.../.{).J.S.....j......_.M......a....kO4.>,}.@...... ,2tMg...xA1.9.{b.$..`+..<.7y.\z....T.-...M.....`^.t#..4...:.2..-..%=z..ivy/..v'..{,..G.._...4.<...%.d....`%..M.9I.w.55.SE.......{....MYh..i......u.S.x5..FC8..7.2......ZW..._......<.Vx..{...g....`.3..Wp.W...tG!...x..f.].]"...V..fg!H...J.A.Z........`..S.0..U..>.....z0.P..f)/..]%0.B.$..Q..fW..u..B.Yb55..........8]a<.p$..F..A{.k..8.Z..I.o..f\| 8t.....6.X..P....G.k<.....f....jT.j.[..4.ut..e.....1.%.,.in0.A.&....u.9..T.E?....O'...-.=.....?.B....../t.....'../...Z..{.[p..u.3Jm.....=p..tP...R....`........J..d../.VL@aR..(....f.........]..`....sb...P.ReX.._B p...b.2..On.#B.\|.L...%.dc.....{..<V;.~......Qf...f#.e8..%yD.)X ...W.a!\|....m.. .....(......U2L.\#..(..R.v...*.......'.

C:\Users\user\Desktop\QCFWYSKMHA\SQSJKEBWDT.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944217968405096
Encrypted:	false
SSDEEP:	96:5XikNCWp9i3LizDvXbzQnX/QxgSvrTuZmGhO:5pNe3LizDvXbzSPQxgSvv0s
MD5:	356C0C471C127A2AC219F3B94980EA26
SHA1:	7B99F8E4DAE8DFD91BBFC04EFCE1A622DF44F2EF
SHA-256:	6EB258011611E5D2DCE41D7AFAF13FC9B7D6DC637A9706B66499275FE051E77B
SHA-512:	E90DCE965CBB2A57F3684307278B4D0511C0AEC435FF792E16D5AF4F388517A0527B5F3E4FC298C50F20C9655F032156F2722DF70F3F1B518BB1E167632290C9
Malicious:	false
Preview:	.,.e...I...f..Z..A..'.....E.5.(.j[..;:....].2.._.4......4rvz...<.&..J_s.....-.....n.aT.2v..[....V.....r%b....c33..b....u.."..$.C..\|k...8.<..?ZU.JM....;.P.1I.K.3j.ci.P.\...i...~...U.nr.y.U....}......XCe..8B../g......W...vF.....LO=...._.D..j.[.&..3JA...q.w@..u..){...t.q:..T..k...R3(.+;"..qIa...<0....b..Q.\|..{....'#..L9..R..t+..Z..b.%<R_.......F..2...6T\|.A..S..5.......Y...Z.=xR.^.g.tM..5~...rCR.b(..i.N7..Zv..'.+>QX'd.jx..Mt..}s...^..../{..xeJ..K..S.....N.EA...%........x..t.y......lK,...)...\......<..1...U.........@y....%.u._.T".U=......s.......>8...x.....H...=?..j..[..u..>Uqz...C...FUD.W.......gU...<Pj.t..)..e..ox..Xg,.C!K.RUC.....3..Jp..]....r...f?.a.... 2...............3..<@U.<..........~..x.v1p.a..'6...2....x\|...m(..1.H.v.9=Kf.y&...7MYg.<.Yf._fL..N..V.G.Q..t%T...du.rU....Q-...U....ku......(..E.a....<.O.[.q./a.K.<.UX....`C..V.....u.....Sa.i..P%Mo..... ...$Qt\|'....;..@W..?.R...p\|j>..!..,*"..5R.....w..";..l.....7.Q....m..p%...

C:\Users\user\Desktop\QCFWYSKMHA\SUAVTZKNFL.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.95029384546437
Encrypted:	false
SSDEEP:	96:+cz0+Kuj8hrMQzDvXbzQnX/QxgSvrTuZmGhO:hZKuoPzDvXbzSPQxgSvv0s
MD5:	EF3B6D7873E00BD19840CD7DD9B9834B
SHA1:	40225A52AA9A2D4CF1B38030815DFE4F4CADFC22
SHA-256:	D1029D5F5CC67BCF01641946697D4E121971712D2E98BE82A7A5B294A6BB252E
SHA-512:	BCD7C92CF8291B7825E8AA927177D7D78BA2CB7F652B9D4A93901921CC1336F3DED00E78943C8F1D253C4C387B43DA579F242327FAC2A7A1B0B9B1F79B1441EE
Malicious:	false
Preview:	8.W.......O_%...0.....h...x...{c..r!@...0s....-.6X$Bd.P....U.3...\K..I...J.Z..(.I..$z...%.!h.......T.H.8...lg..@..\.S...e.H,.Jh......-.+.%.....CKST..D.$.Q....1....w..Q...Y.....0bq3..... ..b&3Nm$..B.\|...'.x.......~......(V.W.N.D........b..Pb.^-..9.....u..7..&...u.>.Mf.....x........]....0..2..#....^#c..E\|UYf7,s......m.>k.(.9.uu'......f.N...I.jn:.j..HG..F...6s...0dt.\.h....f.E.<.f..Ou.+...X..U...T...@7.Pu.+<.Q...3........9..A......A.ZY....7...}..s.Xf...'...Km.Q..E}.........^.[sS../:@/...?....u..x`-..Hr....a.1...6xE....%..XD.........#s.R.j%..u.5..;.n........ ..1...M..D...c.&....1......6.m..$.>'[B....~.7......B...MNKE....r...p[e.x..C...@..n..N.&..2...5...A.R....W....$.0.w.\|.4k.]...e........\&#.0...2..a....>.9..&.a.vY..m.t...Q..a.P.~0.z\|.O....sS..j.I.m)....MJ+Z]3....u.\..Z-X.......3C....A...7M.C.2.GR......B....]ca\C....r5....I.....S.A/,.V.....#.,A..n.8........Gy..E...b....'..O....S+.....2..~.m......t.....Bd4..)=........'...L.....

C:\Users\user\Desktop\SQSJKEBWDT.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.946733263116461
Encrypted:	false
SSDEEP:	48:xTcTDxSUULgZN6oUMhu78sQHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hO:xotUoFsqzDvXbzQnX/QxgSvrTuZmGhO
MD5:	244E12764D40A773DC9D056894075643
SHA1:	6808EF34B896E66A70DBF0429D71A3D7FA0A8074
SHA-256:	73EAC377B412CB1D8158B548C03409E7E646648600B9B32C0EEDE8517AF0C5F0
SHA-512:	CD7696EE19BE2CEA3E6A0E4559F3B60D1E4BE809F11C5066A14DB113BFC0A90884B89C8EAE0E57708DEF1310C60546C227D0B493008DD98226FB065FE90AB519
Malicious:	false
Preview:	D.KF{AV..D.._Rl9...h......R..M..y....A:....e&a..(f.<^...V.V.....0....a.W.+w<..[.{.`.:[...G~...T..G...C.).E..TW.....0.s.m?..7. .$.;....G.n.'Hg...H(...W.$..}.J.W,.....,5-.b:..x.?.UP[<..%.....n....b...IV~.6.6.Sx...>X.g..#.(uL9..?..ub...I..lnz.;+P{...z.n.D....B......6.i..\di,@...D.d %. &.F R2.0S>L.4N...#"....uo.E........Qama.a.....2S......z............I.fA.....o.Z..F...C[...S..#.....Z......e......4.`....K....m...\|]..@.b;.o....A.Ri...m.V%.6j..1..W.......RX..YX.-.X.\|R...8...=....5.w.sP.??.....p........wf.r.#X..\|gI.ra.tr.......0. ..&........\|.$.e....j.(Az....J.ag.Hntw......8......CJC........@.X..X.e.Y...{.?k6..O.>0.NS<q..AXR.......`.$..U...T!.1.......G..VT...Z.....{.'"]...x[...;..t9.........E.J...._.I.Z..(lkvH..a.=..n.8...,y..k....,..1m#ku.;.......LLq>;.....}..2y..h....C.S..[......O=...).b..T.......7[...T..~t.Y...rI.%..y..i!..C.......w.6.}../..K%.n4..L5.....A......g;.=.I.C..l`.W....R_1n..F.9v..u...g#H..r./@..!E.D.W.@.Dq3P..F.H.K..B..\|.#..

C:\Users\user\Desktop\SQSJKEBWDT.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.951573340190098
Encrypted:	false
SSDEEP:	96:WnBCRPYTLW/F7WvWuACDzDvXbzQnX/QxgSvrTuZmGhO:WnBcsLqF7YW5wzDvXbzSPQxgSvv0s
MD5:	39115C5757C56AB8681716497A56E23E
SHA1:	145F968A54CC01CA5277C4731BFBCCDA07DFC6E6
SHA-256:	FB9F34B2418D0CD2F088B62CDE769BDA9BB35A0B301C789E4B58138844A3C5D5
SHA-512:	3383CA84A49F96E88A64E7FBB173FE27625D7161FE9183A1E14DC9DBD4D7C126E4F65C5B014859F7160C24B14B4694632E4FD1592A0E3EF93134DF923C09A40B
Malicious:	false
Preview:	.....q..g..0ktJ/.l3.....r5....yfZ..6k....>;o3..n0{..O5.......18.h..&...bR=?.......`J.U.vg.S....F.3.p....C....{a~N.^.N..j........2..`..........[.,.F...}/u..S.%...@KE.R.. ....(....hGZ..bO....4..gW.x.u[.#K..T.........R.k.....C'H.......&.d%n.[.... ......Q.....P.rKL.]>..[V 7.#...<6g.D.... ..V..!....:I....cr.............tB..}.K.Zl....G.D...I............w.w.=.J..L...e?.,.[ .$=..:K...M.\|.z1.B.x].....Q...k.@.....>....$.nqg.U.X.~.....i..V..Z../.........H...]M3....6s..q%.1.....P..w..h...M..2\|.t.5.c.zk7.<.LL...?...K...`3.E0.b..^.....9...g..iO.-).h..b=ob.T;LW..F..!...u.,.}....l.%;Z/.P.e.d/.........l...!...cGH...X.....?_...SP.~!...W....._w#N.U...~.'..{a......v@.Y.1j.../5P.@N....D..w.....o.{.Rw<Y..Y.&......$c<..p.....k3.0.R.J/.P..,3.q..8....w..?....%..L....c'..X.5e.....3..R.....A...}...J4y.,....\|......g.. .bL.<.i.,..5..,.7@.{.`& D.>A...V...)@..&3..}..u...].m..lO.v...Wx...wf..[...k.M..b.o...J...3..A.T...9r_..b0...H....". S.....q..Q8f.a..B..2.)}...

C:\Users\user\Desktop\SUAVTZKNFL.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.94854904772463
Encrypted:	false
SSDEEP:	96:ZRmrpyVmF+W7ZWlNzDvXbzQnX/QxgSvrTuZmGhO:mlyVYvkzDvXbzSPQxgSvv0s
MD5:	A1723303BB27B710CDC18464AB2C01B9
SHA1:	B786827415FC93D56916FB4372AF803B4B219901
SHA-256:	781B4665BA3EBD5869D1C7732249293860C85B9DB16B62F8D8A5B443CC64A706
SHA-512:	48BFAD9D58E9D427E3CDE01F12D811240F4C04C3011C24FC7F7168447AB6D9DB1527E8D39604CEBDFF7FF894DDE24A7C3974A2DDE2EF25238C52AF04B87E15E4
Malicious:	false
Preview:	mrnUE.....bRv.8AT..].fl.e.z....L..]1..3......p....>l<.@"..=..}o....0.......<...^.....<."..).6..K..FX.9...$..\........9...p{,.h..p.Dc.r.y.W......=...D\,.5lg^..=g..P.{_Y...-..4.>....M...Z.}j.\.PbQ:l..s .zya..&....pT.?..$"v.o.y ..-..].fj.x....!^U.G.o.9.5I.h.b..-2d...I;.T.....\....^'..T~.rv>~z....H...,1"...$...A.[..i.7%..p...+{.H..}%'.\.....\...V-.,...g.Y.3 n.(b..@....t7Q.M\|.q;..@...4;.KLZLY...G\|.O?Yr...f..J..9.D:.a3...>.J..d!&.&..=k9...!U.g../ ...M..M5X+S..X.};Y.6ve.l.2..0............_....c.=.A....J.d.K.AU..j...r}t.mb...../.4...}...x. ..k^n9`2~.....n..EK..Ueq$$.:..#....X.......D^q.....D....:....2..(..w.....;...I..v-..&..yz-a.R......8.....?....<...[.f\|.~q.....?li......HbB..kI...6.....a#M....r}iCK.....^=.@.G......Q.V1..R.a.>.4.....X.+v..f.JU_.P..%..E.@f.S...h;0........\|y`@..^z.\..V....[..`....R...>...~........X....,m.#.m....P...D.9.n..~.;#..4.$x.5%..Il0b.7......cE.O..\.=.K.GS...A./v.D..1<F.....*8\|ZOV.=[=../..$...]..j..>^.X....Q...N...%...w..gv.h...8V..v..

C:\Users\user\Desktop\Word 2016.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	5248
Entropy (8bit):	7.956799061007829
Encrypted:	false
SSDEEP:	96:q/Rcod0OnvV3wcpHhcIS0T0n+9CdQZzDvXbzQnX/QxgSvrTuZmGhO:q/Rc+LNwcrcISq0nd+ZzDvXbzSPQxgSn
MD5:	B05D05D74905389E688B676369DAB8F9
SHA1:	032D942EF2C0CCCB36D07A3E8ABA5B8DA8FEAABC
SHA-256:	B64FC3FE1E931FAC9CA16A942616BF3889CC584F66E93A0F38E60AC1E5A31F0A
SHA-512:	5AAAA506605DA12FF11ADA1D3DC88167182194C1F13307FD33CEAD8C9541C85199787F57F35627B26ECB6C4464063B247B0BD96053103D7C55265032D7B1105A
Malicious:	false
Preview:	n.!.9...x\|!.h;....rj<DMv.^.l.$0..TO......#.....ERR.S.V......3..,Yj7..............$...~..f..(4e.p+.2l...M...'...Y.@.+1.g.....'AA...A.e]..R.]..8.H...D\z...29.u...tJa.<...u..$.7vx^..e..Y^eh../...d.-..h..u7.D.'.R...?1Bb.T.M4]]..b...h6.P.m..c...Cz(Z...k.7....7.>{w^.6%.GVLy...].`..G..........@'`..R{^..F]...........b....4.......v..b.J...g"=.#iQ.$.S_.._.AE...j../...U.o....0..A.f....Q......k.m.A.1.....j.8.UF...Jj...g.@..F"y....J..Ni..b...>.J..o.~;bk.p........ak.&>.ak..nD...~.Z2....0.^....\x...Po...F..Z.yx=.)....C+.m.....,..Q.Wk..;n....9.5;.mEr......S.3...%j.7.>Y.!.J.^3<.."..$.....(..?.gX4...X./......l.p...(...!}..........]..U.\Lw..BX`2...qG..u`\.[.^..I......O&@...Ee$%t.8. .(.9."......I.Z.o...B..^...bK..`}.)W...P......gM....-..];j.....~N0}..v.....a<z....Q......."fJ..mndW3W.o.....G.B!.2\sq.Jm{..+..$.?.V.).........]...B...l..A+l+..F.Q.9L..N..Z......_b.....$.k. e......{...EBA.g...]..J.x..e.K.s...WO'...F...~...........?/2J..'9...$A....h.>.Q+....)

C:\Users\user\Documents\BNAGMGSPLO.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.9534985969498075
Encrypted:	false
SSDEEP:	96:JWjsqBvKI+QzVBMzDvXbzQnX/QxgSvrTuZmGhO:Mj+ITVBMzDvXbzSPQxgSvv0s
MD5:	95FBEF86F4F8F8F150F8AC95F5E4EEE0
SHA1:	A5A3BDE6E4E8697D35E450CC270549AEB142F7B8
SHA-256:	DEE552584D1C0689B57A727090E76848D9B95ED29EF3EDC511F0F0945564BA8B
SHA-512:	F2C0490046030F40C8BAA128A8A741949B7600CB35487D98BCC5E2FA1C84F12DD889E20FD0E99CB2173307ABCF54EA4ED8DEAA2DC796A5AC61B6664A8C2B9B56
Malicious:	false
Preview:	....V...j.../...Io&.0,7.OAc.B./x`.......XD..X.....N)yKD;.o.<..3.fn..2...(uqH..7...T[K....rW.......P... ....Y....,X...i.~.7..s.40./...9TG.R.%..J..v.5N'.4I.M...a....W...QJ...O....-y.5.aD.....E..........3@......P..q.X....!.!..[.. ....9e..UH..$+m.....)W(._.B..1..].3+$.....M.._.f...g.5=.lB...../.R..^h..qy.,....N...D.2%Pfs..!..4.\|...,&e..g....n..y.w..Lh..R$.........}....Z........a............./.Q$.j......W<7...H.E]l.5.y...edH..R...CU....o...S...fd..^.R.... ..[...Q.r..z.P..6....../-P+.#.gn.F..^>..<.z:%#..Ql.\|..Y.h..+P'\2.P..c....R"....).e..Q.<l..L.06G.#.NK.i.l+...i...7...;................5.rpvp.i.....!.=.v........p?\|j[0....IJ>BD.{q.C.......h....~....6..1..7.......X.:.5$....:......`..GZ.`.+....Gi/#o..........:.Jt..r.=..[...>.q.Y..~......u1....k..H]2..R.p....h..........\...U.}....W...... 5.If..Vf.........1.b.TH...P.......]k..A..y..i=...N)i.:...8I..S.i.I.[.g...%....p..ba...f.....k.X...0...1....%!..Ey0:.j.e.w.@..W......V..t.R....+.....2...5...j2

C:\Users\user\Documents\EEGWXUHVUG\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Documents\EWZCVGNOWT\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Documents\GRXZDKKVDB.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.947778249398022
Encrypted:	false
SSDEEP:	96:B8/EHVfWVx41AnMzDvXbzQnX/QxgSvrTuZmGhO:B7fW+AMzDvXbzSPQxgSvv0s
MD5:	4B545CF1260509208B7B04C68961BF43
SHA1:	19D462CF69F76C038B83397294800B46BE815614
SHA-256:	C158E4F94F3DAA9B48F86B229F56B04431D58EDDE6621F3B0F28C77CFF6FC710
SHA-512:	569301D3DF2370EED95FAC7AC5CFB1E9B52097D873CE02425DE05E4227A9D1E69848313A79B38999B72F0AFB4FD0905BD72D2FC3907EF32B3AC357569B3092EF
Malicious:	false
Preview:	6.oi/...._..GAN...m....kM....(.\|.Q{..].U.n^..O<.Fzj..Z...K.#...Y..UI9.,.f..$<.?_.x.....WZ..q17K....1u..c...y.,...g..p...g..........<.......%..zpE...W.5Q'...,R......;...gSf@.]"h..%..?.Hc...B.....;aio.=H.....K..iJE...L......l..\.....<R5D..w.mX.9..D..\L.t....M4.VGJ....T......4h.%..../y.a"J.we.U.:R"..$c.z..B...}.....&-.D...Z..4.^..'z. ....5..w..0..p.I .\|d.'.x.ur...W..-.=.:...}C@..R.).F....+.......6$...S..:.J.m..G....<....UPx..NM3r..S.%tR..c..Q<1....`..........%Z.6...+.s3.N.....A...fE...N...r...\.........J.+.t9f.90....8...66.ng9Nq..?..A.......^...a.....r...q..m...0..CUy.Q[}P...W........,.M...`..vC.Tm.@Fx.1.<q.L..r..JO.w$.....a8....V4..sE.;.s.~b..j...#[]Yx.._=..'......{/..y"...w..$n...yOrW.W38.J=P.. .6..+.s.%p..V>..%....^...^yO.^.._$_.H.j...a.......d.4$p.M.'......Z....i.....c.Ud...N.C6....OG.6FUF7..S.}....q.F.\|..Kz.K.......+.........x....!.5.X...$#.i$A.t....h:.`.".........?.$+=.^7T.D.....i..8..{3..PN.m..*.X....5...Oz....X..o..\|.U

C:\Users\user\Documents\NVWZAPQSQL.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944081504576723
Encrypted:	false
SSDEEP:	96:S/UQwS8n89zDvXbzQnX/QxgSvrTuZmGhO:SMm8nozDvXbzSPQxgSvv0s
MD5:	0DF6985A9128E957D4E808915D208675
SHA1:	5F24C1145984A1658E4DC390C02CAE23381B78F4
SHA-256:	0CC2855BA89563C2F94A82BEB5FC2DCDE0CFCCCA1FC83D5BDAC6CA5D7083913F
SHA-512:	9390BFA183B89E7D97AD4ECCA5CF708F70A02B2039E9694829E374F6754BC10376C23C7B9DE9C9F847BFCB6F517DF6B0FBAEA63FFD255C7162E47DCC30F126C6
Malicious:	false
Preview:	..:....e._...S@.[....m5!3>..........F....Y.....O...S)...l...T...j.!^F+`3.....".\).!.p.i..a.T./IHC......[G<.e.Hd.W.?.`.1,.....R.P.q..+!..'..8.L..Vj.....v}q8.7.."t..........X........O,+X1:.u.+.b.....S..r...\u!..g*.(^r....w=!-9.w...sS...W.....H@.B.7.O.G...........5l.K\|...T.......lY...o.g..F#)...5..?.X........[.........lN.i2.Q.^....."..4.Sa{.k.......z<zA..\.B.C.m.Gp.;..%....Sv....n....N.p..-..{.6....@..).?!....[...J-NTG..\;.HAR...2..@x7{../eH.0t{b.G{N;...7p.wX..>.\|.........>S........N..f....{J... .Z._.e..f....J......A]ud....r....p8C"64n.fMJ4)..Z.@L..0O.....r.....p......O..5...\|B....(..\.......P..B.l.Y.t...o.kq.V..0f..#W/..Ib....`"7.........`I......')......,....~..._.\|.@....:...{?d. ..n.._^..oP.e&..w9..A,z.m..Tkw....l....g....`%3EGs...:-JD....CGP.P.~\.4A.n&I...A..Y..W.=.h_..u....y3.Ev.~.n.B.GT:..$...l. 2..!U... M.....a.y....\......A..Ht..X.(.....C%.3z(.......pJ.r..../..........(.l..O.........iS....n.A.)..c.=.S...!..&O.:...`..<.....OCQ}..g...e

C:\Users\user\Documents\NVWZAPQSQL\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Documents\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Documents\PALRGUCVEH.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.952135513746831
Encrypted:	false
SSDEEP:	96:KhAB4eWalUsrxzDvXbzQnX/QxgSvrTuZmGhO:KhAB3UsrxzDvXbzSPQxgSvv0s
MD5:	D62553472DB53910EE5E79D4B6EC1E7C
SHA1:	FCB8871323899C17452C38E5B8796E4E886DFE19
SHA-256:	5404EA1836650DAD967047BE92BDD5A2962547CBD5D15469321608184B47B6F8
SHA-512:	1F4B08676A523913B916ECEE9E0002E14EC175E52024A2286B5BAE2A32462A378E8D1978055F28D4D9F7520DF16F186DCC7B4C81A826325521E1E93240CFEF8C
Malicious:	false
Preview:	$G......U.....e(./].7.hk.+.+.-Y.?1.}..XS"m...G.Y.roGo.P.`..2r....p.U.1.+~}.XM..Zg{..q2#rR..g..!w{P.....6...&A.....X...G,..e{.8.t)..e}......,.v.2.....%=....E...,.d.w.\V7..{.u...A...........Xh.l}.aM..y.V.2R.@...K..;.....:........a5...3...s_[[.i...."x.....z.b/G..19..T6?..M..u......Z...Rw....b......V.o...X'....U..7..q.H\+........Z.q.M.0...E..P.k.y......X..K^.'......}...78.....AEw..D...W..Wd..$.%....UK..SOm;H.^..C}u....=.X,r...!v..Z..Ce.9..pZ.........I...kc@..:. 59.'x......8~.@.......]...\..ia.F...DSt..g\7..k..4.s.....O...1Q...B.!...........@.....-...H...q....e...y..4.i....x.tg..k.>o,z..~I.....7q&d....{v.V..>w.09......;..D....(.yb.L.w...S.h.Z...@....>...-..R'.\..j......1..'....i.Vr.#._.+Q.9Qc......8.bg.kq...gu.)......h....Sc{...n,$..u.:..B.P!.......>.(.i-...jan.d.i.#....mW..*.o..TF.[.v.M....3..Q6E!r.r.0:B?o..SS.M;.D9s)nG....F.Z...g!&..<o!.r..t4.............b"..,3.AO.3.h]Y{.....~B{...b.=.x=..BE>W.....}...].k$.%...4.1GB..c1.....jc....hYq.;.tY&U.c..

C:\Users\user\Documents\PIVFAGEAAV.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944766297591436
Encrypted:	false
SSDEEP:	96:D2so/vFeh2PNynzDvXbzQnX/QxgSvrTuZmGhO:DenFJPEnzDvXbzSPQxgSvv0s
MD5:	449A67B726273D8B2A75AC91C507CE52
SHA1:	A9D97B91710515116BC7536558413AC27479C987
SHA-256:	6724476C83177E88B9099F4F6AD8D08742BF56FF61FBC8DC6B8544E698B75B1E
SHA-512:	C8F525534112BD88A0AC22A0D647F05DA92E656F67715C1274D7C898620EA8AEC5E8B21D3ADE3CBC665F69A90FB5A453C4E93C24E7436A77BAD032E09DF20731
Malicious:	false
Preview:	..?j'...OI.........M..S...w.....}....$..sV.2.t.#h..O..N...f3..L....Io..x-U..'.=..x....3..h)....0@...r.j..[.....#QkC....X.D..Nr...W....z...1.e..+B.G..A&.T.H..M..\|..E.1.]k.).=........r..y......t..R<+.yB.f......@..-.L.?....>i........q....P6........0.&..].U.a&h......7<...:.V.....vlk...T\|R9).X.b;.D.....#:..en...".m.........._[\..!...ze.".{AO....Z+.......%A.&...7...ZF;...`.P.......]..Dc._..0.9.^.yk..z-aa.....{W.la.......6....^..X.<..?wL.o..o.$.........7.....L..U....AV.....b..',C..+.C...~.. y...^...S.3u.....T..a.jJ.;.t.....).....aRqr.I..?.L....Av4vzDl. ...3.J.a._.t..s.....@..~.8...f.9..wfq.EQ...J.. .q.s....!8}D...T[.rX.l....Q{.K4.G...2.].(......-..jR>l....J..K.P..z..4.....z..2.b]\J ..~..J..Xy..h.,...yK./.[.\...5cthj..RT...>&'D.0.).....J=..zw..U......*..0>^;$.E8.r.)t.~g]hAMW..+[-y..T.`WAD..M;."F........q.......K....BF...b.n...5.E^(..oC....}.........9.Q....+..T,._u...w5t9.B....4].E...e.O.#....Z..5r..:.].S...V..$..wa..__M..c.b.b.~...:..{."{L.6.z.p.

C:\Users\user\Documents\PIVFAGEAAV.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.9444903461936285
Encrypted:	false
SSDEEP:	96:/d2avr31IoKQnzDvXbzQnX/QxgSvrTuZmGhO:/Xr3xnzDvXbzSPQxgSvv0s
MD5:	7F091F489D52A56173DC0D898C2EE88C
SHA1:	1A0F498A87E1AE98AD7908A390590EAD6C77D095
SHA-256:	0F6DF8B13FEA29882DC8BDC3E319A3C9AC1C3B688D05C6BBD517C4A4681FD9C8
SHA-512:	F4464F037CA4E31E0C903203134AB40FBF5F0F2D46B5E634AF066B566442B41E7184D061EF3260ECAA98A603A0112A1FB8D6766D101E0971F4931C5EC3D4F77E
Malicious:	false
Preview:	....J3....~.....a]..~..?..0jX+..T._.4.'s.k}....&.A.X.,).%"........{k..g.?.y.?.6.Y.".....w.6(Vu..b..3...}K.\.....6.4....77....Bi.....5....@...P;."s...&........cM.fT...73.F.....L....S.).#k..~}.7......uq.1..tI..{l.j_S.sc..p........g]v+.2..)~.eX.4.v. "....lu%.:C. p..7...~....,...c(>....c./..0.K...-.v.b/.........X.l...tB..X..^8.g...S....xy.P...C.T..m..+x.hm..!...t$.a1..O.)......u....)......YC.S\.\./.....i...r-..].m.#..YN.d...d.....$........9.TS...81.sI..<.......p.'(.;6y.&:.7.>.e..].....ZP.Y.:\.V`e..c......+...0....0.X\|.=......Y..9XC.v$o.<.....aq.!.SQg..;0....G.3..x...uk?...G..!...ScX1Tc..ke..a.9.a.p..?X;~ef.S@..@..(L.U....@M.....E...2..U5A...............P........P.2......TE..............na....3....F...Na..Q...#.Z........<..^......?.w.........l[n!E9U..w....D..........Q[A....U..nz...38..G...;.W..s...9....,\.e.o..P.m{.E.EC..n.....NL.sN...<..6.~.'X....".-.^X.t.K_.zCJ.)....3.K....!.ba+...dt....qF9.......w.2m;.F.5.p.i...Lk.?M<.V._E...f9l.

C:\Users\user\Documents\PWCCAWLGRE.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.949431180250705
Encrypted:	false
SSDEEP:	96:fjlZrJBtQfpz+qzDvXbzQnX/QxgSvrTuZmGhO:ZZrJBtmz+qzDvXbzSPQxgSvv0s
MD5:	B8EF8FB8790D4E55AB582C88E82D329D
SHA1:	D557CD2127B796DC96E2B01FB726CF24FF3BA8E4
SHA-256:	562CD13DE9565AC1E8F43EF86B5ECE19AAF8F71EBBCFF705F01A4991801C799A
SHA-512:	678DAC3D6D9CBAD27488A51E69E948A430AF464EE8DB5FB93B4090AB8948138D5C7A14971514A5E506D0FB4FFE9DF43F551244795F2C943D4ABBF9909C24DB9F
Malicious:	false
Preview:	<GT,8.../$i1.j..[.y....H......J0.w.4._q.8~..^d.Ke...'.....`......=..Y.=.......Y.S.9.RH~RQ.....Xu8.......E/..O.PB..r0.......].r..uB...~.....B).y5.p..G...L-.....R..;.-..=.]..'z........,F>....(.Q...y..N.\c..X..!..uH..Cj...p..`...Q.$..EX...=..a.f...T./.3.O.,.G..D.U".T}.t..+j..I5...y\.(w...sS.lT/....G.=_.oG..f.<S.UI.L2..Y.W..4....o{1~.j.D$.Dp!..aR.....'.7.jO...~.uJT.!....%ub`....n/.5.I./%..Q.5AR^.5.f..T.0A.K,Y~..#.H..Z./.."M..[.f..r..-..3V..L6....)..\.t.+...:..G.vP...:.bO...h.<.<....U...v....<.....U..l.......<.mk."...h\|.us....t6F......p.........v.......4.D..p.........(.....Om:.}...fdX"'. 4..=.vq..-.!P.E..<.$.E..,....#.......&.....;7-@...D1...(}f...f.Y..+.A.....c.q.'....i\Z~0D...6.OB..{.S.{m\...l..6;w>D. ..9.C..y....K...f..6..V..h.RZ*..f.-iHSh......%.%....... \.B........&...g$..o$.K..).7.C...Y.u>..\....@]~.....H[.x...7.\....o.L..X.J.6SO..w....ts..&.>._.K.@Z\.F.1}.........T..[4V.%.b..(Al'....P.......?...9..05N.?.p8.E.$.3.].k..x...X.T.

C:\Users\user\Documents\PWCCAWLGRE.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944077483396339
Encrypted:	false
SSDEEP:	96:vGw53JuOOO+0VHheu5iHTzDvXbzQnX/QxgSvrTuZmGhO:vGw2DjuMzDvXbzSPQxgSvv0s
MD5:	6266AB595567571ABC4DFEF8BF0451F2
SHA1:	4D68792ADC2B03E8C78D8D4619A87C185EA03BF0
SHA-256:	C67C32986AA0F8777EF40DB6C53810AA9E034D07629C0502DE06DEDFA090E223
SHA-512:	C2D33CEEFE1C9B97FA880CB28F10092FDCC4A94239D91041DA6C0EC67805B0A9F8BCFB6FD0ED0D4FD5AABB157C047C2098B0E39FF7032DEDCC2C702E17D7254F
Malicious:	false
Preview:	g+fk:X`.......C+.G.ny..[.+..DaU.x(F......7!,.hx....?HF..... 0+..}"..a./.....M..xCG4&....dK=.$.).P9..UY.->...P&......II/:^.{. ..C.# .9.....q..o...2B.F......@o..........$^l.XZ..#..Z.!..0.#....2.....'.%.x....$7.Om'..r.>[.u.zB...a].Q.S..G.o7q.yu..\|~.X.0.9i.g.,=0,.-G..$nrYgHK.+..........h.%6T...{..>j}.\|....A.... ...[!...&6.._k.....>.^V.o".R...1UOCi3B....ZF`m...b...4"..4j.l.6_r.D.0S.MM.$m..^<bj.FI...C..v3+=.a..Sp7... c.9.pt...0.Q..:........%^.Z..kw.{{tr.il.........$Qj1..+.OiP.b..._...#...0.....9.....{.,/.nO....hI...O.OO..[.3fN......b0qQ.G..r.l......N8..A"[.B....]..VH..1...fk....K.9.Mt.v.#..u8iq`F...wi........i.Q_..Y.B}^...5...;..:w..S:.f../8)...........rK..bc..r.81..0RC[f.g....x6.....A.....h......h...y...!%S.2.Au,0.?e/..>..(Q.I{L<X.6.^..5(..7.'...^.e.....ZvN..;.&4.8.{.LQ.[;.e.a.l.........$U.x9w.Y.W..(}~Rm..m3..`.....&RvK....!sK....{.9.H..-..^.js...n8.pM.M6..A.. .2TG".\|.c/...vQ....r...Q..`=.M..d0U.}...N...$..Yp7.+....."..\.w.T...&n..W..

C:\Users\user\Documents\PWCCAWLGRE\BJZFPPWAPT.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.945244659375988
Encrypted:	false
SSDEEP:	96:RNZHDk3F/jS40zDvXbzQnX/QxgSvrTuZmGhO:35e/G40zDvXbzSPQxgSvv0s
MD5:	836CB971DF7978F83A58B0E7D32B9993
SHA1:	9F981D367CD4D747FA9FEDF397D0C08A8411F713
SHA-256:	5F9545C16BC2097139F5FE708CF7064E0664A8CF35187DBFF6E9C18B5A38FF71
SHA-512:	4A95D13779FA17A154F5079D60DB75A346FB43482270EBDBA5D53E4596F4EA1207E6928D9C55B91E6E08D5AA1666D14ADCDB04A008264AC0316E8FA5C4F3F6CE
Malicious:	false
Preview:	...0...,".4$..K.{..Q..................sT&......U..;...1]....P.....>..........\..I..S].KzB..v..].E 8....]..........t......1.......JZND.[........I.....x...,~...3%....C+r.0........Q..f....I.J^.>/....$..t...r..oV%6...<.j..~..0.q...h.w3^9.S.b.p.y......sJ.~u...G.a....EG.;../a..oV.+%G.p .C0..]Isp..\.5...m..X.kI..NbS..4.;_.9Z............M...#..-.3.r8...._...U.?..:V.d..P....go..k..A.x.h.g3.A...#j..cn......-...k..4..Fdg.G/..a..E$.O.'.e.......x..('.`...m.$.....7}.eh`....U]%.y...J&..`.][k.L/A...=..!...o..u.[.a.GW.b.+.N."8/....PxI.hgKe.. ....ok...i...u.X...L....y..R.u....U..g(h;G..\|D..."...S7..,ZK1..8.Q.....K....wb........+G.4....0.)....0L$....Q../c..,.s....'.Q...%.Tp..5.....+.....c.09.........\|...6..wy.9...A.fa.......c...5....8..ID@]......=!.V.aX.....V..8. ..@.a:..+...V.ki....E."`B../......X<.N...L..?.P....2).-,.hG.3.Z....k.gm.3Ksy.(.U......N.. ).W'.OO(....-...7....tj/.6..j.B.....cLM..%..0I;yZ.....s\|P.......A..=Q..Q....u...hC.U.l\.M...bJ;.f."

C:\Users\user\Documents\PWCCAWLGRE\DUUDTUBZFW.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.941980300833229
Encrypted:	false
SSDEEP:	96:VzwwAnVkWFM/jn/zDvXbzQnX/QxgSvrTuZmGhO:VzvWVrMz/zDvXbzSPQxgSvv0s
MD5:	95C8D297C017FB3B0B075EB26D82F932
SHA1:	5A19E97174536D9846A95E66F29A21E0596BC517
SHA-256:	1BAE53AD4C12705C930120BBB9070A11AE5C2067EC186171D3E1CBB79F55ECF7
SHA-512:	2E778C8DCCADE38D3F1C38BB8269989C63851FFC8AD6ED1D9AF92D0207D7D6C7296E75ACF917071BBA5C1B8A1E2574F57A6BB04F9778D36281717107676AF405
Malicious:	false
Preview:	.8..xd.....Oi..k....b.4P..;2. N1Q$....B....b.qe;....5...$....:Xu.I.....l..%.....(....g....k....s.\|.....h..#.S...W.P>CLN0.&5hd.c....<E.0k...8=V....M..G9...-.3......}.....1.e.U....9~..."..2.$..e7....F.J=...%...._q.O......8..`.7.4+..Nz\WBO....U.%..>.U6......s..aF......;.#....vC.WD=.Kw.....C....$...B. .~.0...4Ume.......1Xo.b$r?..i/.{~J..a[O.4H.lo".%r.f....L%x..&.....{T.(....)C.9..$;.....H>`.....L6...$x. U...h...5.....DYF.....)...W1%.."..aK....?.\|..g.r..~uJ.5'}[y.D.S.....).K...].Wk@..w.....%.BZn.....O.ai...5...1+,...:.u...../...........J..q.K.....lV.......5..g.qHO......y..wy.3..x=o...b..l...+......e..).O./....'...vn........=....C2.4=w....(...+'h..q..O...2.I.Y.......>$.....^b6n]..q%)h....ax ..B.Fn...7..........R.oH[A.J..!..\.p..>.c.:......Y0....v......._;&..Y.#2(.oQ.Z..8;.w1>......0~b^.......^...D.'..=..8w2...X.<3....\.....uaPM.c.sg.2.'.Fzf..E}...i.Xl"......].e.a4..... ..b@P.A.5G..K.:..fC;.....'.&..o..]...,....#y.`.j.!..!.=6.Y:....Pn..

C:\Users\user\Documents\PWCCAWLGRE\EEGWXUHVUG.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.938293395468472
Encrypted:	false
SSDEEP:	48:989fSp7rajdGqXyQ2nHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:KfS8jMqC7zDvXbzQnX/QxgSvrTuZmGhO
MD5:	C18CE9DC6DE8474732A21064E83FA0CE
SHA1:	BF0DA27A2C1CB75956B210F158ACAB51FC4588B1
SHA-256:	19CEFFD41723087DA7B6B0EFE0823E71A92E6E41D2024E9DDDCB61C86A8C7D54
SHA-512:	B5126FBE04C6A4A18D515A0D82BC3C8F496ABC5B0362444FAF4E6F1AEF923C9BDD295B97856E4B525D4B3FBBF947DAA3342AD6F13B45B04C44EFD2AC8F2E8884
Malicious:	false
Preview:	{........S.0B4.9..[F....9...Y<..a./..U..;~AG7..8.5.#P. e;2....y...$........ul9}..2c.. ..1.9.......g.p..G......S..+..f.b.1..D............F.R3.Cp...BXW.$..e.:.x...7..h..=.[D....)..c...y..sWPmF......v......x.h.6$u!./U5.e..dgw...7....Cb. 9.....%`^..".h.X..&.N......'.P.:....c.U.9.:....w..7b.H&.[.+u..."....{.f F...r..7..J..`K[......_}..A@x.......0.0{..LW..".}.4F..8.]hv....8x=....r..Tt....n<Xm...q.Y;.V._.j...b m.....k.....c.].no;UY./..gJ...6.."....C.x.I..R0-..7l.G.;.R.T-.......;.?.-K.5..c+..u..`!.7z.. ..knK.e.....W.4..h.V.{..5..b.ZN.h...A.+;..)..Q.u.C. 6...$`u.}.....i...n.....&......L........m..... H}I.M.(c26........).......Mm......t6......H....7.....>i..;.3y..~.........x.....XU.5.........Z6.....W.Y...I.!S..;.b..\...vbw?:.~.....k.......V.KC.D....XVm.5\|...I..Z..K.........3b&.{...u...nuB...\|...) >..wO.W..].6U..8...DrW.X./...j...(d.=6mz.X...v2....+5.5`.E$..Q....'......X....$y.V../.L..F.....H..X...\|..\|.?k..A..BT(.Nd....*........ ..O....A.......

C:\Users\user\Documents\PWCCAWLGRE\EFOYFBOLXA.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.9493247551982416
Encrypted:	false
SSDEEP:	96:T8zJvv2dKqUcnbHzDvXbzQnX/QxgSvrTuZmGhO:T8zJn2dKqljzDvXbzSPQxgSvv0s
MD5:	93890CF12BCF31B8DB0B1DD5D8115858
SHA1:	AC670484851AB81F6614D04F919A4D2DA2189CB7
SHA-256:	5D79D1C080C9127CCABFD56BCA34A97976E230AE4A51A7ED0B932FC912649F82
SHA-512:	676C4BB0D1ED1D9FB7319A5D2992730F1983BE913E5C8E56DFE9B8A887F7D545D54B4559196D8A8683CF9CDB80F61D356CB6A0FD811DD0F2BF485B0147471990
Malicious:	false
Preview:	I,V_1.;H.Oc.q......i(.K.?^.......%ZL.Z..=....7..X..B...&=.Y..sTaW..E.-..y..G..D.Fg..A.Jx9..al....J..../..%.3.g.?_..[.....0.A.?.t.v..7.Q.P..j.6.....;@`....'s......+..1.....<g.A..J.S...+.o...4.KZ81.:.....H......A4l..b....9i\..CI...}....h......V.8>n.v..&.nh,.....M...u?e3..gJ....B..!..2...X.....9.....k..^..1..GW..#...'..P.S.k...H..V.`..vi.N.R..G..K.R....]i....c).j....c..=..hQ.n..{.0.d....64....;c.1.Sh..44.T...A../..)..Fg... Z...gSJ.Uo2.b.D...I.S..2..Y$.g..#..z.P.I#: ....$A;y...X6'....q.5GM...xU....".C.4\#e..Ig4ix2l..X._.=^ ...Qp/.G.{.m`...Q..4......j..5T.1...W...= .<w^>2(...j6.Z..W.......z..#.I.4.Kp..R.O.$..w..[.G'kx....F..FZ@.S..(.B....+..Ge..M.n..9...........YL0..).}.(...z..?r..j.K 4.+qi..2}v.....v.>zT....k634.j."t\jA.s.DkT... .yl&<`e`.V.?.6...;.$.I$.MdK....z. .h..\|.bN.@...q....Uh..5..>.;....3....ok.2wF.....L.d.......Gn..a.Lw...$.X..+.H.h........%o..af...~!.Y..7....?.H.V.\|Tq!..>...b.A..D&R..b.v..u..8.x...h.....z.....]6?N.S.l.

C:\Users\user\Documents\PWCCAWLGRE\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Documents\PWCCAWLGRE\PIVFAGEAAV.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.955360116010409
Encrypted:	false
SSDEEP:	96:uGIHR7svgMzDvXbzQnX/QxgSvrTuZmGhO:eHGzDvXbzSPQxgSvv0s
MD5:	BF89D9E52311C8F0271E5E5103349DB2
SHA1:	F9F1B3750326F0113E8062E5504BA89F051FF229
SHA-256:	96B6AE46A7054740843FE944EEEF6A70F2DA5DEEB207CF872372998ED496A364
SHA-512:	5309EDED1964AA1253841C70F7F8678445639E49FD301194B8F49FE0749CF30740BA8A22F07B8903D2CAA0F81E2E16E5E84A9FA39A0C39A7790A77DF77354168
Malicious:	false
Preview:	.F.[3.S....;.gu.X.]S..h..D..)Q.......f.U.%U......}s..v3......^. ..}.^....0.K.h.~q...E...}\|.9?..p.$+.......nr..^c!.....:fCz.}...,rk.x.F.7`Yl}h....v?......R.8..T...O..}..y..a.N...x...e.iu.....K]j.l1.?.x...'.8....w)......}..<.'.t..$.'.~..pe..l...Wi%..)..t.s(...n.XXWX.6..].'..O@...@..D#...C.].&J.Xd...).#.h.$.~.-..(.+..W.I. sd.....gb..v.yB.w..r.....D.A.T......w..-.e........T}...A...U..CZ....,...V....X..>....uP....aO>..Sq...F..1.C.k.c....E30.M..DBr...o=..4K..35.Y...n..Xo.......HT...!.9.G.....G.n...BQ.HPO.....9.....2y.....aE".=..!...S.W.i3.....B...+>P!.C.........L7..Q..;.f`....\|.>6..s..A....2....~.b..K.....qet...I/.vT.E..F.!J(.....z..<.....g..W0"P7dt.d...Z..f......XZ..sa...:..tNNz..tC..n.]...G.z...ddBvs.A61}.....\|.w.5M..b....;...f.dl...gd...ep....Q..;".{OqH+....7..h.o......7.%.=).}.._..&.K.b..E...........A5-..E.aJ...LQ....lo._Dv.O.H~.......v.Y.w...$..=B....^\.g....\|.H...{..T$.. W....B...Mo.....ZZd.3.....R..2N.8#....g..S...../n..%..#..+l.c.

C:\Users\user\Documents\PWCCAWLGRE\PWCCAWLGRE.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.948960747751249
Encrypted:	false
SSDEEP:	96:EpF7Azs8lvHZgUI60zDvXbzQnX/QxgSvrTuZmGhO:axAw+3I60zDvXbzSPQxgSvv0s
MD5:	E99ACD565DDF4AF8BEF1FDDF26211A73
SHA1:	228FA29165B5D2465627A3B7B6279A9CEB763201
SHA-256:	8F9A3502E0A481B9261613123C377F5031059C4E870CCF12BBD9A227625FDE5D
SHA-512:	30923705E8BB14903F7E768207DE199E5EA60F7B8BB1DF07B24C7E64AB45EAA60B0B3E79F566C2AE2C63687EE450BA04C4EC1B8087244AAC3CA0C6C2B9581EFB
Malicious:	false
Preview:	.g.83&..s...A.\|Q6.rB .....4.91O...t...9...<.."......p$QT..F.6.7.......W......P.......u..c.v.SE..F....R..Z\..~S.....>...Y.P.....L.c....s#6XD.....]..JF.'.....>[2[.Y......<Y.{..E...j...p...-P.:........?.B;..........J.%.h..._o`.C....g0..`O..x:.....F.-...\|.H......&M;=..S../v..}...}M./uxefw....J.U.x..@=XizYR....LE.,..p.v.........&U.:..ym.%y.V.^v..?.1..$}....!.>X...w.]....H4..E.\|...]Y.X&.5.+.Kg.x..,..(97...S...C..o....&a....7..02k.Z.I...V..v..8...v...UB.V.).... .9.W(%....`?c.qO..!..?.t.5q.........=t..E.Z.._..~b..F.I=..R.Z......xaM..cj........%.\|.PKY.cV...%....\y..c.U.#..I.^VS..u~W.o.Q....n..v........\8..=.;wuK.......<L.YW.9..h....s.........C.i.t.d6.Z....z`x.w.-.J.2..R...........(......J.....W.D.`.b...s.G.VQr..(.-\L....GNt%........?....!.$....P0..K.,.\.....j,...W...as:.4.{........#...y..M<.KQ..4...(K........W.P........D.....>.A5.....=.j%x.....!..6.....G...].fb.'-8.H...g#OR....9'.'M..6...A#.a5F. ..(Gq)#.._....7.P....0.~y..U..}....G.).S....N

C:\Users\user\Documents\QCFWYSKMHA.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.950202584574142
Encrypted:	false
SSDEEP:	96:X2Cs+n8vivpHXyeDzDvXbzQnX/QxgSvrTuZmGhO:X2Cs20EieDzDvXbzSPQxgSvv0s
MD5:	AB44E838E519E3620E3609150CB26F13
SHA1:	FF422572ACBA23D7B59183089BE9D28AA41649EC
SHA-256:	C1D3302DFD3F643D6C67BAD283B853F787CF3329E416CC4B59CA0B47586294C9
SHA-512:	789A19D13470AACCF97D7CCB2B07FCACD486865D590E0F1CC18C44FB4D0259188A0A65029F8303681FEAFD69CC6497B7CFD8D1276DC68D76B88DEA481776E9BC
Malicious:	false
Preview:	.z...5%{_..>`.M>;.t{..D...$[.\.....O.....p...<.....X...X...G..]....:4u ). .a?......{...ID.1.N.Q/.m.."/.n.//.....9.....l...........1B.7...^.a...N.I..A..........4..J.\|b9O.].5.R...$.e^.K...t\3...18t...p..U~L..}....0.h.j.".N..H..ZC.......;.#.Y...SH..;l.[)T[..A.\|.....&~....U.2h+.X..S..!^H[...ck%.3.L.p....H^Lb.%.d.j. .i.#..`oN\|K9..u............U..g@. .p.........U.8....../..q(.+2.a....0.t..... ,H.fAM...T...n.....k......0...8.?X`....y.(.....x.q.kyO5.......w.....\|W.PO.Sj.M.t...v..h^U..B.@.........b....C.&.s...o.T..S/.N...?....=\<..A..~.A.....O.d..o..Y...Cq.d......e..LSn.....#.[......~.M(...sb....l..m.5...m.....+.q_K.E.8w...p!%pq.Z*....p7. ....m.O'.X}...e..E.g..s..>G&)...2.....+.kg......u...!.......6.jF..S/.G.c....@......v..9..I..'.pR..s...U..T.i..!B..Z%.:...~(z.:.0@f ".M.2...:...T.......0..m..\|.'....o.P..p..e7.t".E.E....a.Z9%,..\,..3...8.Hl.`....e.\.....'...y.!...5..;9\|.V..n$...O.G....<Z9.)B1rh.........].\|..S...bS.+..6K.,<.q.....@~.B..)F..k~

C:\Users\user\Documents\QCFWYSKMHA\BNAGMGSPLO.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.94341862345862
Encrypted:	false
SSDEEP:	96:o6JoUXGfmvzJyXlVzDvXbzQnX/QxgSvrTuZmGhO:oD+vM1VzDvXbzSPQxgSvv0s
MD5:	C769902CE3DBAB71589DBDD1B5F83744
SHA1:	FFB1F654166CAA6CCF8E645F91141640266ABD2E
SHA-256:	3129E6A1688CAE9AD6C7317457DE26419025795AE6BB419D5F879FA0BD1765DA
SHA-512:	69D9257D2213607162AED50EBACF3F8B282C4FBF638E7A6AFC92032D6471758AEAE3E5EB8E637BE88425B2424CA1F13F0D6A619EF386A1682C36CEAB24207DBC
Malicious:	false
Preview:	.-#....XH./.\....I.U..>.U..OR'...^.).N..}m?..-.....+.;).4...T4m.j!.p..V.u......fJ.k\.. ($......!.i/...p...rs.h................-.__....\...C..../.....O.(-.+.Y.2<..].#+.6...WP..T>.c...Ss..i......kR;z.@z.^'.^g.H.^Z.R...1C..S.y...6.......E...Wg._...9.&...w._..c._._.(...2mx..Z3P...E....3./!J.<o..e...l.:>w......(..bw.../r.y..C.y..........{L.....0..0[.Uf..K.....I].....f@../qT.3m.-.2".A.#I.\|.._..O..3c.].<jV.....X....k..D.......'...x.....`.M..P..Y......Y..6B9.,r,.....m.N...`...p."...xV.s.............R.....q8:..2.p.+..[>...C...~...&I.@p..F..s...p........3.S..._.....\|1...rc...Lw..=.....e..?#&e...c..=..6.c....&.<.....[._..91.>.1M..r.l...H....Jo.~~...+.Ua.h...:.ve....).A.-..e....Q(..D...#.R#.4(...(.s...n.?....;...`,..Z%. .i..........FY"d..y.:..$....S..../..9.O....s.>]..)fM..S....%.&%+.mO.Kh..?.Ux...r.....l7.....m.F....O....?.L.k^..,.......a.c..F.P...O...].D.wD.P..{A?wU....1Y........y..q.Q..9M.D ....d....q....zCl[.)u..*..;..sv....U9...o."C

C:\Users\user\Documents\QCFWYSKMHA\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Documents\QCFWYSKMHA\PIVFAGEAAV.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.949857238544109
Encrypted:	false
SSDEEP:	96:LnRxTcCM8xwXjd2zDvXbzQnX/QxgSvrTuZmGhO:dBcC3QIzDvXbzSPQxgSvv0s
MD5:	7A78982C309A9C4C4BD34C91AC8B283D
SHA1:	CB009BC3B89826EF3D967DBB81791ADD118D0FCB
SHA-256:	437D4298E5536A218B38455900028B992C9704A4A7C01AC9D13BD85DF6D74BA7
SHA-512:	87B572C0B5A44801BB677AF82BDD25159CCF061DEB45BE5C49C4D665F0AE7F0B361FA283D67B18F0C40630BA29C4E02C9112CB6D0C6FDC2FEE404F214CADEB61
Malicious:	false
Preview:	A.%X.Kj...../'......{..r..m.4..N\|.>\|`Q......A[uB..b........84.S=I..3..~Yg..=t.^.K.g...P^.%.a.U.y".u..5.p..0...Z..7g2.....NM........]~.[Xq.!....h.Y?.. j...E...Xh.F....O.0WY......_.6..^..a`.k...<.R..}......#..^8.U"X.]ni..r..(.Ik...Du...8.Wxw..8=#...i.Q\|.HinR......^C...Yx..i($.\.....`...a~\|4\|...s.D.A........)...+.....U..N.~C8...."..Z..v\|o....X.9).#F.G-../g.......(....-.....'.e.Sa..;..$......!......>..A,P&.r.G.....~....Vsy)z....g./zkE.ps16.......<._.F..YU#\;..7.Q..?Q.2;..;OreB..d.c.5.\|.W.T:3.....X...z..+8.I...}...K.b..G=j2s.di..J.+J=...'..Z.;.&......]c..."+....H.+.....f.%.JF.....Gn...1..s.....b.......n$..7..^.....5/.P.y..(\|3.z..T._XL.'.......C.t.......Q..\|......Y.H...,.TI..Y7),g.]w...C....s......N-7U..O..d.........#z.1.G-...iPM..._x.J......'..J...~UO}u.\.&.K.. .;...\|.U....s.f.k....)........4Q......... .?[..Z..d..T,}.0...1.z....*,..H...P:.....\.{R...o.-.:.L...N.k....OA>...F........6u..gD...."..sRZ.. X.g......P"...Zw..x..Q ........$\|;..Q..

C:\Users\user\Documents\QCFWYSKMHA\PWCCAWLGRE.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.947678481749563
Encrypted:	false
SSDEEP:	96:alApRYUAMuk5mzDvXbzQnX/QxgSvrTuZmGhO:UxbMuk5mzDvXbzSPQxgSvv0s
MD5:	140BBA9DB3001CCFAB2E4C4BA85F39FA
SHA1:	5FBDEC7232F94DB08BAB816B032FFB11AED0FE64
SHA-256:	55A61AEEBC3C705AEBE91684E7D5CEAA6653EA42F66309E0B992F1CB63E4D84E
SHA-512:	5C08CC70B0C97AAD789C92722749104F562AEC0858845C82964E2F47A03ED753C38B80D8556DDAE81E55ED2D74DA66763F13EC9D769CCB80CFECC34BF83774E6
Malicious:	false
Preview:	...JK...b[...L`..}.......+Gm...........-.L.?T.)B%&.[+.rU.v.K.o..\|.. .8..SP.\YL..<..v.<._'=..]NW.6.r.......0.....%..-a....E.............=..!....#.Xk..W...}f.s)0;O.4P..Q......<R~%b.-..#.....J.a....Ql.&......`..U.P......Kkz/.j3..'en.i..\|.t#.c^...F.Y.0..%8...F..$.D..e......R..s...$...Gi.#.D..^..RT../0.s2..R....n.....p.G;.J.v.=..z.F..K&.A..;m1.../?..Sy..8 .&.(.p...p....A<.j."....s...69.].\|....A..;...-.8.[G...........N.+r{...\|4...._...."M>...?.'...Q....eA.....' ...9..%/.o<:..X...c..Q.O......%..G..236.[...H.S}.....EP.A..H..h..l.v.d..]o%.w...._..l..F....z.4.c. \|..=M.....#..A.YZ^..eKJ9._W3R...h...S...R..P.;ru....(...\|..Q\|[f..PT\.%uet.G...f0c...>.t.g.......,.Fr.r.y.&V...&../....l.x[..u..)...:..`...(.YpE..oJ.....q3....K...u.l..T].........v....8...z..m..L3EH.-.......T.....+,....M.^[)0V.:.X~....#...A.]...{.w..B.`.B..JT.VA.o;.....5..y.d..R.....a@..n....A..2rY.t!....-=}..r...clO...e...'t?D\.....v.8.6/..]+...-.-.'..5.Px#0...@x...wr.l8.#.}...2...X

C:\Users\user\Documents\QCFWYSKMHA\QCFWYSKMHA.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.946290470111731
Encrypted:	false
SSDEEP:	96:vi83NHG6AA9JzDvXbzQnX/QxgSvrTuZmGhO:viKZG/0JzDvXbzSPQxgSvv0s
MD5:	199D2219E59100982D42907223624347
SHA1:	B7B8A3327DE45D1990C605B82069A1832F7D64FD
SHA-256:	3272EB912D7C2C605BB8136C04E186DE1A17073FAECFC5C6A7C52454AF788F8F
SHA-512:	48EF6BAC266DD7DA7826DED84E0A7A41F0BD4CEF73E392789B625852F444D49372E4875A9920701FDFC38C640103900B59476391A7FFC0E11EEECEBB394002BE
Malicious:	false
Preview:	.e.D.p&.J.g\..[.S#.......qx...IHN....bnC...w.c..+4.........?.N.4...5...\.(^..+. X<6..Gq.@a.g..........mwB+/....$z..~..H.S..Bb....p..-^N...[&.L.bJG....l.."7...n....?z.(B)0myR0u...T.k?A.........t.k..3=...... ..'^z.FVd..G!Oy#.y.M..v..EH.G....bv.....{.{......m. ..(......c.d.......c8...En....=V?.u../&..(...L#.&x...1\..#h>..V.$'...4.........m....5.....-.......T.D.........4.:.3.Z....AyN.2.$...06.#]P<....G4....m.}......HMA...]>..n...[.(.\|y..{.MZH..p~..d...?..+PO..1lM...-2..3.?.v..d.e...... .t.;U.I`.~.a6.Z.6s.\k'...2...u.+.Y.=./-....kQ....n.j..YYDo$9...G..kE...X..b..\j.........-.,.y[..CV}.[E.#J....;.?r.....j..Ac..u.pY..........}g........e.....Lm.F......F.A.7m...C.Z....P.9.c=.@..E7E....rB.>p...8.dK.+...Nj.$....d6..GT.HA.yz...K..S"..g:"C.a...0z.Z.i....EbTj.h...6.g..c...d._..l$j4..q.d..M.o.5Cg.....g...HQ......#.bj24..`.I::....\.........5.......N...=:.5.X(N]?_.BPul...a.......*a^x.ta.../. ....-$%0.j0.q.f.R...2.i.9N.5..).Z;....]...)...+?2.L.d9E../._

C:\Users\user\Documents\QCFWYSKMHA\SQSJKEBWDT.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.956367324235729
Encrypted:	false
SSDEEP:	96:FR/z/kKe49+7dziW0zDvXbzQnX/QxgSvrTuZmGhO:z/kK99Wdzp0zDvXbzSPQxgSvv0s
MD5:	8CE56A8DB1B461BEBF544304E6F2C71F
SHA1:	AF83D8FEE71DB2A29A518E8A75FFF4CF495FFD1C
SHA-256:	BA49B5D56BB82BDA0795E3A0049F189B80FF82F4C7F8E4A3691ABD84BB8413BF
SHA-512:	721D17287240D713CE7F3F0F2501C7A094A496E2BA87591F5017782D8C1042F76F97DA970668F00A03FC32EC2D0C074ED9648FC0EEB5E5F5C94C9CCAAA55FA2D
Malicious:	false
Preview:	.M.UD.l.n..y5.H.....a.#.........b.e.RD..i.AK.r...&~.U..&. 1,aa......U..K-.A....q...SH...e............m.N.p....U..{..........q.......&^.4y.lC.,r.^o.F......Je4j...{.r......R7..6....eg^...c..7....0.Sn..".<..Y..o.V..y:..s..B..#....'...t.gE.u..&..+G......I....6.=....~~.^(.sJ:.lV.1m.J\|..5Ic..zX...@.#.v....4..)E..........j.e..i..,.V.w..v?..E.; ....~..`.e..gm.Wjt(..m..e.YF.........S$N..>..g........,.[....U<,..V^..*...!...sg..r....=..........W.n.A./..`..]>./..+.E..t..%..... [.......,....G8........82...>q...:......(..l.....m.Y..9..G..v%..'...)..H}w5.:....U...~..-H.<..Ml.>.n...0A....\|..7................f&..?..<w....w.....-lZ.N...R..Y..._G...>6....\-.6".U.A=.......>c....4.S....9\|...DD..f..w.P.f&.,CDmB..9.......):N.Z..._.X..7Y..dee.M.2F.\|..z.<....C...L.....BJ.3y...l..a....r_.._$.Z\|........w.8!.....]2....=p....S.3..'0..w.z5..v....B...X..q...Xu.....Y....$1...a..;.......Y.!....D:.=. ...U<..Wr...}7.Z..M.....!^f....]...K.+.b0i.............#.pR..ji.

C:\Users\user\Documents\QCFWYSKMHA\SUAVTZKNFL.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944459225923484
Encrypted:	false
SSDEEP:	96:MIXOegZS4jTaJSYLP8zDvXbzQnX/QxgSvrTuZmGhO:MIyZS4OtUzDvXbzSPQxgSvv0s
MD5:	3CDE8BA84F9DBC9A48A03351914C6D58
SHA1:	EC05C40EE13509B730E1D7B61506815A092A4519
SHA-256:	D08C53F70CF0BFECCAEF24E51FE1A33AFD4AA1A61F9C17EB81699AE637FA1259
SHA-512:	E9F288CF9F58FE03550164981809C41689B734325CA01BDE37B3C94A6CDEEAA5C76690F09D9B232E932BD071E0E6C12485787A5876BA8DDEF28ADA9D3C48CF72
Malicious:	false
Preview:	...."..`6...........k.....uh3..].._...L. '.k......].V#.=.....m..Sr..i.A.(.>.)..Hf.g`.@..U..,Y\|.a......o.w..C...,..Uzb..a.O...,..b...N......-.P...2...@...IL.\.....^.....p2.6f.k.?..0.\Sy..2t.]..3SX.T6.x^. ..dP."..e...EB......'?...~.=.....X.,.....[....vH...u11..mKQ].....C.K...U...L9).-.#8.[P......vT.2.[q....]....Q..,Z.Ew."..I.~.}Sb.N.....B.+..H.up......2.`.>..s......3..;Sj...(.k....j..<'.....5v:....<H..}s6..6=.R.L....z...^n..S...rucq%..2F>.`\|7.".X...@.......^.....t,....P...(p...>....M...Nq..Ia(J.._.D..$h....Ro.E.^v.{...]@......e.9.{....IJ$..h.S.....5.[j...B..I.u....r.q..q.......a7ig......\|...Uq.99....ndH.F...@...2... ...)Wa.....`..@.H....~...7..I..qw.... k3]T./#`.. ..>.....[.86$.v...._&r'vwi..y.nJAnd............q......$..-%.....-......?Q.8'.f....G......+.8g...U..}..T.~..A.N_....m.z*.tx.E...2.4..(....$....g.......".V.,\|G&../O. .r.A.Y@.>...................uK.G<]'...@:.:."..mUm.fc.j;..D.d...".j.....<X.......o....E.Y......y..to........GM..$

C:\Users\user\Documents\SQSJKEBWDT.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.945596026010389
Encrypted:	false
SSDEEP:	96:oC1JcQTxePBzDvXbzQnX/QxgSvrTuZmGhO:lLxTeBzDvXbzSPQxgSvv0s
MD5:	1FA78251BB29F3209DCA3713C649DAE8
SHA1:	6E5535856FD4AE00746B36E77E392464993C6049
SHA-256:	D47E2563B0793F50FBE46A7D5A68D6F40BE7898A2C952A2E292548702393DEA2
SHA-512:	40765618B7CAC3061ED4560D95B0219B1BEF910AC29313BEF8D9706F6F09897467BAB19524746F043B3A17AA6742EF014E7775209C33E2EB760C4CC0F0A975B9
Malicious:	false
Preview:	....,....^...&#.&...m.9....Q...5.......lc..O.:.$.(@8;;{u..]=b7..D.`...R.Q.....z.........u.....6...{......5.h5.i.t............7.\s...,.(.u./nl..\.er...c.h...ru..y............G...U$.\|...]a.$..=.(".a..pL...T...U...oK..4...9."........~..T./.....wk.x..ja{!.V.P.....uy.y...g-....f..4]..<.E..ZU.......r..C.d.f.m.....L....)A..~...X8.Z.....y.z.F..}.....lUq.9.-.../.<.S..%.&...c....^:.6G<..p......{..X..y.g.\....p...).l.....dP.\|..x..of.rW....13...+..n..w\... ......x..bw.\4.....*.....4a.1 .0>.m@a5s6u........h.U$....p~7..MH....C..%.....~.8...S....;"...P...W_(..!R..,..kF.....\......3..OTX...R\|<..S.4.hMV...f'.b...DXS...>w`.....L.X..w`Q!..%..E...-6o.5<.mQk".[M.k.)..j..&....#...zh....5.....7'.+.w8.(Y....\|.S..;..p...].X..::.2..YO.....w,....c).^....S".$C..%.'.xB.H...@............&...Qx..c.5.=L;?`N.O....>.T....D.wc'6..S....L.D.^]l..t..Lx..y;3E..,z.A....v..l...pu8V...j1..M..t.~....3.%.Og_....8....&..Y.....n.PP.P.......,Z.4.5..M..(I..O...E....}R.F5.-.).....&^N..

C:\Users\user\Documents\SQSJKEBWDT.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944274271654049
Encrypted:	false
SSDEEP:	96:kXL+j/+aKZOXtnAvzDvXbzQnX/QxgSvrTuZmGhO:kb+j/+ot6zDvXbzSPQxgSvv0s
MD5:	9E90C3C69B2A869356579749284A5B65
SHA1:	6DFD7DA9E3A1493D7ED02CCA642EE6D3F7F56B9D
SHA-256:	7D563F06643FC330E3EBCD4A7316B461A42AC53D2D6440501AC550C560E355EA
SHA-512:	608748FADC155F593A2B4E79B39D4F3708086405083806237A0D2CF640B8B2B7E4B1F8CB7DD67D30D015E03F07C6567D607918E07AB38B4F38F58152AEB4C322
Malicious:	false
Preview:	.....Cm....g? .'......7.;..;=sf.;\|..m5}..8i..&z........A..Y...(..L..%:.......kI...9..L$<....K.3bP6.+.f..-.6I`v....J..c.HM..:k.+.....h...:...T...M.Kp...l\|......\|....)..\|..........H..h...."...g....-/#.1.A._/(...[.%x.n..ZG6.0!_.-.......:.t.E.N.p..(.C.Vh.j...vYo[,2.,~r...p...0...z.}j7........=..W.+.....'......c3.`...1..c...C.."....ff..Q...m..s.p...z..p...&..@....."@..s..f...,_.....]...u.....#=_......#P3.\|...8Yt@E\|.Xz.'F...l.bk@{..m{.......f.3[-...%(.....)...xg..J...U}....DFW...X..M.]2..p....J(,....~.+.g...Q..5:.^#...5.?.=...Q.x..`....J..f[..,.w.=.w0.q"....l.upk.q\.!...Pr.\{.{.t=.OnE...L2.9..pqL.=E.;.&.j...U7.>.j..o..2.......G....\|Z..J.O.....A.M.Bzj.1A......R.nj.........4.D.U....Q.&..,....+m.>.<04\&>.....kZ\..lg;..n.I.p.K..U.wc.:..f.....L...:..~.\...@..K'..8.......c.....K<.i.....).. ..l.1(e_.e!.%. {x...H..(..l...<rJ6.1!.3.....k.....i3^.....u...\+{g.e/?.Jf./..../.Y..rb.x...4.......k.o*.. ..E+,...]e3..b..K..}.q...~1....@..

C:\Users\user\Documents\SUAVTZKNFL.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.949470605025441
Encrypted:	false
SSDEEP:	96:cwOrbG7LQdT4OKSX7zDvXbzQnX/QxgSvrTuZmGhO:ZOrbGHkX7zDvXbzSPQxgSvv0s
MD5:	FE1956CD156E108B2186D7755FDB1B41
SHA1:	E8D2119089579F229A793E0378CD81309C91E783
SHA-256:	134F2CBFBFCD7A4B2D626ACF945DF6A67450E610FCFE224A859CC226DC92EACB
SHA-512:	F675DCC55D74A19F1D443BAF1041C05E79E5C90D7312D6D74141DDFC54A6CA74A453C2D515F356A9E0FD4BB5A67AAF9BDCE4A023EBC0EC5459A1C9D40E25352C
Malicious:	false
Preview:	..X..P..]Y*.7.\f.I.6....R......ot..Y..1..$.z..P.Bk..t...r..j.He....H^.....j.O.......(..e.`...7.....l{<\|.....R.{.....i.13.....l.rTu.%..>=.kvG........$A..+..I;C.rJ....... .7.>.......C.4..c...7.(.}.\...&U.....g...b.....L=6..+{+...0....V.._..?......9#h.&G^.zIF.s.Y...Av.4.M....F.F..&c..C.}{i6..C.."k.t........r...t..^'......l..T.Ci...."H&.91....Z.c.w..y.....=..Y.r....._{.....m,u.........$]./m.P.....1A..v..C.Cq.U.....E.A.T!.......wg.W.@>z.....h.f.:X..1..y.vS.%.....e....o.\|...y..U...b.m.&....v...qj.'.......v.u....{Rx$.M.......wB.m...e.~. .r........_.hH(..fm2\....GjxY.v3j..[)..#.3..A+Wq/(..M..,.?i..s[z..k..2.S..D..;..;.0V..T....7......{.e...G..`O/ad..2..j....R...!...0.L.,.bUa...r'..l..L.=...;..[Y..;.~.,..c.^..'.z..v?..U.....g%.(F..V..,...m7.[6I..\|q.Ey=Tx./......L...-).9.6...........lo.;..Z-...N.......<.T..4..&...(J.38....K.\&g....Wt8\|..S..&...... ....\|b.a..)....J.....:t..............]..E.....^KvD.M.L....8,'.?..n......j%>.c.-..E

C:\Users\user\Documents\ZGGKNSUKOP\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Downloads\BJZFPPWAPT.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.946828271382394
Encrypted:	false
SSDEEP:	96:G1NsQ4KuWiPgzDvXbzQnX/QxgSvrTuZmGhO:G1Nsb54zDvXbzSPQxgSvv0s
MD5:	234C8AE10CB9BD46F9E44EFE3544B103
SHA1:	6CBEFA8AB0884F024E9EE005E45D45A3856CACA6
SHA-256:	60C27C7214DF48097B75AF40E445EB9F44602CE1D3CC60B2FD10886119D61D7F
SHA-512:	E6DD5A5904948AF00D2EDA262AD1BE221B929F66943DF2C35C1A097F2BECD97A523460294F9E3AB9824E7735D780CE1E4AF40C62435EE9F7E7850AC0A2B421E4
Malicious:	false
Preview:	I3...C#%..D;wm.gh..}[2zg..r....m1.5..[..S..Dl..8...........h..K...Af........g...0xw.?@\|I..E..q.%...3l....d&.o./.X.HU.H..}-...o.D(>m\.........~....@...h.}A.vYx.3I..E.K...w9..m73.#....4S......[.$..8.S....Jh....<.T...A4.J.....!9.!..<{.G..,...Z.nQ3.....<..z..C[p.3J<..XWb..Z.m..F......u_ecXQ._..Y......)(.\N`d'....k.YrYN..d....._/{....P.............x.U..<....x.qe3.M.M...b.G.2Y..t.0.+..k......5...?...~Qy.....+....Nv.\......-BE.t....H......S!.2......V..S.t;..=5.,..P.!)..N9.F.l...`{.6.tk..F.....\....WZ.i....,..{".....D..=..#:...._$...t.&m.}3....U...i......u..d;..j%.cGV:.....1........1..L.:.m.v.......-..h.<..9.y.......~.FvM......o.9j.aU....?$.#....:._x\..w.c....Y........F..="5...Q...X..i{N.......g..1.-..O...M.fn.Q.X.h...b.i9v...(.km)...S1..s\|z... .+s..q..?.b..6.Z..v`<...\|.ZV..Bs]...W.j...\|\|...l..&F...o.:nr....m..B..fX.4T..">, ... B....B.....R.W.$!.$~@...../..O..T...h%.%..L.....p,z...5..-....&.\{RS.R....W..-()........0d..W.[.N.r1....^...1....)..8iF.B.l

C:\Users\user\Downloads\BNAGMGSPLO.png.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.9526344232925315
Encrypted:	false
SSDEEP:	96:XPgtyT50pdc0E/DG7vo6zDvXbzQnX/QxgSvrTuZmGhO:XPg6WdlESL/zDvXbzSPQxgSvv0s
MD5:	BC38FA0760C19AF89CD2D18693C109E5
SHA1:	88757E946AAD9AA05EDD96B0027628156E0274EE
SHA-256:	139E5DB01EE5546B7A6A3D6E59972F6F412C5A864393E5E2E96A9AD5C6743F63
SHA-512:	A6202E54E022F93C59BA1DCB7E116BB685371766E112481C2EAF3FA524E1867FEF76C1DBE469679C5D6EE5F28BDD7446EC30E099189C6ABB95C0685A51C96D2E
Malicious:	false
Preview:	).....2......>/.x....J..[3.&...Y.&..1..`.G.$..s..]....H..>..A.q.J."..].....!~.0...\.5..S....x.N.e...G.l$.'..?}.......QJJ.r...h......xy'.....a..[.?.y...:c`.....XP5YN...h.........bW..{.S....?@f.J....FZ.....RrK..!Tg..].d.....y..Ru....8.W.b..b@.H............u.@;F....P.&..^o.....,..A._'..HZ....G...XC...........I_.e.CK.=.bAZr........./..#.95.0Q.aW.P...:...Z7xoH+.Ba0bxvJ.H.P...\.B.."..e&..L.....Me..id....zrc&......wN'.],pz.B.0.l3....R..<...,t.gF.2<...l.[..hm...l.Q..G.....y.....8.k.u...q........,6.2..'.ER..j..q&..G.....q}qX.....GI_5:O4.k...FZ./ .<.v\~e.9.^.;..H..!.g~Q.Qi.!.7..U2..r.. /d......;9.c.....7t..y.b.uS......S.V .....).<.6.$7..}.+@.t.V.1.@^.....2.-..d ..&.0...]<$r[.\|.<...l.....?..e.B...j.......63.9.g[/.F.c...{...H6>'.t..D7.l....Qs..O..~7.w...aT-d:.........A..4/'C..F.E.M.G)..#..?j...kRs.M@..&.. ...0.\|}Y#.t:...s.......F.K.>.1...4.q.)d..3...w"\.9.I.5.Hr.y...\|..gp...../.......R<..JAy.d.=F).j..Aq.,...v.o.r\|.j...A?..q\|N..E>....8.T.a8.A....=.^

C:\Users\user\Downloads\BNAGMGSPLO.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.94317170703467
Encrypted:	false
SSDEEP:	96:JPEM1eaRqbqVYzDvXbzQnX/QxgSvrTuZmGhO:JPvL4u+zDvXbzSPQxgSvv0s
MD5:	88EA116D712CA66B906B3AE34DA0D641
SHA1:	CAC39B00FFD9DD7343C678AEA3F4FBF48ADB1DCA
SHA-256:	D0B9F1F827B3EF12C18D6D73621F397D786B51FE694BD78272D3D363F87C1060
SHA-512:	8EA6D6163928C91717CE1E697C4DA6D03123B6C96400D5BE1A63CCFAF6A07111CB7C2F98DFF8B7ACB3AA5E672AB0B5C698E32F720B543715E45FA4B2EAE7B995
Malicious:	false
Preview:	-............@hk.@.1.w#b.i..h..y.;.l...\bg.m3e...}...2U.......0.".8..i.<...<.....h..:.g....y.6..o2gQd....S.....,.q....@......3......J....+Y"=...?./.q3."..v....5de...;~......U...E.6.>.}.-x.T.....5;h.p._.b.eQFF.b........Q.R3G......,..8.F..[.a....Fx5......I..^...A..q.............[..' ..x........l..S..KN.O"M9.KS.....#.......M.......!...R.v';Ywqk.u;}.......L....q...?...:...K]...:w.........CyS>..1...fH.$.......t/R..i.j.-1..q9.....)..'...E..M.5G.[b.r..x.V....r....@...&..-...m.:......g~Z.H.A...}S....2.a.c..........)..Hn.ae).A.<..........3.G.....;g_.[... m...gzs.'..UX.o.dG).Ofg..... .y..!.wM.........2QJ..H......]i....8..6Y.A .g......2...jkC..<...V6.`..).0....1^a.L..y.......u...v.......+V....W....>..t'..0y.....f.K.N...$.Q_....A..Y.......x~..a.'...f...{. .b...~qu.VW<3..#.L.M ......U$k()"...8....J.K.)"..1...}....xU.j.#....[..B.?.Q..=.n....L.jt:{5...i.....a ......i.J..}4....i.yn...Y.V......3.....&. .ajI}...7`./..n..+....Af...\\..}?....L.#...'.D.

C:\Users\user\Downloads\DUUDTUBZFW.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.944033457456193
Encrypted:	false
SSDEEP:	96:TQN/EDrtRxzzDvXbzQnX/QxgSvrTuZmGhO:7rRzDvXbzSPQxgSvv0s
MD5:	E591C36C93F07317B9230B7AC6F1088E
SHA1:	E2468A208355A4A71FD404772B8FFD6AE95FFB7B
SHA-256:	917368E2885399E0AABD6EAFED4DB38767C6C87EE387C84EEF89D9225B15858A
SHA-512:	A09BC240DB5C01F0CC737411EEB2569107EC244E72E9AAAEBF5A6AF2041115EC4BE716DC11B074D99553655457C26C6C9704D721314772F766400AE36E9DD58D
Malicious:	false
Preview:	DV....H.(.M..R..:..,..3.R....,..ec..&....f'.b...K4.U..C.~....a.C."...'YI..~g.&.o...t...W.EW@X.sM+w&.!.8...U......7.N..hn.....h..;...h.4.F..J.@37..X...Q>....bi.Mf`.{.u.<..9Hl..Ra...X...1g..N...<.'.QO..g.G_.F....v..M..h~ xGC..~.9.^.p\~>....P.........hNM.oG.h...9.... M.@t....8p<.j.....d...&....._.d..hH.IC.A.~)hP...f .........D..>...o_U..\|.}O......D.$hlau....a....A.w......V..!."I...A.y....qce.T.4.2...6....?.8.Mr\|{VQr.X.:>+...bw4+.4A}..~.W.?..n2.$..^t..]..S.?.....x.iK.t.....\c..m(.vL....Rd...j..<.5.[.(..\|........,Lm......@.T.T.....k..`.,.&4...S..&C/...!.....[.L.$E.`<....z...9...\%..q....y.Xe).....]S{......D..lO..9.Ou.Le...B.s...T..Q..4.F?.....b.v....]Oi>t.!$.1.h.9n..........\|.N"..I.z..}..+7.9.@.S..$.@.u..W........R.^............d.....E...Z.$........ ..:....\T.,..dijP.r..B.......U.......g...S.y.... c. ..(...R..S.s..(x...0k..& -.....M.E...".Y....2.Sq..P...dv....9....v..%....m..[@...2..._8..vB..U6.`.../M..M ./.s..H.Bq....B.?....$:....#P..

C:\Users\user\Downloads\EEGWXUHVUG.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.943208048647815
Encrypted:	false
SSDEEP:	96:gjG2eUkec4i5ckzDvXbzQnX/QxgSvrTuZmGhO:g6Ukec4+LzDvXbzSPQxgSvv0s
MD5:	7365E851A6D691A2279785A2620174DD
SHA1:	052258C96C54F8C2B82ED6BF34A01335F41AFDAF
SHA-256:	A10FCCE0F18B544EE86F88A6F9C5C64169DE716D614A0FC04FE83E5600BFEF1D
SHA-512:	91F4470D0827A6160B54B3917FA46B194DD3322C3AB23D63072D5482CBE66FEA83C145F0E36186D03CE493605AA2F96E152354E97EEED259CCE14DECE0E8FAD9
Malicious:	false
Preview:	..MT..p...V...p...q.[.....C.`.)..?...pa.......C..{...&,e.EZ.ji..].X........Q4%PQ2....z<FY....@....M.Fz{:'...K3...z.,..n..N..../......V..gL......@..c....o.'........J.......2..,....xz....64A.<..P...I..F1.....1....._}.....l...CMt..\|.#.......L....+.'.\|K.,..wd..\|o.B..G1Yu~.Bj...ls....G09.{.T.Xs5>...g.!.yb.9.........C..9K.....7TE..k.+...>...N+5..Gz.Q...`..>R@..!...}3...2.....uh.S!...1..xH...@.."5:..F.......[X{@%.z.u..}....l.Ns....v.j....;!.......Mz..\....p.......@..V..Xv..5.e...w...(].4...t.....2&v<..;..?-........$....hP...!..96L..c..P.W.d....Os1.+hr.i.'V.Ow-..#)z..Oa.Y....._.4;fKk.b...,.j..Y.]..^.d`.....[B.@.lfpS..4...I.B{@.7...E.B..%....O9-..3.tzq...z.a!....).+....r0.w[..k....m..#.....$"..f.7....G...t$...&U]...z............jN..73..6O0..$.R+b...Ta.F..=..z.~p....9.ph.w=y...U... kL@....A)p6.F....._......-..U#hE..x.\|..H.u..l..+O%..R/.$B....'r.g.Q...;.I.p..r...L..L..s.u.....a...hcx..;..hT..8...d..P.3Bb.O...;..N...w.H.`^f.xH..}E......_.....q.v.em.....O.

C:\Users\user\Downloads\EFOYFBOLXA.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.943209737953279
Encrypted:	false
SSDEEP:	96:adj/lNsMk51zDvXbzQnX/QxgSvrTuZmGhO:cBNsMS1zDvXbzSPQxgSvv0s
MD5:	8126BB8555C30664B6D635755563C328
SHA1:	29E285CF2D512A62BC57298E0A5AF3923E8A09E4
SHA-256:	C0E6F227000E68D1FA38CE15C92B48EB6215E120E7A3E434AB974D638D920AE4
SHA-512:	FF9CBD7497D02888197E3B8C5DD365080E04112403DADFDC245164110E496714B493F434B1994D916BC76BC05E18FAB35EEEF2A11E438EAE9BC4B230DDAC990B
Malicious:	false
Preview:	...i.$...L.......R........... ..6..?.../.cz.v.?.j}..R.CM.ls.z.W...2Pd..N.s..W..NPB.)...t....Y.P..'x.T#..V...R.......l"............5u..=[Z...i.e..a..... .s..Xd:.....a...Ow..$...0#.%G.A....OB.[..=..d...IED.!...5. ..c...y...SrZH.ds.........FC...N..Jt.y.j........]h.>!..E.V.jY..".=.!.,v....\|).g...x+.x......;.....H..G.GZ@..`..%....."..PUFxB./.3..$p.@....gu.T...h]e.!...'@g.J..cK..>8o.Q.M.'.[>4....y.......y`H.N.<..d...dQ...4<.T\|R....-.j...g.u*.$....G&.R..H?~P..S..(..F.i..O.GC.^...X...WG.'...Q.x.....T.-8.o...........G.Pb...A.fX...w.$....@.....U.}p.8.i.....gn.C.(.Z.P.B..F..7.X...</......\|y0..............."...W... ...Ht.$.n.,..=H`..\.5o...o....zc7.9,..........(..in....c...2..`On...\|p.................\.}~..Q......o"J..t.M....D..9.....y...[..D..\|..P...+...w_M]h.w....@....O....n2../dU~...._n......\........eW.L=.PmKD..N.k...-.@y...#.1..6....;.x..... .<..o..I...^...&....P..o.M..$n...ah_......Wq.W..1.._N}.....Ns.....(..A[..Ha.n)ei.e..../.7.6?'...W....)

C:\Users\user\Downloads\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Downloads\PIVFAGEAAV.jpg.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.942169653971436
Encrypted:	false
SSDEEP:	96:PSaGGie0hWUsQFzDvXbzQnX/QxgSvrTuZmGhO:qui5zsQFzDvXbzSPQxgSvv0s
MD5:	F3E34D4A9A2DFCBFD02F222D04CAF499
SHA1:	1DD6A4E88813112FDF19810D4871F9D9C5433C55
SHA-256:	064CC05E5C25A087575E091A539AE83BEBE06AC97D10CFEB567CFEB79A14E763
SHA-512:	2FEE7CF20610933670AE60FA4F112D49E37A1DA25100C16C6ECB310AF87BB8F495D0F7FEFAE55DFB0A51A731B0BC1714FDA0C214963C86B561AFF166DC41FFED
Malicious:	false
Preview:	?.H...Tn.n..f}N.o..L..7...w7.B)9...7g,.....-Rs....O.r.bAk.KmmV....d.5Z..RLC$^...c..Yq.OK..&...X.JO.A.O....IV......b...R6I[...t..n.. zHTh.....x^.Lm\\|...2'>......Dh.H.Bd.TK..yT.....}.J ..k..,6..[.`[8.n..W5Z...(...+.....wc~......8.;A.....>R.Ic...e...:..YZ.....QC.u..y,.1...............e.9....I..S.\....vz..U.>......T...T........hO}.D.N..K.Ll .!z...4.M.?..@.!...no{.h?....w.,.....B..............49z..rM.;.8E{<..9.dJ..Q.S.L.V.k........U ......dM.L.t^...........+..........e.]#.....&.......K.[.!...l.s.#...b.?...'0..D..(^..r..Y.<l.)(.}[.V..9.0.+...Y...]@.v..?.gt..oG^....H_eI.....\|.QhU"~.V...G.k.....Zv'r\.>..4...B<...&..]{.U.=K.....#.p.v...oA..k2..)......]...l...W_......e..X>]...%.J....!..X4I..x.IPV....]........w.....BQ.....f.X.........._...s.gI.ud.....B.0.gD....s.^..L....8.}+..... bR.V....!BJ..}c.N....@..+zF.8'.....:...D.S.m&P..8w...C..N...~0.m..+.3n..!.N$D..-o.\.0..>.#r....b....J......Tl6.4..?....:.`..+u.....S@.7..0........)h.......5FV.

C:\Users\user\Downloads\PWCCAWLGRE.xlsx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.946449344378711
Encrypted:	false
SSDEEP:	96:khWP53WNKrKx9yzDvXbzQnX/QxgSvrTuZmGhO:4+maKx9yzDvXbzSPQxgSvv0s
MD5:	A9377BDC6E7C873BC3FE39F3DC85279A
SHA1:	11985692EDD348936BF7E0B3CB245C10CB999915
SHA-256:	70819D4CDB8607EDD5AFD44E26A7EA5E326A96342704028655FC00A75ACA322E
SHA-512:	2B8D260D982AE4B82234DA00CE603C9DF7F16B62E8FD09D3A6AB3A2959F8F4358102947CA3C8434C8D660131BB8617E53C05E91A903273D704B9AD040F9BBBF8
Malicious:	false
Preview:	(...Si....e..L..F..p/..>..c.,,H...a...KZ..T.;3'.........'.=...".h........z"......`)m.f.f."../.._V..n.f..Sv;..xz."v.y......E.{....I..'5..#j...k:.@.....3...u....9..I1MZ.4S..[6._qi.......l.&.g.2if.}..Y$..u......Qa.....)...op.[.?...s_.....P7.l.:.Q`....%]Y~.Y.O...H..Ks...c..".8...)...'.D.\......?..#..O.<q.aIy..X.t....^4._T['..c?GM..2..1,d..N..Qs.p..G...-.r.I..F.J}.....0......4...Ma.a.]o].Z.-o.aV}....u.4S/.V.Y.C..<h...r........a].........<IZ.z'3.'.4 .e.!......".+..r.......P;..o.>...a\...c..f.mCs.....q.q...vJ...w2.(..M...G..tB.F...r...#..Ru......(...AV.E.0/..;.C..7.;8.4........ .H......o_.0.fG..A.+\.p...n]S.e+.._?2.u..r.]..,....^\|.....FR.#..%L.P..D../..G^...,......h..F3..Z...P.4....AJ."g...._A....{..........<..A.+.e.3..Z....."f.....9D....8...#4..^.?L....F....O..M..[Fz.>.y..!..B@..M^...4.r..Z.%..,...z.......k+:D{...H........wu]6....\|..Pf..Aqx...^.p.swU*\|9![5.<...{<_...c..xO.9..CJ\|.\|......a..X.Q.{..f..\|.."...)...uK.M.[L....\.aomWl}]..7...

C:\Users\user\Downloads\QCFWYSKMHA.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.94882538342861
Encrypted:	false
SSDEEP:	96:KpELijBPhOwzDvXbzQnX/QxgSvrTuZmGhO:KbjBPhOwzDvXbzSPQxgSvv0s
MD5:	EF0A2FBC365B1E8FE97806A9DBF30AF4
SHA1:	3F013572FF6610D6939BD73032A8A616F41FC9C0
SHA-256:	E473261795D843B640BE3F1DC85BDAFB3FA1D43887FB4002C354076C96F80B6B
SHA-512:	7A147D6C05D6D7F4CC7404DE9F040E8CCB90C5D72AF724FEEC3E749830A0E1AFC157C9783EEA125FB76542A5853DB40AC13F07C7285805F9B150604F778EF661
Malicious:	false
Preview:	.a....tuY'.......4...;.e.p.S.@..C%.........u.).....Z..Y+/...krn..?......\...,...33.0.....Wm....x.uG.C!".....p....9'.65.+...kD)......._......@.}.Vu......Al`.]N@...c.=f...X.4k..V..BT.......Q...qY.%{.@(>..[q?.y9s.1.QO.2w.R].....2....t...X...R.....%.~L.s.xU.".=?..l.7....Wk...[.p..zs'.\|.<@...;....bY{?..t.z.`..Mo.....vel.e...k.U..-<b)..=.>'S..G.X......Ct..[M.r..hT7\.......2TfG..h.....A.5.\t.b$G........b..3C..w....e..}Z]..fF...b.Auv.a.kY.3..R........u!#l...#..1i..n.lF.=D..~,WG..'....x.K.49.<...xH....a>b..Oa....f.a..$X4.7yp.3.....AT.U.........r....u.UGN....+.B..?.V...u....i.H.Q..Clu.yV..#....".'..d...9....8..D......H.f-.iH.(,0.....5....E......9!.!.7....9......*b..y#...f{z.{....\.........S.N)">.{^^.2.BT]Qy.E...;,.S....5....s.3K..."VT...jQ..F..8ne...yT.u....Be+.c...'..Ua.W........B#i.......&@. +..2Q9.=.Gx.._.'..9.X.Z...F2H+.<..:.[#3..86....y..Ir ...<HIYm.0.OeET....P.qT.........f[.....u....G/. ...Sh...n(:.pQ.OL.....N..B!.J<.U.}..r.l.Jo3.

C:\Users\user\Downloads\SQSJKEBWDT.mp3.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.939545742831776
Encrypted:	false
SSDEEP:	96:OALAbBYKG1XRZNzDvXbzQnX/QxgSvrTuZmGhO:tAA1XtzDvXbzSPQxgSvv0s
MD5:	2DF263C8D6DBE4DF8A071B22C4CB16C3
SHA1:	05430EAC8F8D8509DCD4497AA503F0C312C34209
SHA-256:	8F938B5751EDFF7C3850873B9A6E41B5201F8ED00393B2C2BBED9B7F62873A56
SHA-512:	AB8935E880476EFE5BE958341A7CEAA5938714172C9F63190D37964F607FE8C6FC21D348F87AA792F093106386F7360974CC018784309ED0C68BABC2D0823E64
Malicious:	false
Preview:	..%.8.....?14..s..".l.`..l.k.#......Y.9.Z.I3......'hg......L.5...+B.......j.u..e..D....e....r..la...q.....j....!......h.wt...\id..tn=..L+}u.CP..py..^..`..W.xO..-..z....F..4.{..e.0..`v..+.a..\..`.G.....x..S..m.H.c..m.1Z..............a._,oH9.wU,;v...r.?Ya.....YJK?...L......b.=../'..........K.....r`..r+....j......fL.`(.[.....x6../.5.R.)F...u.R./M.cf...m0.K'.7.....b.C"....X4.#]._[.......{..,..5..>b.;.M....j.>.`k.Z.?2...C..Fw-.p....`.q.){....h..z.F.).\j.........[n.,..W..B....b.[...o.xB.Y......:e..F.C..z.ln1........q._R..!S....9+..]Y...O....Oa..6l.bQ../mp.[......0...8"..>.<.x..Z.....CI...7...}t..b....E.I.c.O.\.V...Q.f..9..J.@.~L...P..bqD{.^.Y.....4^.. ....R,4...M.6rxz6..H$...m.(\...8.]w.....?. ....Q......9.}...F.....26..M....v.y.KG....S,>N.rb...].?.........M..r..Hx).d.\|+.=..m....o^..u..:..W.o.)z.}+#R..K....{.../.....V...d.......$.e...N..(....I.Q....0...m"f..@$.WkJ.{.-.\|].&FM.......T].....^.....LZ.S...@c..Yk..}........B.......p.

C:\Users\user\Downloads\SUAVTZKNFL.docx.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.948485450655077
Encrypted:	false
SSDEEP:	96:7U7bik/EuaHzDvXbzQnX/QxgSvrTuZmGhO:I7r/ELzDvXbzSPQxgSvv0s
MD5:	5413CDD524685242E05F60AA1E57B567
SHA1:	C2D3BD1461CD8DB6AFBEBE07C669A1D9DA2A3EBE
SHA-256:	19EAFDE6E4884EEF71149F48DFEC0C1E491FB2044A7A0A3B4340848537602DFA
SHA-512:	B08CCC4DEF1E4DB878319E5BCE2A4E69674081948A647FDD94B13484A9AD498749B66717B65A924D127C394CA2FE0023343B3F0F41983BFE82B7AAEFFF2A7326
Malicious:	false
Preview:	0S...h.4.'...[.4.G.0.mj..\|...\|.Z.0......._.E.3jZSxBp............'c...:s....7w.LC...(/....}..c....]q.+......F....R`.5.D.E+...>J.^........>N...rQ.#....&8..}Ea.2xl..:.,.C./.} .....s.8@?....0.R....zo.(...~n.q..6)....D.gQ~.n.\|...w.....].......X~nk.d..Tl$............+.....S.h..r.j/\|....J73N..;...h......k.2. ;.Z...Z..\.)...!....]..}.h...#:\.%.B..T.....'.....T..........r...P..z.......j..`.pk. .r."B.P.d%..0[.^..ts>Z. \...+.;.q.m.O.(...C....x.=.w.`...t....:...7>14.S......(....4.A.....m.";M<.(z]..p-.?i.].@....."J..#h.B....~=..Y%.......:..9A.......:....%xL>1.\g/I.. %AgW........i...oJ...l.u..R.:kDzI,..[0.....R....H....0.U?....X...^\y.O..I.(.H...(.~..e.{..k.'......p..-..v.R..z..D..w.AiN.q.-R.;Cq....D..f.Q.F....uw;%J..`..]v......V..w......O."\.......@..Lt.eO....3.6.\|+l..r.%.:CXi..+]\>....)'0.T..[m...3..r.X...6.aZ...=........[.!..8u.W.i.}.c.Tks.....V5c..G:3.W.....uh}.k.w...u.K.n....b.....lZ....j_.n.:.Q./..'.nP........gW.....\|.>.h..XI......e(=.P.x...

C:\Users\user\Downloads\SUAVTZKNFL.pdf.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3616
Entropy (8bit):	7.948431740554119
Encrypted:	false
SSDEEP:	96:OgzINcmuqhUgn2wFzDvXbzQnX/QxgSvrTuZmGhO:NKVh1n2wFzDvXbzSPQxgSvv0s
MD5:	C305EDE9027BC63963259C54941B7A22
SHA1:	30EC86FB131066E3B62C49413339F63C32E37E71
SHA-256:	6E02F9CFDEEBA052833CE0090028B7CADA2BCE016E2C5B44AAB0015D1F959E01
SHA-512:	334132EAD9DA0A23ECF1D7DDB379277A48FC1E1004E138BCB67C337FA16E1CD46002D1D1375F3A126766F9F37CEA82B85D46D734A6346E0C4B2CB8DE004E02E6
Malicious:	false
Preview:	.t.M.;.....7.\|...[6.0u0{}.j.m...o.<.N~.....{..$. ..qn..(.U:........C...@t.eU\|.q...c....R?.R.r<}^.G>.]..e u...........1a....Q.}.-..Y.....E..-..`.=...<...")Zt..\|.bd.S.]KI`.A.\|D^.....c......./+$.Tw.v....F.R..}Ii..V....6.k..L.$.....N.!..%u.p...j...K.........SY]x.g.{.].4:.!I....a.~...,......]..R...V....h.K...D..P`i7......&+..]...H...B..k.PN.?2uj...c..R.M......I...X..hh...b.$d...zjH.@...87.OuR]o.....b<f\...9..k..EN\.......zSq.h....O.Q-.......I1.5..C..Wis...F}UhF...c..f.........t}..T.^...I.....K.1......<...>.ASc....J_..........`.IA..y"8...S;...f..{}@.G].{.2.}(?N......T2x6........E.\|..8$..V.`..V....0s.F.FI..`...cp......oZ..J.{...N..Z]#.>M.I....-.I.T.N../#fM....[7.#.Y..C..\..t@%..4.`%k.i].`.f1l.d.C...O{.....oi,l.&./.)..;.HTO..:.b..#+M!.G......Q.4..g.....[K+r%.D....%[..].....Zvs..=.;..4.i_..!4J.M.w.y........[.O<..y.........s.......{.>.VB#.......~Ly..$/1S..n.*...+.M.).,&.P .}D..'Z.k.Z..p7lx.4..-;..}.X.....p.8......'x'fJ..Y.M.r....J1pv......S.R...

C:\Users\user\Favorites\Amazon.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2688
Entropy (8bit):	7.924120284601814
Encrypted:	false
SSDEEP:	48:l5j5aTV4HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:Pj5iYzDvXbzQnX/QxgSvrTuZmGhO
MD5:	633080EEB728B40D063354F24493CD43
SHA1:	FF018B511AF3A50616A4E3CBFD061A13A6CE6A63
SHA-256:	4F595CEB219627F7BD8210D59523123D92DEE1D8E8F98BC4998430F35F64B84E
SHA-512:	33F9839341418B225082AC33D42701553646D9A2CCBC38EF5EE6310B103D8E073BB60D56652D30B7A7E63909697CD76E5414B697E3CDCBB6EFD56354362868E4
Malicious:	false
Preview:	.'i.v..v.....'.z...-.1.d...IN.....n..........>/o..0;.....\|H1..R..p.DN8f..f.._...F@....1..w. ..}..[.!0.m.n&o...............0.e-.M._3r..s..1W.....P....bi.0...v...^.\|.<.F.}>..._kH..V.....0....H....>.O.".........qk.D.z...x..W.R^=..G.@.)y......%.?Zt.3.\|w.c..O.k.......N6........^...."..2.O...1^........~,h...s'V.....t...K...Un.[.y.;d.D~.t.....K..1.y8ugj...2 .<;{......E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u...

C:\Users\user\Favorites\Bing.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	7.933512340559043
Encrypted:	false
SSDEEP:	48:2zT7zV5fIgHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:6T7zDJzDvXbzQnX/QxgSvrTuZmGhO
MD5:	D5414A3A4E6757073C610D955E8A3EB7
SHA1:	CD0BAD66ECD68DCC7600046507E1F80CE0FDF259
SHA-256:	BE73B7C2B0A9BB4384DBAAB8383630D639CADA5BE43F5686E9FBC3981D5BF089
SHA-512:	3AF128C7CD7E0BFE812E9BAB386BAAF614807D7E187D47A28DA5F38FEF9E72C335FC7F4FC56D561CC19F44243F7761385BA2BA84CFB847D47606A8DFA61C8AB8
Malicious:	false
Preview:	0>......."..v...8%J./...../Hf.n..w.@DI.2.v.`V}.a.l...(..."ixS.).u=.........Z.LNl`.l..j...t...t}.M.i.6..'..6F]4N...u.. ".^c.QN..C.....uu.K..]..p#%..Zj-\|.d........A..]&.........cl.8+...2G..i.58+..9....................8\...4...XE.A[...`#YR=..+H.S!..;h...u.q.=..3...e....%q{O.L3Y'..............o.(5.x^..6...Z.]3m..`.Vr;...:=...X...HD.P......QK..J..JH0.d1..k..Q...r......y..]d......CW...."....SL58...1.t:.)h...0......@.i..sE......hi.`.D.#...&C...............[.(.~.oWO.....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l

C:\Users\user\Favorites\Facebook.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2704
Entropy (8bit):	7.924625416175932
Encrypted:	false
SSDEEP:	48:4QElJbTpmkHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:4Qo9zDvXbzQnX/QxgSvrTuZmGhO
MD5:	1C804EFAD8F789F11FED9E2B5AD81191
SHA1:	39F56DEB3C0C2E4F4ACB39CE681EF05B5E22208D
SHA-256:	D7FC37CC72D22080F3E3B90E0E71EC6403EFC595E797AF38777C78E0981F73B4
SHA-512:	218F26D599B98A14F81AEB58953FCDB45422B9A8877F981FBD8CB8702D4B080E5856A9A7DEFBD99486773461B4D9BFCCA72EF237EAF567490A531296FE343C0C
Malicious:	false
Preview:	..7e.D?D.... c.l.HTyk^D.y...ka..q...m3....XR.xh......j.F.!..S..\.........<=.9e5.n...S...rw:.../....C.....X..D..,\|c.._Vq................fAE.......BN.....[....k)+`......`...Us.1dO..G{hE'.~?.{i.a..M.S....q..y...b....C'.X..VJ...?J).ZB.?.9..4.d.=7.._..[....qz.=.!.NW0..o..F..^+..D.e8.....08r..m.qS.h.v~.,=<6U.<......i..U.f..:P.h..&r6p.d.G..mt.5n.`.+Y.K..X.... .7.!L.......ZIT.?N.=..E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2

C:\Users\user\Favorites\Google.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2688
Entropy (8bit):	7.923691347658501
Encrypted:	false
SSDEEP:	48:KsxVempOvughHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:5VhpOthzDvXbzQnX/QxgSvrTuZmGhO
MD5:	FF726EBEA89A6557893F8CECC8AA2597
SHA1:	FBDE51071E2DF265280394480481438698DD5BC8
SHA-256:	9949C5E3EF6264372138EDC689D44EF67717E145F2211A88EA075043A5C51BED
SHA-512:	E9C2B596B2CB40AF5709AFB86F79BAA5AAF40CA9CCB3B9B9095D6C76E80173BB81A3A5E8B90ACCA128352C75EAE408442664BAACB0881A9819DC2235ACFBBB2E
Malicious:	false
Preview:	...~.8..I..ur&....U...fz....K.8........Iv.(b.3.'...3.&.=..R.2./.U.dp..%..m..y.\...Dg..s..P.('..;..`..HyIO..7jo...............WBK./.C..V...s....'......(h....Q..XI..0{...g.U...1....:..,?.~..2..@..oDn.l=.H...Y.K.]..u.....Oh..;...i.w..B.......H;.;`...,.Q.Z...r.}9x..wXE..=T.GN......aC.tTk..aA......K..=N.7.[8......N...".zp6..7.!]i.8...Ec..'q....-.9.nNf.b.M5.gsJ......E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u...

C:\Users\user\Favorites\Links\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Favorites\Live.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2688
Entropy (8bit):	7.93011144395848
Encrypted:	false
SSDEEP:	48:c64id/WHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:c6b/IzDvXbzQnX/QxgSvrTuZmGhO
MD5:	F5F8E78EB9FF198F30B1936C7A25543F
SHA1:	173E0EC282C7F5E021A141CE065C01102C46C1FB
SHA-256:	2F75DA5E58DEA69E747613FB3E5E2AC0B1271DE4BB833D6344CF8F06A78C087E
SHA-512:	A108D15C2410D48AA3501138F64FAAB001F130AAB4A7C881D5479681283E8A11ADA31CF018E0E68F2172CF8673282935EB1F696CEE85F80377C74961B5FE3382
Malicious:	false
Preview:	.f.n\z%s....V]..!.&........;....OP.y6..Y.........}.LrMQ..qU.l.p...2....,....).G...1_D..b.h.o..a.K./.....Km...............;...V..Y..w;v.T..-...f%]n.T..X.y.@...>....J.1.D.....57...{}.W..Sj...C`.h.[...![6......Y.....\....c..%.5..4s..^R..7=h......?uV.o..}iU....Q[.........c.& -w[tj.B..R[.&t^....%+x......c.u..",.6..<''.+.&.Q<......e."..L.@...<...v...l.c.9N...$.3..E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u...

C:\Users\user\Favorites\NYTimes.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2688
Entropy (8bit):	7.929507628814821
Encrypted:	false
SSDEEP:	48:kK9jApaHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:5jApEzDvXbzQnX/QxgSvrTuZmGhO
MD5:	6263C280DEB5A3DBE230E6FCD6FC6B06
SHA1:	EC9A5CE118FE95AA7305EF31A6D1C82E8B12F6E9
SHA-256:	7EF3F35D0D6A41FBD2B9E1C51AC10E811D0E67CA00C252C58464E7AD1B11FDE6
SHA-512:	C347FB3D256F95B670E7B832E5551AF6A85F902B180B3D8EF6D5B49D3EDC6647B7404DDF177A8804195AC5CB94144BEB8620F8795CC9D1411F44960E247B2D69
Malicious:	false
Preview:	v.ta...ZT>[..(...{.&h`.s.'.l8..G.,a.&zD...(..."..i'=.\L..".2s..P...........9....T[.x.....+.Ou.4.WMB.g...^yp...............(r.......I..c..og..9.<.Kl.VN.lZ...=....Z.e.....o.............l...7..K3...WN..9.w....P..1..Y.G.,m...MBm.1...~IVh@....[....(.,..m......8..+.....d...O...(....54U....x.Q4..$...b......_J./...S?.x....G.....:.TG\|.m....vwH{.Z..d...~.ni.gs....C.-.\.n3....E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./...O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u...

C:\Users\user\Favorites\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Favorites\Reddit.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2688
Entropy (8bit):	7.928657609393937
Encrypted:	false
SSDEEP:	48:AajZRFWHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:AaLizDvXbzQnX/QxgSvrTuZmGhO
MD5:	23E29B2390C55913C870951720881257
SHA1:	2826431018326A24E1F8CE31C93A5EC801FE6132
SHA-256:	2D9CEB078E002818ED27A37CCEC3F05347FB308D50FF04D979B0DA86A615C904
SHA-512:	DFC4BF0D6AF4606B3F7C122289EDB04C5EC5909C6A9DE00B71DDEFBB24433A18C426D93A5FD1454A96AE396242385D40D3645AA6C43870584A31C80B3C9B2074
Malicious:	false
Preview:	...7.9.<......y..b...pf..E.Q.9/`..9"C.6.[.....S..E.o......,.f.....>&..VOeA..Z..(Qa......`t..Z.-.......P;...o...............6.J.j....L].!....)E6...?.0.....!..J..`..<......<.... )...yA.R.....Y8pw..K....\|... +..8..4...B.,.....U..8GQ7.....E.^x!<.1..r.Q..A..$../M.$oj.2..h0.CFv<....p].J.X'...A.i ..U..3..?...0......z.}.5.v......M..k...R..d..e....v..X.>...?...lU..5.._...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u...

C:\Users\user\Favorites\Twitter.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2688
Entropy (8bit):	7.924995265014013
Encrypted:	false
SSDEEP:	48:ro2zRhoqHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:ro2zRiUzDvXbzQnX/QxgSvrTuZmGhO
MD5:	BEBB96FFF4E066266EF31AE3BB6DEE55
SHA1:	E73DF516624EDB52F4D716CD51D7272A0CF105C0
SHA-256:	045FC7921E3EE7DF59542EBC71ADEE1FEA0B5A6B492293C1DE9D84C03F0DFC2E
SHA-512:	057BCAF8C79A0473C07266FB58333B23B1CB1C6A6C009955511C0BC9961907711D7F567B40FCF6B314414E424EBC27C7710DB48DF81714F69DD181375F78CC38
Malicious:	false
Preview:	.I.r...St..`M8......\|r5.L..KH.Qy..J~...WKh...M.c....z.,.JQ...u.3.._..7n.l.M.#J...F..!%.v.'...p+.v......#.B0.op...............M.+...;""q..r.I....a0..\.L.G.1y6$.g.CR...{.[....wF.)~......k......P.U....@g..Sn...B..k..........W..l.....W...Z[..pp@.Y....'...[...\..6..0.B.(}...WU.?....hZ..'...1C..qa.../..27.........X..).M...(.....n.....n~.....2..).6.../d..g.../..lDpK..M-.y.J...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u...

C:\Users\user\Favorites\Wikipedia.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2704
Entropy (8bit):	7.925275022822478
Encrypted:	false
SSDEEP:	48:wFUCCz7b+LVIHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:w2Pb+LVizDvXbzQnX/QxgSvrTuZmGhO
MD5:	A1EE6B82ABBBCAA379863244B4FC5370
SHA1:	DE215ED03FE29CB49907C8D3669DD1774A50F377
SHA-256:	5E32DF350CC03201755A14B04D56099930F5527E9455781E792BD267A2E28BDB
SHA-512:	DC487C3A6E18463ECD1F91093EA79D917D368DC7F7943BDE2596CA56471727F5DC45832C2988A7E59B2029D4FDF84DCF126058D22C458B030225A00ACDC29B9E
Malicious:	false
Preview:	z....9K.f......T.w.a......W.<..+..B.C.A...g..A.V\|....>&Dj...."...Mj..%.7v.H.k.s..I.).....vRxeh.......+T.J........_.l2.r...............^0"........7(kjW..."..EH..#L.~.4.....n.C...D.J.'i.".h.q}.J.........H.87@......\5.+..>.H.Mem'.......E.........BQ-........o#.....8u>..9..[.{..q..}).H\.i9"....P..LU.....R#.Y.NC...P.i.A.?.... V....2~V)2...j.....H.8S..8u...H..{)....J....L.1..j...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2

C:\Users\user\Favorites\Youtube.url.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2688
Entropy (8bit):	7.922976179677555
Encrypted:	false
SSDEEP:	48:61KuxsK8ikHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:6M79dzDvXbzQnX/QxgSvrTuZmGhO
MD5:	4E2153E9132A42DCDDA9D0FF5B210D34
SHA1:	D26BF4AA1748A8E403F0A24DCD277DC76A49D978
SHA-256:	A133C976D081C2717EB55E908A0DE41718CE128E252B5136BD0690D74659E3A8
SHA-512:	0B435AD08C947C2CB223D6FEFAF83EFE804CFCB081C515FA4B20BC719CC572F3F26E223EA2DFBDE74FB243F9728023D3536491AD0577D3FA631FA3ABF5793D90
Malicious:	false
Preview:	..p...h...\....K.....;.a...!...:........h......z...@.<p...L..F..x...5I$.I..u..E]YNB.;G.b.H.3..X.(..O.U:N.V.p...............J....a..H].....5c ,k.L.....X-j...&~.g.h.^..]W#$H.a?..&FB]0AQ..I....X8j.......+./G..@...r..Y.k...).H....W...dS......79..f.f,,M..&..7.............).C>.<.}(....L.,.&nE..:..l....O..>o.X9.OC'H7.U...9.GWXB..a<..;.e...j..Y...;.+.@.2]..+C.......>;...)...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u...

C:\Users\user\Links\Desktop.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3072
Entropy (8bit):	7.934828387895848
Encrypted:	false
SSDEEP:	48:XtjBo5SiHzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:XtjBSSszDvXbzQnX/QxgSvrTuZmGhO
MD5:	8C5E01DD6A25757D7CC2B29689DC7DCA
SHA1:	E0A503B8D8A15032CD3F98EDE4FADCB3CFE0A5BC
SHA-256:	72BA7CF02A4D8FD3504365CE786D8E8FC6B4EF645253FC2F6C82D8D41D6F515F
SHA-512:	CB8A61EDF94279F75154D6DB678E784C921EDD5178108670E79CC392A1C714EF0A37B53DB2CA1811B52E833B7A3D28D5958BADA7C25DAF8B5DEB110CC4CC9723
Malicious:	false
Preview:	'.d-..J;P-3JUc.$..4.......y.i..\|'...wFOR.e..c....&n.......&..".2o.W......%.=.....#..dB..?Z.....b9..f.[.u...g........[....c.>-.....}..}...64.......q,.....0..FU.&....>.5...J#.KKda.[.1.vwjU0....n......g.3...r..:..4h.V.F....".)P.e''0ki.#..HJ..Q.UJ...=a..O.....M".c......;.k[.:.R.mEu....V$.uL-1....4B.2B..vY..G..b..n..[.>X..RG.eO.P.gO...v&?..w...>.U...2....JQ.b...PE...5LD..........o....]\.1.......$.A.90..s.1...kJ.zu..&...n"...?...K.)z.....h..U.....C.....-O...O...Ko~.T4@.................l.X.?"...bq.._..\|V.q..L....w..np..,To......<'...B.H..7F,.M..2I.X".8G.O.#...ju..2>....W.4$.e.j..2t..u...;.;.......}>.....%l.u..]._..}J..Q....1v.......0...z.3.....d.D_...\K...k.6.d.....C#.kE..\...6s.P..q....Y.U..)..x.YO...>:.T9..n.....`..]..0...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w

C:\Users\user\Links\Downloads.lnk.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	3520
Entropy (8bit):	7.9422429967128165
Encrypted:	false
SSDEEP:	96:S5kIjpSXdhuQ7pzDvXbzQnX/QxgSvrTuZmGhO:mjUXJzDvXbzSPQxgSvv0s
MD5:	9B70B6BFAD09712727F4880451A42E78
SHA1:	83889BDD611A2047EA20666E11D8AD70E96276AD
SHA-256:	583091701047405C1DAA6702BA01BDB305D6B35C7F2F9BFF37ACE16BB86EBFF0
SHA-512:	C777C39AFD5D3C9C892D514EB629E223E2ECF8E931D563DECCED92CF29D3A5E7E61753AE259096C8CA53C1AD8F8A32B5B635F67F02DA9B16CC28EF014455D8D6
Malicious:	false
Preview:	.'E..r0[C..\|u)?......d.[..L.S.!y...J..!....PXnk.....\.....5..w..M....J3z..+K.P..[+~...p.......?>2F.e~..a..PU.m...M.1.!..>R....-...q.......vL5....#...y.~.....BL..6Q.".T.T.4.....s{..,.^...L..."..W....e+....K.....(.[.qi560E+.8,..H.....l.......<.c..Mo...dF#..M..<..=-5....jq[.O.a...."..'.O,;N^.I..!..9.. .Z?...d.K...`4W..&....x..>.R!....hH.^j!B^.j..Y......q.0{.F...N.....UX;;.x...:.w...0.kz.d. ...1..BM...nA../..?.9...][..m...D...!..A.8..i:P..&5.s...O3RSb..G}D..K._...NL.u.?H..{......m....,..'.v..@#~B.:.1.W8]....w...b.x.........p.:.z.Y.s.\.(.g:..]37.........1;.0...U0.yz.fd..E.=.t#..H..T....R6..J. ......j...].k..d......u.PHC.mX.x......=. ./.U....K.2M.F.....+...-...\.1..+......U~.\|).9.t....D.]....E.u.....8BC.b.Mlj..62....IH..{../@K....N...U.uT...c&$...X..@..,...i...t...~.x..eH..5..M.)..c...N.O.j...D.w..b..Y...e.g..}..%P.].........T........E.0..'.f......;<.x.]-.{.f.3.SK...Bb7.R.c.P......Y.I.....................E.,jZ.X..6_..P...p..\T...G.7H..w.W"...

C:\Users\user\Links\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Music\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Pictures\Camera Roll\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Pictures\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\Users\user\Videos\NightSkyReadMe.hta Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	8096
Entropy (8bit):	5.517281068815854
Encrypted:	false
SSDEEP:	96:0lx67dzGEFMlN67QAbu7PBxaZGILRryE76hK0lNXDhlatERG76rRLbOP9k86C4C7:0lU7zMlQ7KzW1xmFlaymO8XDNJ
MD5:	77271F4222F5C197F203D16052E09015
SHA1:	C549B429EC037FF0E085DCEE7B8ED636FC258F22
SHA-256:	29E255933D04E25882CCA4D0BE597B4EAA36EE729B62CA93FE4789B0283641E3
SHA-512:	1ECD1CC449FDFBBAE5312988904BC8E0B2799FDF28CE902E9788320C94C60E7ECDE1F5245C7E312A9E2E14D17DB227B1A1DCA0C94C7F670C4A8A0ECC22FD5A0D
Malicious:	false
Preview:	.<!DOCTYPE html>.<html><head><meta charset="utf-8" /><meta name="Application" content="Mybase Desktop" /><title>AGIJ</title>.<style>.a:hover {...cursor: pointer;..}....a:hover {...text-decoration: none;...background: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHZpZXdCb3g9JzAgMCAyMCA0Jz4KPHBhdGggZmlsbD0nbm9uZScgc3Ryb2tlPSdibHVlJyBkPSdNMCAzLjVjNSAwIDUtMyAxMC0zczUgMyAxMCAzIDUtMyAxMC0zIDUgMyAxMCAzJy8+Cjwvc3ZnPgoK") repeat-x 0 100%;...background-size: 20px auto;...animation: wave0 1s 10 linear;..}....@keyframes wave0 {...0% { background-position: 0 100%; }...100% { background-position: -20px 100%; }..}....pre{...border: 4px solid #d6d6d6;...border-radius: 7px;...padding: 0px;...margin-right: 0.5em;..}....code{...font-family: Monaco, Consolas, Monospace, Courier;...border-radius: 4px;..}.....CLS_InlineCode{...background-color: DarkCyan;...color: white;...padding: 2px 4px;...margin: 0px 3px;...font-family: Monaco, Consolas, Monospace, Courier;..}.....

C:\bootTel.dat.nightsky Download File
Process:	C:\Users\user\Desktop\update.exe
File Type:	data
Category:	dropped
Size (bytes):	2656
Entropy (8bit):	7.926815259342183
Encrypted:	false
SSDEEP:	48:+EKE+HzDvXU2zVinX/EEUXqLsgO9unqcmf84uZmiPL31hTF1G:+/zDvXbzQnX/QxgSvrTuZmGhO
MD5:	5B70A638645FD515726EDE3B52F2430A
SHA1:	DEE59E9222EB64B95015418A4C34C74F587213DA
SHA-256:	76417CBB877C461D77FE44F945B8B477B28B8CB0CD14CDAC3037AA7B0AE56629
SHA-512:	6228403D5BC24F23C3B9F64BC034AA08B7341190341D62613EC2D283CB444D9E552AE1E8CF747376833C535BC2BA7982F26CDBC94DA7511FD184E958BE873F45
Malicious:	false
Preview:	U]..''.....e.++.e3...q.....K.br..k....QD.v...jB.^..x#....db....O...1...H."P................R.D.@i..vM$b..b....cD.;I<.Ur.5.c.W.O2`&.Y..q.0<4.6..W..n_,~&~.........R.r.y......f.. .dr........m...uX....T..o..........%..X.......r...k.m.A.jg-.2...)..O.......C.N.&).9A..i7~-.W.[\|c........,qRf(..g..x.P.=.......H..=..9.].0Q.....=..?.'...cP...W...E.V.b.F..40H....V......m..+..}e./.S...Qj...I.^}{x...........)...FBhJ.;_`.P.u`.q)..fG..q.b..x..Y.o..y.>_..[#.kh...W...(.R.q...m.~..f.9...U.......^A..jI.p...B..rG..+ye.Y.;...X.^./^4SK.:..yd.....l.....U.T.N\...%f!j........6.w NT..BE..Y.=q.a..Pm.\..p"d@..\w....}s.0]...(..Q{P...t..s.+...[S+S.@..T..U.h..d5...o7n\B(z....GD.....k..Z.m./...+m....x0i...}..._...6.. .{..3U....1t.=.X.}..)..;.....8(.{c.6..q4CuzT._..M.?U.v."T P.....&..v..o.rn7.iaII...........@...F.@).+a...T....i..#..f./.*..O.Mm.".C.d.P...H;.]l`"..DD.u.@r...v....K.(.r.Q......L`{.a.fyb.m....$.....bW..".{..8.!.G......F2. ..p\..9..6u.....%..._.Y.v......t...2GJ.D....L

Static File Info

General
File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	7.918389617188381
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	update.exe
File size:	5945856
MD5:	9608c8b6c8d80fdc67b99edd3c53d3d2
SHA1:	37b11d3d7b7a1d18daafd6c63b33526860aaefe6
SHA256:	8c1a72991fb04dc3a8cf89605fb85150ef0e742472a0c58b8fa942a1f04877b0
SHA512:	4c98ff99686f2b54648c0926fbc1e92522520b11d1447a0fdf2aa11e25de2c109a0e55ae8f736404a3feed7288cb257cd57812ecdaeae41051a6ec3a0f6bfa15
SSDEEP:	98304:7iTgMQwfZtqifsjEiwkA+DUg47V6pH/LZAtpla02dK70xioBqOy:7SBttRiA+4GJtAZa088h
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......a.........."......z...*........B........@..........................................`................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x140421807
Entrypoint Section:	.2fU2
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:	0x61CDD014 [Thu Dec 30 15:28:20 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	d9335d46ba7ec00ed7f9cc1bc2720cc8

Entrypoint Preview

Instruction
push E35AFF00h
call 00007EFDD51C4CBBh
das
push esp
scasd
pushad
cmp eax, 69AA3CEBh
cld
test dl, al
add eax, 37170222h
ficom dword ptr [ebp+6A366B4Eh]
popad

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7f6018	0xa0	.2fU2
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x94f000	0x1d5	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x947f20	0x56a0	.2fU2
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x94e000	0xac	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x947e80	0x94	.2fU2
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3a2000	0xc0	.2fU1
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x379b0	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x39000	0x1777c	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x51000	0x7578	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata	0x59000	0x2a0c	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids	0x5c000	0xa4	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.2fU0	0x5d000	0x34475f	0x0	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.2fU1	0x3a2000	0xa30	0xc00	False	0.0348307291667	data	0.211522257874	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.2fU2	0x3a3000	0x5aa5c0	0x5aa600	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
.reloc	0x94e000	0xac	0x200	False	0.28515625	data	1.69646885943	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x94f000	0x1d5	0x200	False	0.53125	data	4.71767883295	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0x94f058	0x17d	XML 1.0 document text	English	United States

Imports

DLL	Import
KERNEL32.dll	FindNextFileW
SHELL32.dll	SHEmptyRecycleBinA
RstrtMgr.DLL	RmStartSession
ADVAPI32.dll	CryptGenRandom
KERNEL32.dll	GetSystemTimeAsFileTime
USER32.dll	CharUpperBuffW
KERNEL32.dll	LocalAlloc, LocalFree, GetModuleFileNameW, GetProcessAffinityMask, SetProcessAffinityMask, SetThreadAffinityMask, Sleep, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: update.exe PID: 6816 Parent PID: 5000

General

Start time:	14:01:04
Start date:	06/01/2022
Path:	C:\Users\user\Desktop\update.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\update.exe"
Imagebase:	0x7ff6f5eb0000
File size:	5945856 bytes
MD5 hash:	9608C8B6C8D80FDC67B99EDD3C53D3D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: conhost.exe PID: 6892 Parent PID: 6816

General

Start time:	14:01:05
Start date:	06/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse mshta.exe to proxy execution of malicious .hta files and Javascript or VBScript through a trusted Windows utility. There are several examples of different types of threats leveraging mshta.exe during initial compromise and for execution of code
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Loaded DLLs, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.In the case of ransomware, it is typical that common user files like Office documents, PDFs, images, videos, audio, text, and source code files will be encrypted. In some cases, adversaries may encrypt critical system files, disk partitions, and the MBR.
Tactics:	Impact
Data Sources:	File monitoring, Kernel drivers, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report update.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: update.exe PID: 6816 Parent PID: 5000

General

Chronological Activities

Analysis Process: conhost.exe PID: 6892 Parent PID: 6816

General

Chronological Activities