Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JpQFDOA7Uk.exe

Overview

General Information

Sample name:JpQFDOA7Uk.exe
renamed because original name is a hash value
Original sample name:de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324.exe
Analysis ID:1526557
MD5:4e66429d85967e344d8354e9b81719dc
SHA1:b958fb7241cc9675b8dd967b02df6a6ad92de52d
SHA256:de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324
Tags:DoubleFaceTeamexeuser-JAMESWT_MHT
Infos:

Detection

Score:54
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found stalling execution ending in API Sleep call
Modifies existing user documents (likely ransomware behavior)
Writes a notice file (html or txt) to demand a ransom
Checks for available system drives (often done to infect USB drives)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Sleep loop found (likely to delay execution)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • JpQFDOA7Uk.exe (PID: 6768 cmdline: "C:\Users\user\Desktop\JpQFDOA7Uk.exe" MD5: 4E66429D85967E344D8354E9B81719DC)
    • conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: JpQFDOA7Uk.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: JpQFDOA7Uk.exeReversingLabs: Detection: 76%
Source: JpQFDOA7Uk.exeVirustotal: Detection: 81%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.2% probability
Source: JpQFDOA7Uk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\.ms-ad\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\3D Objects\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Contacts\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\EIVQSAOTAQ\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\EWZCVGNOWT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\GRXZDKKVDB\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\LIJDSFKJZG\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\NWCXBPIUYI\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\NYMMPCEIMA\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\PALRGUCVEH\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\VWDFPKGDUF\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\EWZCVGNOWT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\GRXZDKKVDB\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\LIJDSFKJZG\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\NWCXBPIUYI\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\NYMMPCEIMA\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\PALRGUCVEH\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\VWDFPKGDUF\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Downloads\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Favorites\Links\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Favorites\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Links\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Music\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\OneDrive\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Pictures\Camera Roll\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Pictures\Saved Pictures\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Pictures\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Recent\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Saved Games\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Searches\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Videos\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Documents\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Downloads\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Music\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Pictures\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Videos\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: z:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: x:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: v:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: t:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: r:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: p:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: n:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: l:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: j:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: h:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: f:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: b:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: y:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: w:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: u:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: s:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: q:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: o:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: m:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: k:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: i:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: g:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: e:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_00422120 GetSystemDirectoryW,wsprintfW,wsprintfW,GetFileAttributesW,wsprintfW,FindFirstFileW,Sleep,FindNextFileW,FindClose,DeleteFileW,FindClose,0_2_00422120
Source: unknownDNS traffic detected: query: 241.42.69.40.in-addr.arpa replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: JpQFDOA7Uk.exe, CyberVolk_ReadMe.txt42.0.dr, CyberVolk_ReadMe.txt16.0.dr, CyberVolk_ReadMe.txt35.0.dr, CyberVolk_ReadMe.txt19.0.dr, CyberVolk_ReadMe.txt29.0.dr, CyberVolk_ReadMe.txt25.0.dr, CyberVolk_ReadMe.txt5.0.dr, CyberVolk_ReadMe.txt8.0.dr, CyberVolk_ReadMe.txt10.0.dr, CyberVolk_ReadMe.txt28.0.dr, CyberVolk_ReadMe.txt33.0.dr, CyberVolk_ReadMe.txt11.0.dr, CyberVolk_ReadMe.txt22.0.dr, CyberVolk_ReadMe.txt37.0.dr, CyberVolk_ReadMe.txt12.0.dr, CyberVolk_ReadMe.txt32.0.dr, CyberVolk_ReadMe.txt18.0.dr, CyberVolk_ReadMe.txt24.0.dr, CyberVolk_ReadMe.txt.0.dr, CyberVolk_ReadMe.txt1.0.drString found in binary or memory: https://t.me/cubervolk
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_004217D0 SHGetFolderPathA,SHGetFolderPathA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,SetTimer,GetWindowLongW,LoadBitmapW,BeginPaint,CreateCompatibleDC,SelectObject,SelectObject,GetObjectW,BitBlt,SetTextColor,SetBkMode,SetRect,CreateFontA,SelectObject,DrawTextA,SelectObject,DeleteDC,EndPaint,GetDlgItem,GetDlgItem,ShowWindow,ShowWindow,GetDlgItem,ShowWindow,GetWindowLongW,LoadBitmapW,BeginPaint,CreateCompatibleDC,SelectObject,SelectObject,GetObjectW,BitBlt,SetTextColor,SetBkMode,SetRect,CreateFontA,SelectObject,DrawTextA,SelectObject,DeleteDC,EndPaint,MessageBoxW,GetDlgItemTextA,MessageBoxA,SHGetFolderPathA,EndDialog,GlobalAlloc,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,InvalidateRect,KillTimer,SHGetFolderPathA,MessageBoxW,0_2_004217D0
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_004217D0 SHGetFolderPathA,SHGetFolderPathA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,SetTimer,GetWindowLongW,LoadBitmapW,BeginPaint,CreateCompatibleDC,SelectObject,SelectObject,GetObjectW,BitBlt,SetTextColor,SetBkMode,SetRect,CreateFontA,SelectObject,DrawTextA,SelectObject,DeleteDC,EndPaint,GetDlgItem,GetDlgItem,ShowWindow,ShowWindow,GetDlgItem,ShowWindow,GetWindowLongW,LoadBitmapW,BeginPaint,CreateCompatibleDC,SelectObject,SelectObject,GetObjectW,BitBlt,SetTextColor,SetBkMode,SetRect,CreateFontA,SelectObject,DrawTextA,SelectObject,DeleteDC,EndPaint,MessageBoxW,GetDlgItemTextA,MessageBoxA,SHGetFolderPathA,EndDialog,GlobalAlloc,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,InvalidateRect,KillTimer,SHGetFolderPathA,MessageBoxW,0_2_004217D0

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile deleted: C:\Users\user\Desktop\PALRGUCVEH\ZIPXYXWIOY.pngJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile deleted: C:\Users\user\Desktop\GIGIYTFFYT.pdfJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile deleted: C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docxJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile deleted: C:\Users\user\Desktop\PALRGUCVEH.docxJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile deleted: C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.pdfJump to behavior
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Desktop\BJZFPPWAPT\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\.ms-ad\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Downloads\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\3D Objects\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Contacts\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Desktop\EIVQSAOTAQ\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Desktop\EWZCVGNOWT\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Favorites\Links\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Favorites\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile dropped: C:\Users\user\Desktop\GRXZDKKVDB\CyberVolk_ReadMe.txt -> greetings. all your files have been encrypted by cybervolk ransomware. please never try to recover your files without decryption key which i give you after pay. they could be disappeared?you should follow my words.pay $1000 btc to below address.my telegram : @hacker7our team : https://t.me/cubervolkwe always welcome you and your payment.Jump to dropped file
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0041F2300_2_0041F230
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0040846E0_2_0040846E
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_00418CDF0_2_00418CDF
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_004140900_2_00414090
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0041FD700_2_0041FD70
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0040812C0_2_0040812C
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0041453B0_2_0041453B
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0041B9D00_2_0041B9D0
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_004087CD0_2_004087CD
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0041CBA00_2_0041CBA0
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: String function: 00420F20 appears 52 times
Source: JpQFDOA7Uk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.CyberVolk.0.drBinary string: \Device\HarddiskVolume3\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
Source: classification engineClassification label: mal54.rans.evad.winEXE@2/183@1/0
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\.curlrc.CyberVolkJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\AppData\Local\Temp\tmp.bmpJump to behavior
Source: JpQFDOA7Uk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile read: C:\Users\user\3D Objects\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: JpQFDOA7Uk.exeReversingLabs: Detection: 76%
Source: JpQFDOA7Uk.exeVirustotal: Detection: 81%
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile read: C:\Users\user\Desktop\JpQFDOA7Uk.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\JpQFDOA7Uk.exe "C:\Users\user\Desktop\JpQFDOA7Uk.exe"
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeAutomated click: OK
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeAutomated click: OK
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeAutomated click: OK
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeAutomated click: OK
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeAutomated click: OK
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: JpQFDOA7Uk.exeStatic file information: File size 8167424 > 1048576
Source: JpQFDOA7Uk.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x79ea00
Source: JpQFDOA7Uk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_004193F1 push ecx; ret 0_2_00419404
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\.ms-ad\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\3D Objects\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Contacts\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\EIVQSAOTAQ\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\EWZCVGNOWT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\GRXZDKKVDB\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\LIJDSFKJZG\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\NWCXBPIUYI\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\NYMMPCEIMA\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\PALRGUCVEH\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\VWDFPKGDUF\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Desktop\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\EWZCVGNOWT\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\GRXZDKKVDB\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\LIJDSFKJZG\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\NWCXBPIUYI\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\NYMMPCEIMA\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\PALRGUCVEH\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\VWDFPKGDUF\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Documents\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Downloads\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Favorites\Links\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Favorites\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Links\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Music\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\OneDrive\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Pictures\Camera Roll\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Pictures\Saved Pictures\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Pictures\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Recent\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Saved Games\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Searches\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\Videos\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\user\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Documents\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Downloads\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Music\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Pictures\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\Videos\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\Public\CyberVolk_ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeFile created: C:\Users\CyberVolk_ReadMe.txtJump to behavior

Malware Analysis System Evasion

barindex
Found stalling execution ending in API Sleep call
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeStalling execution: Execution stalls by calling Sleepgraph_0-10483
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeWindow / User API: threadDelayed 4053Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeWindow / User API: threadDelayed 406Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeWindow / User API: threadDelayed 1058Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeWindow / User API: threadDelayed 364Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeWindow / User API: threadDelayed 3334Jump to behavior
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 586Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exe TID: 6500Thread sleep time: -4053000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exe TID: 6500Thread sleep time: -3334000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeThread sleep count: Count: 1058 delay: -10Jump to behavior
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_00422120 GetSystemDirectoryW,wsprintfW,wsprintfW,GetFileAttributesW,wsprintfW,FindFirstFileW,Sleep,FindNextFileW,FindClose,DeleteFileW,FindClose,0_2_00422120
Source: JpQFDOA7Uk.exe.CyberVolk.0.drBinary or memory string: TnzRmwSovMci8KR 06
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0040DC1C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040DC1C
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_00401C7A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00401C7A
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_0040DC1C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040DC1C
Source: C:\Users\user\Desktop\JpQFDOA7Uk.exeCode function: 0_2_004015F7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004015F7

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		Windows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network Medium2
Data Encrypted for Impact
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Virtualization/Sandbox Evasion		LSASS Memory11
Security Software Discovery		Remote Desktop Protocol2
Clipboard Data		1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager2
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets11
Peripheral Device Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
JpQFDOA7Uk.exe76%ReversingLabsWin32.Ransomware.Cybervolk
JpQFDOA7Uk.exe82%VirustotalBrowse
JpQFDOA7Uk.exe100%AviraTR/AD.Nekark.ripqb

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://t.me/cubervolk0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
241.42.69.40.in-addr.arpa
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://t.me/cubervolkJpQFDOA7Uk.exe, CyberVolk_ReadMe.txt42.0.dr, CyberVolk_ReadMe.txt16.0.dr, CyberVolk_ReadMe.txt35.0.dr, CyberVolk_ReadMe.txt19.0.dr, CyberVolk_ReadMe.txt29.0.dr, CyberVolk_ReadMe.txt25.0.dr, CyberVolk_ReadMe.txt5.0.dr, CyberVolk_ReadMe.txt8.0.dr, CyberVolk_ReadMe.txt10.0.dr, CyberVolk_ReadMe.txt28.0.dr, CyberVolk_ReadMe.txt33.0.dr, CyberVolk_ReadMe.txt11.0.dr, CyberVolk_ReadMe.txt22.0.dr, CyberVolk_ReadMe.txt37.0.dr, CyberVolk_ReadMe.txt12.0.dr, CyberVolk_ReadMe.txt32.0.dr, CyberVolk_ReadMe.txt18.0.dr, CyberVolk_ReadMe.txt24.0.dr, CyberVolk_ReadMe.txt.0.dr, CyberVolk_ReadMe.txt1.0.drtrueunknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1526557
    Start date and time:2024-10-06 10:02:08 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 7m 51s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:34
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:JpQFDOA7Uk.exe
    renamed because original name is a hash value
    Original Sample Name:de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324.exe
    Detection:MAL
    Classification:mal54.rans.evad.winEXE@2/183@1/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 77%
    • Number of executed functions: 18
    • Number of non-executed functions: 18
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Override analysis time to 240000 for current running targets taking high CPU consumption

    Warnings

    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size getting too big, too many NtSetInformationFile calls found.
    • Report size getting too big, too many NtWriteFile calls found.

    Simulations

    Behavior and APIs

    TimeTypeDescription
    04:03:34API Interceptor9396631x Sleep call for process: JpQFDOA7Uk.exe modified

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:modified
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Reputation:low
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\Public\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Reputation:low
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\Public\Documents\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Reputation:low
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\Public\Documents\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1340
    Entropy (8bit):5.457167810629989
    Encrypted:false
    SSDEEP:24:0KX1g7YHVCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:/g7YUCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:601BA4D59848055C4F0B9EE8FB093229
    SHA1:EB8BB501DE96CB12DBCD95E696CBFD158891A116
    SHA-256:EDD1ADEAFDEB0BD3B25CF051915B876483006356D30FA30F59C457669786C70F
    SHA-512:D8737D25D0E0C88DCF494D8E5D47FC000CE46A0BEEFB06B7AC598BD0203965827AFADF3BE5EA47AA9AA54C45DC932B9271C52FF64E4E373084E95D08E2F4CD2E
    Malicious:false
    Reputation:low
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3.4. ..a...rt.W..j..N.'...A8..=^...=.NL{p..w.K...[<qK.MP...6.#...s..I.[........v.9.....c.!..p..l..%.v.....}3%P.P.W.j41.u.#.. ---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd

    C:\Users\Public\Downloads\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Reputation:low
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\Public\Downloads\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1228
    Entropy (8bit):5.059527954580536
    Encrypted:false
    SSDEEP:24:0KXSBCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:g4CP1A1UuPL8aUzNpXnh1Q6WK
    MD5:6A25BAF0F3C5C6373D876445F9D6E1F8
    SHA1:2411D931C3D991DDA1197DEBFC6FD9BDC06490C1
    SHA-256:1946A118237CA91E89DD3BE70E59076B4E52EE5E01F624C6B0FA7476E26DD96B
    SHA-512:BFCBD481F19D6A1637456C4E36ECFB91A3B662616FF7FA0923AE7EA14D8842F913931DE540D590A54877E88CF5AF50DA8B1117225246E5813AC891726146347A
    Malicious:false
    Reputation:low
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3..TX.......A.3w.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc89c821d2813e1f7c8032556453a969e9946aa903deada1eed76ccd15888dd8cfad01c3b73a8d111f5

    C:\Users\Public\Music\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Reputation:low
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\Public\Music\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1436
    Entropy (8bit):5.750209596067987
    Encrypted:false
    SSDEEP:24:0KXgoZ1axd91CCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:CoCKCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:AC34C032561A05ED69B8E13E88B8D349
    SHA1:59FA834C8F1DFBB2B867472B42B9E5A70F7B60F2
    SHA-256:9F0BDA7A9FC07ACC36C10817470EA3ABA0C728115E7F79A15AD26D311379E733
    SHA-512:55B4939C4F04D620AB05731CBE458EBE2773D665B0E9FD4E27D558D34C0848BC94897DE1784DEB3F44A2EC39980C2F22920AFAFD4DF62C8C6BD2CE6E8A7F5BA4
    Malicious:false
    Reputation:low
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3...iE...rJ.rA......k.....ivEU@.eN..pR1..^.O..n...p...,.V.^.ky.)..wU..q...g$.KT..Kr....A......Xf......r.e..T...TJ.C..u......>.4...x.pto.Y..up..3C......k.n.+..{.%.R...,...!K0j...a....d.vE....Z/.S...c......4.Ox.....K---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257

    C:\Users\Public\Pictures\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Reputation:low
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\Public\Pictures\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1436
    Entropy (8bit):5.749222241619445
    Encrypted:false
    SSDEEP:24:0KXVVB7uM0N/CCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:Nx0KCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:1AF78655A78DFED1DC1FCFB41244EC67
    SHA1:6333BC65E08A305A101CE46BE0DC24CD181BC0D4
    SHA-256:9E15A5B9B9A2249EA9896E2CC6FC8E9D7C141C1EDB44D7D415394FFCB8268B63
    SHA-512:EDF563C7BE47DDDB7E03CBA13F6E3A8FD7611110294C59A1F0DC6A104B850B8DDC6D4B954205B563CABCF8A813BA1A48A0ACBF04FB23FDB6CC0381D8F3DF4189
    Malicious:false
    Reputation:low
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3k..)6jM...|..7x.p.....u..^..K'tA.C..U...].w.lB...UB....n..TD|...`.;..I97..q....d...%....8...X9.....l:..Q..( p....O..VX..P...j.o..D%{....:...|../..$.x....Yg.u.B"..].. .6...l...kI.u.1...DK.0...i..........0.K. w.p...s.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257

    C:\Users\Public\Videos\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Reputation:low
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\Public\Videos\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1436
    Entropy (8bit):5.68485913787104
    Encrypted:false
    SSDEEP:24:2drgvVzvxjLU3xbfrkHuELstUvpwntaaZBxzQRPnXkNSIc+czf8ASLGR:KMVx03xbf4Hppvgt5kR/XkNSIc+czf9l
    MD5:EAE2154C3BFDF7197250B5A944068FA8
    SHA1:3D731F616276AF97F3E8E5950A3D5B13BAFB1630
    SHA-256:D83D2E98ABD414AA8D2D26DE0667EB45F5235376613B19A61E68697109592ABE
    SHA-512:3526A0CAC1A911510B4C93F0F0DE80E71112A6520FA27312AA8AB3FBA92CE3DEAD409B0F04B4F50BCC9BE10F36831C9A80CCED118F5DE48F3FECAE849E53A5A1
    Malicious:false
    Preview:).5..7%..Yg..Ar]:dUi...XB7a.BY...t{".d...m.z?...43..ox(..Ex....d......$.6us/KV...~_.0>t.KA...VL.u.....d%9NJ..U......r-REU....;../..yM.....O..3...%...4.j...~....1..:.....e........>z@.z.....z.....].w5.E..il^..^&wFdJG...$.E.j.......4....g@.....k.01.....E9.......u.}.7...[.%|.......("sF1.?sU.8"7mrtSY9z.0.B.m....-}X@vw...bS.....V.....K..<.... ....V..r..?.u.........*....0....(.t{.#$..!./---*8+8*---82aec58bfc53e280724551381b8cecc67d5315b5bc723f8e1e7a2748d281d0c211ed34bb8214e9afaac82be90f87f1cc7cd8d14568e4dc89b8e1698e38d5747a7388e93f322f8d145366462b2488b93ce3338382281d3b744fd7b68ab5b0b74d16fc984805b8eaf51b92eeb4fcf50f4fb209f1bd29fb8f75a619c9c1c38333d58994918cea3a267c674ecd056ab360c391f99e995028ec9c85b726246a468396f1d496854846c84a09851801a5675eda77e61223e27b6ff5fd93a7e1030e7d05e564c8b03fadc62d7d07713db828f4e19d546947629e18c8ec2acae5d976c0388247151054cb2fb5a85dd5e9cd20dfdc7b664fcd057964d348e610080fce304c947765b80af5a7734b916ddc35b4326241c7c4eeb13624f49e8d89d75b91ae792bc366d142742

    C:\Users\Public\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1228
    Entropy (8bit):5.064056964082534
    Encrypted:false
    SSDEEP:24:0KXo3CCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:1CP1A1UuPL8aUzNpXnh1Q6WK
    MD5:1BBE05134EB4743E9FFC306BAA110F2A
    SHA1:D7CB8006BB3922B7939D6A0601AECF7C67234C91
    SHA-256:24CB4EE929012356C58339AB16D10ACB711F53871746626A0E3F038E43BB330C
    SHA-512:3C5FFD92CC68C4B49FDDC8F1E4CFEFF79061D993E82EE02C901051F990D4D076D22D86FA9E190BFEAB865B002DF4D753522B1011F17583038AA4CC3B19936868
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3..S..'.\..w.^...---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc89c821d2813e1f7c8032556453a969e9946aa903deada1eed76ccd15888dd8cfad01c3b73a8d111f5

    C:\Users\user\.curlrc.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1067
    Entropy (8bit):4.238690403661082
    Encrypted:false
    SSDEEP:24:r0Q27Vk5z3h3xBnBnFnoo79omk08Ecaup56BIYtBnyXbRPbAU:sG7hhBtrxhk0VZIeS1n
    MD5:71CC07DA8F04B34CA2C009F31D4E47BE
    SHA1:3E662CEC0F5C20248C364DA296115D2D3CA04BDE
    SHA-256:627911877C7E8730429CD4D8380277D18BBDC00A63EA3C1987FBB5A5C5636A65
    SHA-512:EE04B6F875CCFFB70DEFFF9D45210B4A76453B419164CC472906474D040194B68A30AA46DB04BEFB729333F6E0010ECD4BEFCCC58D05F48D285F2830993570F8
    Malicious:false
    Preview:.gF`[.C...*8);n...FJ..T......[c---*8+8*---f5299248cf6de57ff9687549aab3bb7a50b6766c6c9a1caa025e964e10b6a0a90d7d9d4c529a7778c19b0f2ca8b756b7a5162c83d529caeb13cb8a6407f430134ede1868c35459cbff1c1b6385f59af40a6092551bb3465f8e0242dc0c5ce7604aa742e64765c5849cc699e00ffb2e1e322000fad12b67a3b9039f5a0fa04c64fa10b9a108e202e7268e51e23af3262fb646cf0b91d1f18ff796967f9a3f41ed9d68e11a015779cd83676bf5b2f483ab23764937b52d8371b4101a157a190e68d5a47dc2d7f614ea60fabcff5dbaff88cceb3da451454164bc60f8b66a9b07f14091657d6fff6995d1bfa79e2d738f7d419db334d4dfc009c0d1bfa41e809c015fc633cc30a7ed1b820210a2492c63e807cb5320bf69ced998381c638df3b1e615ff735d22eec5a11c5b55bef7b0151ec2df7911c50a3aaf9cda4c35cf1c50128ca5b61224c1ba4bdcc045627aeba8f1dc670b56ba2490ce8c9ec69b5faa6d0cfa01f99b171bba5f7760cc748418dc138b3d1ee254b3b1d5f9f2ad8fd94f8910eb81266ae4bd71091ae6bd92688ad74d6ba0b84403784bbae4f91f010ea3eb6d4a64145bf0c11c47a91e8f707e66ef6eab9176a2f51978ee2eedde2925e04f082bfc1fd087a5b8a247c959c5f0e89a76d35e0d3aa6d8b1919c475b56c6bdd

    C:\Users\user\.ms-ad\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\3D Objects\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\3D Objects\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1355
    Entropy (8bit):5.510883777638181
    Encrypted:false
    SSDEEP:24:rkYCELcNGZuWgdQQ27Vk5z3h3xBnBnFnoo79omk08Ecaup56BIYtBnyXbRPbAU:4+ELcG7hhBtrxhk0VZIeS1n
    MD5:0DEA065DC8D129C591B51B2DBC8C324B
    SHA1:E59913C0E601474903A1FA8DCB25E51F19EAAF5E
    SHA-256:DDCE7A7950E8DA9486BB10E90063EE3396B0983700EBD6C18ABA32DFA3AFD7C3
    SHA-512:4A44F6B366DF57D9C16AFDEF9CFC84EB952605D7C0704857417F8C37DE14263DB06AA8A192FB91A5B555B16439BBF49902D94EEA0CE6EB48213F18CAAB4CE878
    Malicious:false
    Preview:.gF`[.C...*8);n=.`..wrH........R.......f....5.........c..c}j..l..C&.w..F~.Pm./...3...~#.KF|.`~. .~..k.r8..8...?l.A..\.5".._..u...*.......Oxa.z['0N..]J.g.g...J[......T.$Q......:%5..NA.H.I[`.u.....@.....?...-.~3....\@...+.....h...L..j.}...............N...P....6..q.O.....(..../.xo.I"G.$......F..`cOp---*8+8*---f5299248cf6de57ff9687549aab3bb7a50b6766c6c9a1caa025e964e10b6a0a90d7d9d4c529a7778c19b0f2ca8b756b7a5162c83d529caeb13cb8a6407f430134ede1868c35459cbff1c1b6385f59af40a6092551bb3465f8e0242dc0c5ce7604aa742e64765c5849cc699e00ffb2e1e322000fad12b67a3b9039f5a0fa04c64fa10b9a108e202e7268e51e23af3262fb646cf0b91d1f18ff796967f9a3f41ed9d68e11a015779cd83676bf5b2f483ab23764937b52d8371b4101a157a190e68d5a47dc2d7f614ea60fabcff5dbaff88cceb3da451454164bc60f8b66a9b07f14091657d6fff6995d1bfa79e2d738f7d419db334d4dfc009c0d1bfa41e809c015fc633cc30a7ed1b820210a2492c63e807cb5320bf69ced998381c638df3b1e615ff735d22eec5a11c5b55bef7b0151ec2df7911c50a3aaf9cda4c35cf1c50128ca5b61224c1ba4bdcc045627aeba

    C:\Users\user\AppData\Local\Temp\tmp.bmp

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:PC bitmap, Windows 3.x format, 1920 x 1080 x 24, image size 6220800, cbSize 6220854, bits offset 54
    Category:dropped
    Size (bytes):6220854
    Entropy (8bit):7.24706441700385
    Encrypted:false
    SSDEEP:98304:+CqRRRRRgRRRRRRRRRRRRRURRRRRRRRRRRRR/3RNRcDRRRRRH50rRRRRR9B0PHMV:4RRRRRgRRRRRRRRRRRRRURRRRRRRRRRN
    MD5:3F06E2F6CDF6D3720A7BCA4528803043
    SHA1:0454F8EFDD90087A2ED5AC3B342208B561CAA404
    SHA-256:9D071C103A738EE9021D705EF07F6A34435C5C537A4BD41831B4CCB6602DC2E3
    SHA-512:A3A4AD92F5AF55971E80E5676F51241456C619EE9E04E76B342478FEFB561CD4BBE6962D345A497E78CF8A6EBD821F31274629E1C32C21AB15D4EC85429B4553
    Malicious:false
    Preview:BM6.^.....6...(.......8.............^..................................... ..!..!..!.. ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ .. .. .. ..!..!..!..!..!..!..!..!............................. .."..#..$..#..#..#.. .. ..!..!.."..".."..#..%..&..%..%..$..!.. ............................. ................. ..!..... .. ..!..!.."..".."................................................................. .."..#..$..".. ..............................................................................................

    C:\Users\user\AppData\Roaming\time.dat

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):5
    Entropy (8bit):1.9219280948873623
    Encrypted:false
    SSDEEP:3:Lq:W
    MD5:187BEC2578EF4A5CB35BDFBE8FC8088E
    SHA1:BCD7D5FB9759D66C2022B55D69D57E7C7396550E
    SHA-256:28F67755E2432C2233B3C5573C2ABD62455BC3033460D58F8AFA336E1FA64913
    SHA-512:EB70A740B7B2C5A32C814F9E04A36EBA2CDF4069B69BB1796363B11C99004A09C61812E023776F9DB3D90EA0FC2E76C9427B6994C7A51FA3AD6714760B7F45FF
    Malicious:false
    Preview:17753

    C:\Users\user\Contacts\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Contacts\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1467
    Entropy (8bit):5.791779824047297
    Encrypted:false
    SSDEEP:24:rkYgoNi48orcLLnwyhQ27Vk5z3h3xBnBnFnoo79omk08Ecaup56BIYtBnyXbRPb7:4Hog4TrQdG7hhBtrxhk0VZIeS1n
    MD5:3826DA2AE4549333A94254E741A92F3F
    SHA1:12F38937275AE9E3E5025C13F3A9E4267020115B
    SHA-256:B6E4C318046EB02D66709B7CDCB244DE720C69FDEF505F2F75453125973B5770
    SHA-512:576AC346199598915DC61643C9E19E96615C7F5C0E057613900F4C0D2C81E4BD11FAD12916EBA12071910FF06D6F2DB7714D8C46F0B12053D2C6DB2C3C656D50
    Malicious:false
    Preview:.gF`[.C...*8);n=.`..wrH........R.......f....5.........c..c}j..l..C&.w..F~.Pm./...3...~#..whM0Z...nR...S..K..2..Q...H...(.......\.Q.,j.bso...'w..t..U..e:....)....mI.a..&...TI...wn...<..K`.m.....`../..yR......<...o.C..yh!.L9B&.....lHZ....i.6....h.40&....!\..0.5.?.3.EXY..7.......oG...<.cK.....`.[Z....=.H.....k...n..F.h..u...D.b|S.<m>jc}..9..f..*r'Z.].+;.t..g9.st.M.R.5...((o.SpX").1.j...6..b..-..../....p.K---*8+8*---f5299248cf6de57ff9687549aab3bb7a50b6766c6c9a1caa025e964e10b6a0a90d7d9d4c529a7778c19b0f2ca8b756b7a5162c83d529caeb13cb8a6407f430134ede1868c35459cbff1c1b6385f59af40a6092551bb3465f8e0242dc0c5ce7604aa742e64765c5849cc699e00ffb2e1e322000fad12b67a3b9039f5a0fa04c64fa10b9a108e202e7268e51e23af3262fb646cf0b91d1f18ff796967f9a3f41ed9d68e11a015779cd83676bf5b2f483ab23764937b52d8371b4101a157a190e68d5a47dc2d7f614ea60fabcff5dbaff88cceb3da451454164bc60f8b66a9b07f14091657d6fff6995d1bfa79e2d738f7d419db334d4dfc009c0d1bfa41e809c015fc633cc30a7ed1b820210a2492c63e807cb5320bf69c

    C:\Users\user\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\BJZFPPWAPT.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7694778140608225
    Encrypted:false
    SSDEEP:48:+rf/wfVP+ypmP4mZY7n+1OKLly69caoG5cGQzgRN9VWyvZpGcY:+biAwmGS1HlyQnjQzg1VbhpdY
    MD5:CA547D956370272C01A324D8B288D16C
    SHA1:D7CC0BB95CB02FF1F00CA77DDFB8F8E732BC184E
    SHA-256:5F080390D90D5FDF67CF62AECA5318B169C42877F38F25D077DFD33F584F0F85
    SHA-512:8C630BEBCF2AA368AE7D987EED651AEBD5663FC73013E4009FD73F48269E9FDE856C14E9059855630C53D535B6B8D843561D6C63BD55BB822814BBBE04DD3D8D
    Malicious:false
    Preview:.....5u..wV...l.^.....bh].T...Y..t6M...~5...~.v.>."....gN.l.G.....N~..4....b.._.Fb..So.G...[-..{...g...6y-....."L....y...\FX&..IHH..j..B.<..G..,.z...H_..=,...|.~T>J..!.:}g.EN...,x....e..\..fo...*Q..J.1C.>Y.l.........x L..Uo..$&fd..l)!K-.?D.)~..[A4I..p*.c..Z.+.........r...C..QT-(8.Dh.9._S.z.;.`W..RLt9.u..^....k...V..|..bN..R.,.nt....f+*p....1....j...w.p(..E...&.. ........*...s.......|eD...#`.p[B..p....p...\...'4.....E..<....L.@..)..7.......p...................-.....i-...]...mE ...j=.*.H..r..........q..o.Cq...A.ZA..9G.Wz..]l.|.E.vD..;.K....e.#.;ok...,.L....|D.q.Mp.\.N$.{c.o.W+j.w.:..fE.b`I...B..R.~..n...Tl.1.`2..0".F?......(.....&...vN.A9_..2......nS..I...],.....y"2....].D..1.x.@L.....F.X...:vz.<.*P.l.&....._.....k...S3.......;.FieeI.ba.....?..=.4Y.....5. .).+......|@%.......~$.h..D.".'Nc.......FI1.^.m.M#1...j+..h..Wu...z...4..........".I..M...=...@W..].m..7.D.D6..{@K)1...+.....k~6"..K.......:.eS~.E,t._......{.B.9\.6...d3..k$

    C:\Users\user\Desktop\BJZFPPWAPT.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7694778140608225
    Encrypted:false
    SSDEEP:48:+rf/wfVP+ypmP4mZY7n+1OKLly69caoG5cGQzgRN9VWyvZpGcY:+biAwmGS1HlyQnjQzg1VbhpdY
    MD5:CA547D956370272C01A324D8B288D16C
    SHA1:D7CC0BB95CB02FF1F00CA77DDFB8F8E732BC184E
    SHA-256:5F080390D90D5FDF67CF62AECA5318B169C42877F38F25D077DFD33F584F0F85
    SHA-512:8C630BEBCF2AA368AE7D987EED651AEBD5663FC73013E4009FD73F48269E9FDE856C14E9059855630C53D535B6B8D843561D6C63BD55BB822814BBBE04DD3D8D
    Malicious:false
    Preview:.....5u..wV...l.^.....bh].T...Y..t6M...~5...~.v.>."....gN.l.G.....N~..4....b.._.Fb..So.G...[-..{...g...6y-....."L....y...\FX&..IHH..j..B.<..G..,.z...H_..=,...|.~T>J..!.:}g.EN...,x....e..\..fo...*Q..J.1C.>Y.l.........x L..Uo..$&fd..l)!K-.?D.)~..[A4I..p*.c..Z.+.........r...C..QT-(8.Dh.9._S.z.;.`W..RLt9.u..^....k...V..|..bN..R.,.nt....f+*p....1....j...w.p(..E...&.. ........*...s.......|eD...#`.p[B..p....p...\...'4.....E..<....L.@..)..7.......p...................-.....i-...]...mE ...j=.*.H..r..........q..o.Cq...A.ZA..9G.Wz..]l.|.E.vD..;.K....e.#.;ok...,.L....|D.q.Mp.\.N$.{c.o.W+j.w.:..fE.b`I...B..R.~..n...Tl.1.`2..0".F?......(.....&...vN.A9_..2......nS..I...],.....y"2....].D..1.x.@L.....F.X...:vz.<.*P.l.&....._.....k...S3.......;.FieeI.ba.....?..=.4Y.....5. .).+......|@%.......~$.h..D.".'Nc.......FI1.^.m.M#1...j+..h..Wu...z...4..........".I..M...=...@W..].m..7.D.D6..{@K)1...+.....k~6"..K.......:.eS~.E,t._......{.B.9\.6...d3..k$

    C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2077
    Entropy (8bit):6.770169289747063
    Encrypted:false
    SSDEEP:48:zR2zgodeRbpHN6U74g01G7hhBtrxhk0VZIeS1n:gteLNf8g01G7hHtrxhk0bhSJ
    MD5:F56BA2190DFE6C3F49EF7B0EBE80F0B0
    SHA1:D1A539125E2D0613E9120DC4998F3623BE695940
    SHA-256:7AA59FB697F55C6C9F863C9CEA63C0A50E8177B2BC0107158EB9E36D516E472B
    SHA-512:A13851FFAF66B7CB792906C8325D66072D9805A56B0CFC2A20991D2B528105D5EDD798158281990F02E8AB5ADC166BEFC39C546BB8360CC49950B654936F248E
    Malicious:false
    Preview:.gF`[.C...*8);n2...N.Y.C..7?..o...:..n..f....X|........:./qA..3)....ZzKM4~.*..P..H....Z:6..#>.....Yw....-..I.`$FL..jX....mJ...[.:.{.......>...JH^.........C#.t.qX.:.[.......>....i1w../D.<.....0.~..7.w.lW...z\...x..Y..a#j..=c\....k...?......EF.)/T1x......{\..Fj....G.8.....a.e..]Z.A!ox....E.B.5.eA...b...}.q...W].....I.:*}.;..i..C..aA....M.*...a.....F5.....%..(.0...g.........T.h..:.5..AG...W..S............+..j....r..&w.M.WM.YVU..KE.+E.(..>........-g....Fi..{.4(?...[e.".......#:u.}...v.I96F......j....pV.r.4.,........p.Q..=..6.t.j.pP..0.6^.;-lBT.{....E..x.w.kX"..[.[....P.%_E.....X.[sX...3....e...ir..r....}.@.....i..K.x..vg......6. .~..DZ...s.&....`.dd...x9T..n...z.Wcq.{...:...]g...7.Vz?...6.P<e.:.B...]...N.._.zc.r.....DUN...I......y....QV.X.@..!.%......NT@E.+#.xm,....._b.u._..4.mU......aa...&.VH...<.......j"5V.T...a.N.MEG.G...=7W..Q0."....x;i.;.<...0........d.....(h.".'hz.EP...4.....O.".{.$f.Ge..3..S...)..W..J8..w....B......}f.?H.h..7....

    C:\Users\user\Desktop\BJZFPPWAPT\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2077
    Entropy (8bit):6.743625142700293
    Encrypted:false
    SSDEEP:48:spyl3Nn+EJ3DuWOa+djI0lLRZG7hhBtrxhk0VZIeS1n:spyl3NhJTuWj+2GLHG7hHtrxhk0bhSJ
    MD5:7E647BB4C227F4DCCDEA5258C06CA594
    SHA1:4F57AA81BCA137EC089EF2FDBE345162AE9B95A3
    SHA-256:D4D4D9BE45584583EC4772665BA45F115178E96BFC20C9F02F145B4B2222DB83
    SHA-512:F3F7D974CF00B34369CFFA19B0FE36FE262AF1B2E725DF11C937C7B895C80EBA23D0B0E1274F881DB6600C1E6BDCBC9A8FCDD1F3DEFA552C3FB0158F96113E79
    Malicious:false
    Preview:.gF`[.C...*8);nZ.S^|..P`........D`s.=.^..v..Y.Z..,.e.......F.lNb0m.f..R\.+.....X.8.}....b.G.RtB[yW..-sA.E._9...{...H.I..}.:.....D.......r.....o....u....[.h.z.2...mK..$e.A>&...!s.^Dx-......,.u?N|.F./qhP.2.#...Y.....r3z.l..M..c...S...8#.....4..e`.T.)..$....""!.^.....C..,.E...9.%..W..N#DO=.T>..i'.\O..DokI.YH%..d$M...t...^.d!.Ur 1.Z.) {.........;..!N.?.,.B...3$;./...|.......{...M(...`....1..0.u.d.n5..g....8.,.F.{....[a.7..c...f .......B..A.....*..-16..i..Q..QP....|zx.,.)~.....MR/.4...9.e\.k....cT.b!\....m.+.O..9c.d.!K.Q..."..>]v..H.5..r.....'.....h...h.Xu.$9.^5..V.s.l.W..?...^.P..t...^../.....(n..U..U.....L.L!..wY[....qn....3.......Yae7.9.H....*'...xiC.~....t{w2.d.../]......p..L@...F......./.........|...84T.8..!G..Vb{B@:.....o.|..]H4Z.E..y.>..qIz.l.O.k.`...k.'.B..Yb..~.#.....I...d..n.pj.\.~..Zi.x&.NZ... p.xV)."s...RW..~...m.+.yy...T..}43.w..^..a-]..gVH;..@+,qi.E...-....:5...X6...*...r..D..E.....u...<..a+..hj.A!Yb.kE.lj...Z...8-].<..x..).VDX....>.g..~}.c.

    C:\Users\user\Desktop\BJZFPPWAPT\EWZCVGNOWT.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2077
    Entropy (8bit):6.757670791745738
    Encrypted:false
    SSDEEP:48:OtdQu1qSLvBQW5fHy44gdR/G7hhBtrxhk0VZIeS1n:42xU5QCVPG7hHtrxhk0bhSJ
    MD5:ADB733B0A911E2676BE32470ADC9E5A9
    SHA1:4507612D025A45C6123936BFD8E4A6E9BEFA3AB9
    SHA-256:6159810A59279392EF374DF13456B039CC1DDC18BE5C2371EC68871F32067FC1
    SHA-512:CD6A16A244BFB751B7CB346290222B991555549F40B3867ECAF4CA5A256BD5D53CCA7E30C79EC4D13A13A90D99E0C5902FA7ABFB325363F639345D77AE2D2FE6
    Malicious:false
    Preview:.gF`[.C...*8);nB'..:.*.......9...QYQ.o..G.....X_`V.Q.j.ZO3.Zt...e.J7a........#........Ah...g.q..]..0.E .<.pg..D*.....+..H1..D.......7]H.$.....N...a....+.r..$4...P.x.0..!.Hl..=..`...6.Vr...W8........X.>.;.GV...Y..@...CDi.o.HNl......D...q..T.C.;%s.<....-..Z(.e.,.....}..{],KK........c.....p:...B...Z...NE.q....?{..K.<.>.e....8.v.PI.t.H*U..^.].@.y.#.b.O. i....%.h.81..L...7....9.i....NK.8.a.mm....A...["+D..M".......E`.?.....W:y1R...../.g5D4'q.H....D.V....-.._./.,>..)...... .;P?.{W...5i.D"..\...3D.....[...F.je.).L.@.."...ce.\...KZ8j....<Cvh1Q...P......p.^...K^.......ig..%.......8..P].B.On.X....97.cYWq.p..F.{..pa..t.j.....=.@......p!J~x.[.1..D..SZ.@./w.....I.K8+... =@!./s..S....r. ..PgSwH;..D...;..[.A.U...;..Fiu.ib..`...1x.d.%....}.........N......Y.^NX........&.....[..+3l..7U...}^Q.0.-.R...X.pw.D./..9....d.+...!.r.V.6.D....B.....9#&Tw.....;..B ./.a.....'.;.g_ .+.A...3.sK..R.!3B....Ip.0.L..U>.l....I.$.2&).k.4..w.X!......jO.|hr..&.`

    C:\Users\user\Desktop\BJZFPPWAPT\JDDHMPCDUJ.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.766696727591425
    Encrypted:false
    SSDEEP:48:pq8ugybcCJGx1NMELKLly69caoG5cGQzgRN9VWyvZpGcY:pq8unkxzrolyQnjQzg1VbhpdY
    MD5:C577601AF5E255CE46F7F132A6D33271
    SHA1:F69D4958889D0C65D1E3050B723AC0F26D93AB2D
    SHA-256:BC544852900D2C8799A533732B2330E4AE8F42BD9A3294626A9B58132C6DE8A4
    SHA-512:9969E9EE5A3C66F7BE702259C04B24FE1A554649319573148376824A622A33320DC3C08649861CCF41072D3573E6FF3C99ACC117E70FAAA6D29AF4DB71804204
    Malicious:false
    Preview:.....5u..wV...l....B&..o.\.5..o.#.J...R....\%-.0..LJ`f2~7 3>..Z.1.B.0..Jv....1......R.].\3%..=..3..#.;vQp..kM.T+.....kE.B#...4c.'W.%.g......)y.e...M...K.?J~.....p].,......ZK.A..@.[.qY..|WJ...!.i=....b.E..V>....[....JMW.e+..v..#!...;.Gt>d".....[.....+...2i.. .q.|.}...{.[>wDRi.C.vg.....q..}c.~%>.q.c..2...j@....~(..jH....E..xU.....lS..a{...Z,.........H.....y(Z1.......ZN.Y...d.+.{.......y1J.QP.?..S..k...qd-...!./d....{L..r._..][...../ ....GP.q......U.w..8.(.q....8]o.T..Iu...f..ctu[.H(G0L...........>...A.....)]-[.M.}#.3....[...OH.t,._.....Fr[K...Zz%8n.C.b....s...7....L"....(r+..'..Uv$gI......Z.U..:..G.R.q.)..u.._. {.zo..B:.\.)..C%.%...A.L5._..P.2,WiO...u...~r............#9>.....?5.LP8O..J._.......J.).....hE..hn!....1.Q}a.~ ./..)t....t..Rp.X&.=.D`.ND..$y$.sEs.,...&....+`...\.d.. .O.Fx..T .5v......0..{A..l5.]&..<<.&}.4...s?....tq...Y4..?X.b.ya. ........zqfq./j...I...m.@~y...V..........^Sv.G7....F.d\...f.I..y.k/..%M...d..];$...7.x.B..5j...$.T..0.q

    C:\Users\user\Desktop\BJZFPPWAPT\KLIZUSIQEN.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.783306694104898
    Encrypted:false
    SSDEEP:48:JzUjvTvq0VLLrjnWbyKk9BNKLly69caoG5cGQzgRN9VWyvZpGcY:BsvX/HW9k9BylyQnjQzg1VbhpdY
    MD5:AE99ADCB1E6E99FC1A46D478BA85AF91
    SHA1:7C0017ADF211BBD0932795709AA5E12326C6D195
    SHA-256:11E59F5B37BD21E523C79C851DB4B098EAD15C8E0DD771F3AC14AFDF45024F56
    SHA-512:D13F57F6D041F9D3A6C334D6F19311A40705559D3FAD5098FCB47DDA5046F76E14EFB18042577851CE0AD96FC49C72A09A3A9EDA25E64804ADCBF8E1752DF157
    Malicious:false
    Preview:.....5u..wV...l<..z".0.......,.......]^.F.O.Ok....8.s.I...";?..5c........0.>....7....nC..Mjx..@..4)..(.bICU";..|.O.8...O.O.'..5J"I..[^........D.W'.M#..`0+....L...2Q1........X.Y....y...+..Gr'.=..Si.X...y}.Z..V......K....|m.}...U.y..-...me..\....j...<...k..mUg..`.Z"^Y#..35.0Fp.j..&.CLKg.=..To.9]T[...^.....E.:1.s..A.2.3...].n........W.....o.cj...q1..y...p/.$...!.L....... ...K/....p......G..|......RC...>.n3....<\.F...Jh.<..D.~l:.q....PiY.-..TqS....+...S..p.|.f.......?@o.ja"[.k.T...y.L.;...q...N.Q..:.-......W+H.;...#f)m.f.....-#L.r..S.@.q..W...@..."...Hp...>..^:....<.*G...0...|....A..J...uJ.`..=.2.0...:@..!2...h..N`.g.B]...hNeV./.fZ..R...F....*D...../.O.....*........3G...)....]..&...7P...R..!.K.M9-*....S.sx...."}."...,.aoxq&[x=....`@yM..9....}].4-.d..&G.j...#..W..B...h6..zoG....G...D..h];..V.N.t...$h......}..v.j.e6.E8hI&.^.Z7..0.......^.B}...V......X.......;b.c.o= ......*u].......x...z...?w}......m.JWWt..n~......K....$e....^...Q...Q^.F

    C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7742292436571505
    Encrypted:false
    SSDEEP:48:e+hiekQ08/HZujXQ6d2KLly69caoG5cGQzgRN9VWyvZpGcY:RhiekQTPCQ6plyQnjQzg1VbhpdY
    MD5:6BF921A83DB4E0891596DDBF4A8410A0
    SHA1:3FAB39270DC548623400ADAF6DF15C6F64F498F9
    SHA-256:47F27FFEE11F99B80F1172B36FE967EFBA4268A8D64D28D725494B888D7B141A
    SHA-512:048A26F0D3D4CE1E904EE737336835334B3F29F4706C505F61BE75F75B3D5F06848CFC40FAC93BE0262642D8DAF78E76D9F3CC833A87849ED8471B0BCF90119E
    Malicious:false
    Preview:.....5u..wV...l.9....0....r..2.Pi$GQ8..Kc+.n..g[.\.0!Cgk.c......9Q..BBM...3.........cZ...6.P....Z..i.k....Y.d..@.X.dF1..v../!..U....M."fu..p(.bq....4........j..zp5.k..{.Q.....(.w.4..D.......K..I......o......6&_...CK'p..h..`.@#..!..W.m.q..m..hl.Cl@.i...,.......G...OIo...@..:....4E..#.....).,r`...<WDk^!.c#.......h......5.........1^...4!.\.0..@.....i<.D...zq2.v...Q`.......%.!.E.3.....G!DG.+.m.BB.%..C..U..l.F.0.#7....1.@..l.-t..E....x...t@.H.e.........x...R.`.......;.6..u.\s.^.&....M5.$VF....~<.q..(..@.B..A.).cm..J.......B. 9...............YLao..b...Y?..X<8.uV..I..}@n..>j....T.]....-........F..2M.b...F.....L.:...........Td....5{.....?F.x..mC.+.w...P..E.uGl.[l..........s.1.. ce...S..U...(qkYe...Md.N...s.2t%......~4.I...p.....q....OY.y!v..oP.Ug.."fh..5..s....IOu..v..<g.+....c...e..v.W.........Sq. 5."...6...|.M...+...^...:x%F.s........L...n....<)..FY...y.n..w...|...Q.....#%.......L._6...T..h.y.....X4i.....o.$i:..g-......ND.'.z\\...Fu7..>..

    C:\Users\user\Desktop\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\DUUDTUBZFW.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.752597040718796
    Encrypted:false
    SSDEEP:48:vRA5yJSLNQmIHHMjWp2DJvKLly69caoG5cGQzgRN9VWyvZpGcY:y5yJ4ypoJMlyQnjQzg1VbhpdY
    MD5:7AE7A5965846253E67A23F15B2D21E5C
    SHA1:6D7EBD6F5A64BF058DF01B7F453D81F253A2BDDE
    SHA-256:2CEC2D1A2B48C6EC9EBE6E4F63F44D776B9B7EC826395E78E188FE5B38DA40E8
    SHA-512:3693449E617DC53057E73C6293E5DA9F15E442B644CCB80B7949B78BAD0E1C6F6142E76256D2F469C13E84B37229C04A2916281F968786ACB06B63D6FAD9C178
    Malicious:false
    Preview:.....5u..wV...l...5......(..@d.Ma...F.t.%..4I&u..N.&.z....[)An.^\.n.05...LyL.T.y..h...K...1.=.v..v.B..0.%..D.P8.N.&..o...~s.A....~x.+X...DE.O.`..&c..-.....$M.O..../.a....v"...q....@. I...6rU.`.%....N.+.UM.Q.....uI.CeF.._pE....*.*..73..:.6....Q:...S.q.?..&'.....>S...k"...afR......Gz3...${......i.~~N..=m+..G..@rj"..%..I.......J..\L.....(.S..Q..O.xn...Ac..f`..Z.....+q.n...0..4.....wcZV#4.V....z:.l..9."2.....=.5...+.).A..A\>,3...ZB>D$*).w.A..E[b.'.....E.f..k9.4.c..w.....X.....0..Y....B,E...Y.t.O......C...C..$.c..G........q....Q9ga\j,...-.<.........u...5O;<....... aw.....z....)..**j<.....{....8. .........m........]....yi.T...#. \...[...I:.n...U..R..._n........W..g.(./e.N^.uFR.p.(7..&....z.5.P......r...f^.........^...Z.....C[..~v2.K.1...G...<...g..L..;.`..%5-..4Iu.+Z.5.j.........}....i.4.Z....ip...P.]Z...dMu2..dT..R....A..Q.i..&....>.;U]F.z...[......_.._.9b....z...=..i...........RK.y..i<.5R{.....s.........R.o.G<...%8c.j.e..j..A4-.h.Hi.5...3

    C:\Users\user\Desktop\DUUDTUBZFW.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.752597040718796
    Encrypted:false
    SSDEEP:48:vRA5yJSLNQmIHHMjWp2DJvKLly69caoG5cGQzgRN9VWyvZpGcY:y5yJ4ypoJMlyQnjQzg1VbhpdY
    MD5:7AE7A5965846253E67A23F15B2D21E5C
    SHA1:6D7EBD6F5A64BF058DF01B7F453D81F253A2BDDE
    SHA-256:2CEC2D1A2B48C6EC9EBE6E4F63F44D776B9B7EC826395E78E188FE5B38DA40E8
    SHA-512:3693449E617DC53057E73C6293E5DA9F15E442B644CCB80B7949B78BAD0E1C6F6142E76256D2F469C13E84B37229C04A2916281F968786ACB06B63D6FAD9C178
    Malicious:false
    Preview:.....5u..wV...l...5......(..@d.Ma...F.t.%..4I&u..N.&.z....[)An.^\.n.05...LyL.T.y..h...K...1.=.v..v.B..0.%..D.P8.N.&..o...~s.A....~x.+X...DE.O.`..&c..-.....$M.O..../.a....v"...q....@. I...6rU.`.%....N.+.UM.Q.....uI.CeF.._pE....*.*..73..:.6....Q:...S.q.?..&'.....>S...k"...afR......Gz3...${......i.~~N..=m+..G..@rj"..%..I.......J..\L.....(.S..Q..O.xn...Ac..f`..Z.....+q.n...0..4.....wcZV#4.V....z:.l..9."2.....=.5...+.).A..A\>,3...ZB>D$*).w.A..E[b.'.....E.f..k9.4.c..w.....X.....0..Y....B,E...Y.t.O......C...C..$.c..G........q....Q9ga\j,...-.<.........u...5O;<....... aw.....z....)..**j<.....{....8. .........m........]....yi.T...#. \...[...I:.n...U..R..._n........W..g.(./e.N^.uFR.p.(7..&....z.5.P......r...f^.........^...Z.....C[..~v2.K.1...G...<...g..L..;.`..%5-..4Iu.+Z.5.j.........}....i.4.Z....ip...P.]Z...dMu2..dT..R....A..Q.i..&....>.;U]F.z...[......_.._.9b....z...=..i...........RK.y..i<.5R{.....s.........R.o.G<...%8c.j.e..j..A4-.h.Hi.5...3

    C:\Users\user\Desktop\EIVQSAOTAQ\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\EOWRVPQCCS.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.777449403980338
    Encrypted:false
    SSDEEP:48:BhT3wrHpzjTZCOFBWo5zQKLly69caoG5cGQzgRN9VWyvZpGcY:Bh+xXZCOFBnlyQnjQzg1VbhpdY
    MD5:ED900032EDBB4288D4E0902303AC5F5A
    SHA1:FB99D13F9A7FD097BD295B36E47E748162596E7D
    SHA-256:CC922E1793FC81209A97757816D4C10F6B5FFEC2B9EEA98615C28D1C138F57F0
    SHA-512:81E262A09210F661C1BD2A68E042DA02FA4E711630218E5CFF96B457FC185B635820A986A0B60810B7810E4EA322CDD9C1A6C998A0FC93DEEBA29F5835712932
    Malicious:false
    Preview:.....5u..wV...l.....M..#p...XP.q.}...R.<..=.I.a0'..|..`5.F..QK.Z.nwT2.a.m..Dv.......pA._"..C..m.....u...*"0.._..9.DKm....6p.)..J.J..U.`...b4~.....0f.B.-....v.;.}.......0....@=<C*rW..N.o1.' ...).....$.c.G6..3.......|l=..7..)..._.saa..6...' .1`B.@....>.BY).-....Yxj..........@..ml.>];....%h.....W....[...Nx..e..S.]t..g}}1U.h]_^y....?..=....[..NS.........v-....M.t.'8..3!.P<....$.m<.H.g6...m.RYZ....._^...*&w..s..&4......R...F..CU.r#'.1.m..F...n...Z.V.S<.kc!g...+Q....(.c..{......Eo.mJ$.Z...9+..%...G..V..Rg.....AM..]2.4...kzhk..T..T......c.....ZE......:...rm.....6.<.By.=.JPq..a...m.....d..l...L.....L.n+......f.".I.z.5.a..N...X....H..o.D...d.....Or..!r.'..`..J..8U=aC..k...&...yV.....'..N8......)..q......G..$-.......b..a.II..Zx.8.9p.q.....uk..>..........*,E...,TH.|..B..N..Pc$..]..p..`.y..>q.L...F...!v!.-..+..~.).51)>PD.Q$.....M|.ut.1F.....r\........'....~!..1.*...v..4. .J.....N.s...}..gy.2G.....R,.z.t.S....W.....+I_Vr.i......oD)i.....

    C:\Users\user\Desktop\EWZCVGNOWT.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.762087339755774
    Encrypted:false
    SSDEEP:48:yC7wtfDnJgwASjDmHFdFXaPb1BKLly69caoG5cGQzgRN9VWyvZpGcY:bCD/CapGlyQnjQzg1VbhpdY
    MD5:97F546073A1BA06AAE93D3CF8F356E76
    SHA1:73C970760522B287C7309040EE7960B22497E193
    SHA-256:D41994CE8C07F2AD3AF20D12031074CD70EF40F1F17F96184DB31185EAE56729
    SHA-512:AF568DBD6ED9D46FBB04AB82E283DEB2F1B47D9A7B3FA37D1D2C6723116CC478089F57ABB7DB566AB409800A6556C2184828E350AF22F9DD8E66F36C3260671E
    Malicious:false
    Preview:.....5u..wV...l.....KE..-|)GP8qic..d...|.AR.cp.....8.w.......-...9P9.n..b... r.p. ^e.,..,\%.......e.......K.lt.B.<.)*\5.WRdB#..76.p(.2h.1..Ov6<oeV............d.?..... .....k....?..j...=...0.N.@H..Bg....p.W.ei...GF..<.U.....3....(.z.T./..^..+.....~._..R....].....xtu..c..[.........}\p.*.Pra......{....KW.....9..7.[g+6..5.(0...Gw.5...%.;._p.^....wR+...i..}^..k..j@..V./..p.. q7=k.Y1~< z;.._....Y.Ao/....,..Y.....=..1p........xw..Ot|.........pz.......U.{.@..{..w..o..s&i..z.s..4...~.H.g....Ir.....P..F.B.Fe.VV..}...q%}.<.%.2...!....!!.H.ME.E.7Z...P1I...2.n#.!..^..3....N..S>w..TE..`..,(..u"U......3..voQoc.".]C......5.......pnc.HY!H...<..a.-...W./n(......O..../#........J(....1..F-.0$....... 2....c.5.....3-.]...|.o..V*Tqq..L.....K ..EQS$...*..#)b.......;B.5.-...Cy..H..q.~...\p...+b S.Z.D...};#`.~.{........q.k..F@G:.i..A..$F......bf.....z..|....*+._...];DKQQ....'...`...I.......7....B....T...bV.]..k.9.l:..'h..*o"..+.9..7IT..m....U.ID.'..4.%a..........

    C:\Users\user\Desktop\EWZCVGNOWT\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\Excel.lnk.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):3507
    Entropy (8bit):6.009527780897806
    Encrypted:false
    SSDEEP:96:QLroevu8uoO4uPh56XlyQnjQzg1VbhpdY:yroef9W6Xl7jXTbvdY
    MD5:31E681112A5D0BCE569C4A6771F1E98E
    SHA1:ED9C6124104D789A68DC4C53F70A2C07326A9CC7
    SHA-256:E3B93ADD483E6BC6A42CC576523E546C8B40064765852C3D9BE41EC6938A57DA
    SHA-512:714CD4057249B34054C76DA7740AF56BEADECFB41ADC2EBD740C746080C304BCD92E58D6A5FF007FC89B816E27451F46F163464AD1B1A00712F321D86B6E60BB
    Malicious:false
    Preview:.....5u..wV...ly..........A..?.H..:L.N..3..%.k....[....m....{...7.:..B.2t....$.....(..`......8.:ta.]#...4......w.....u.1..vne..a.0..R......+.....t..(.c.x1.>...K-.Aii...).ZV.C.P./..q2$.X.zS.?6?N.......CC&f-.v9......t.N%..P.)_P...d.@/...-.............r....%l.....G... ;MbU"..r.C..`..7SR....|.-Uu.Y8.&..(I. j......lx.....X..0...m/.^."...R6<.lWN.p@.HW.z/....,.@..W..........U.+.9Q.q..E.Q..)VZ9..i...4.f#4.:|...Y..-<6N.8ql...1.S..*....{...WF....D......5....qmM[.B8...eh.........F......)R..9..6...d....m.........r....~k..8.2BT.x.u..3`...g.6..P....._..^...'.8i.....u.*....77Hu....+k..2Z.S.#.....Q.wP.XK..[.L...a.W.,...HI.S.^...3...k..2l.wUd..O.:...........r.n.X...s....KV'&R...q.e-...T/ ..7.....c..r;...h....6.R...7*a....~m.a.6]...ukV5~UAIM.#M...`v.D?.l.ly...q....*.k..B..@y.E...am...^..F.&..#lOs.[[1.v<x........>.3.w..=.L...$W-.........Oeifjm.3.n).\.4I.W....ARyz.d..an...n..g.....ei;[N.r.JO .."..._....3.a....N#...mdt.2C....OoHv.t..8..S...9"..o=.|...."..g..o.M..a

    C:\Users\user\Desktop\GIGIYTFFYT.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.757633368080147
    Encrypted:false
    SSDEEP:48:6u5jE4qgtQevmyAj3jqL7hKLly69caoG5cGQzgRN9VWyvZpGcY:6QVqEVvC+ilyQnjQzg1VbhpdY
    MD5:164157E92A91FF8496DE94D1A55588E6
    SHA1:CF860548B7D19A8731E33223B0524F8482A77671
    SHA-256:2D1148449AFE5952DC11CB035098892055094EC731726CE2EB33D75FDDD4D1EA
    SHA-512:BFD95E4F4B4422BB9E949ABA6DE69ECD6526B046A50BADE9E8F0E0C426D300F7C63E28AA07FDCEF9BE9CA6C15536408A773182A603DBD9E89EEF6E297E9CC576
    Malicious:false
    Preview:.....5u..wV...lH..U..)\..'q..>.A...##eH.......7.-...^C.......)c....-]^?2..._.@1d....a*......c...X.&<.#.....+..~....B/2..k=.Y..8..z..|y.gZ..)..}4&Jw..+..bc3..(1ht\..._:...Vk...N....Oj .......+.b......s.m.P.Mg...6q.5..P...3..b$... ..t.....Wf5..]...w.....S.J4.y.........._.......g..0}.w5.].J.psX3$:R_.>.L}...>.j.*.`..;..C.m.......b....7...o.B...........wC5.h.......o~.h.6|....79...d_...b%.......v.}.)n.q+Y...E'.................|.B...K.;j.....v........~ :.vDG+..DC..D.V..JQ6....X..4....g...4..$...F..`...*...oI.G..}...]E`..7..y$.........._....N..H.U...1..n..\.0e.9.'4...5kXO...L7..;....?...0.8....T+......V;?.=.=.'..*..L.@.c.....c.".%26PQ.z..e....Wf..R3............<.{..\..'l..+.4.b.Cy..w.X.}...._?........5..x..^.zh...@..D.E|....H.P,.w..>$.. ..n...Kk..%@.....@x7..bE.^5..w ...\U.o.M......u.w.]B?.W..\].N..\..h.L.{.K...".<....9A..o....#.%...~Q.D.=e6..<.>..(6.pE.3........][t\...qH9....sy..\.v.$..OA......g.....m^.(.l.....V...F.\.......xi.<.^...0...,;J

    C:\Users\user\Desktop\GLTYDMDUST.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.753684894696676
    Encrypted:false
    SSDEEP:48:M2Ym1xAklXUO8/STDEBev1raTKLly69caoG5cGQzgRN9VWyvZpGcY:M2DdmIEdwlyQnjQzg1VbhpdY
    MD5:BED5204BCA40FBC20592A35AA1B1DE41
    SHA1:D7E3C77A80A039DE45DD0B23F12A32E8C169B10C
    SHA-256:85F1F5F5FA92A8F91E8116AD3E87F52B0E8603FBE5DD93AF9DBBDEC73666E193
    SHA-512:6A9A67A4785A10FB53C4CC1CEB949F55CCC81B742026E55002FDE57E8F6A557AE754FABD87C7B66FC3F75AD98D82B12F9B0F9F6DE470FC48E7D1C3AC2479F881
    Malicious:false
    Preview:.....5u..wV...l.,..!..$v.;}k=U+`....H.^....M..n.....e...?./G..fGU.;....^\....e.+GU..:c...PZ.=.......h....y..J.3..V........,..8a..<.,iQ..j...uY..E.|D.&....p.7...X(..d....i.....^.8Q......'..s..xQJ.i.g..~d"?......_.!AW.s...u.'],..e......x.L....+.;.d.*l.....8O.....zK....@.&D........@/.%.._..2N...k.K..hd..h%._.<l...-..X$..bt......4..+,.M../.-.S...x....d.MKp.)-.....r....*.7..X..H.s...Z.. v.k..a.z.pm.T..... 7g.n*..u>.y1..u.Fr. .BJ.'?,.....^..cq.......es.s<x.O...9.....=n.ZW......=Q.Mn5e~....e.W...n7T.n.....:<....v...([[s..m.lUy-..F<.lCx.$....B"3$\\..&.4...h.....y(t[..,...!.qk..|.p...3@D.. .H.d.L..C'............,.1#....`.6.n....I.*m.v,..G.....DB2W..A..../z.`~....U.!..x.B....x..P.......EwPa...UU.b*..L'.iG.A.......=.3.........\c-.8......4..<?}..c..U..P.*...8.....l...2|.~..g.>.!.N./.52..Q......<my......0dP....yy....L../R..<.....x+u.P.....k1.Ba..".f.h.....t.E...eT.I...Nc8h1F..-.(.\.w3...5..H..cr..%..Y..l..kF28..J...$.MMh!..d...'vr...%.rj..)3d...

    C:\Users\user\Desktop\GRXZDKKVDB.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.761964644652942
    Encrypted:false
    SSDEEP:48:9C4JYRWHKPAIGU5kcKZ9gc5POsCGz8vgqhKkYpo:9C4JDw79KHgc5POsCGQIqr
    MD5:8088207648B2053FEAE3832C55DEF893
    SHA1:67952E26F3879982D003ABB5D54DB73C7A1C2D54
    SHA-256:88F346C162624E7EFDF083C412BA7736E864897FA5D11203090C288927F3743B
    SHA-512:8B4FE101C57D8E68C99AA1EC9E990943A876B5408ECACD2E1BD9F9EC03AB62F8E20AB90E8F64F7ADC1F81E47CBBC16E76649F9BBDE669545885502B7818AD13B
    Malicious:false
    Preview:.4.ASi....oI.!......f.:uVb.M.....e....C`H.Np..2N ...4E#.=....[d0+V.dYrcj.'.....{p......@..Q..3Kk.v.+x.(Xp.G%..F8......(.p..6..[.XJ.W..Q.R&......Q..y.......H.....s.h.5....6..,........3E`..GC.L..F~9.R.^.Az. .S.....(?/.i~K.d.....,.~.lx.@$..v.<m..@8@.0..r.....;....O..AS.TQ...n..CWZ..B)........~T....'(.....S.-."...Z"yx..a.F.A.iJ.CE.<FJ...qY....#.....et.......>.f.._....... ...1....@:sR.6...gxN...DzA..+....WB.7.W..../\b@9.A.p.?....../...^.o...d.Y.0>.\.*!=.K.|.J..&.......w,..Ay+.@.~........"....n.=...G..Z.....]..\..K..i......d..8?.r..oZdZ.e.*..jM...q=7...g...A]es.^.t...E\q.R..M2|s..(..hJ./G........0e.....-....oT..#.....).3..X...6.k.w.........=.s......w.Fs..!..f/.+|tMB.,..X..01..........Mog.T..@...U...._...t.(.E.r...>...}.#.0....'g.s...bi..(-X....Q.1.:...DB........G5".~..zw~.....i..5.r:...Z.R.s.......ZH...BV.9.....%!BX.........Re.Y....(`(rL8...:.(kvuJ.%.;..K7..T;a..>u.zA K.....&e0Q8..|.'.rN....9.s....eB.{F:.'S.Bb...{k..0....5..D.o...M1*V....

    C:\Users\user\Desktop\GRXZDKKVDB\BJZFPPWAPT.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7694778140608225
    Encrypted:false
    SSDEEP:48:+rf/wfVP+ypmP4mZY7n+1OKLly69caoG5cGQzgRN9VWyvZpGcY:+biAwmGS1HlyQnjQzg1VbhpdY
    MD5:CA547D956370272C01A324D8B288D16C
    SHA1:D7CC0BB95CB02FF1F00CA77DDFB8F8E732BC184E
    SHA-256:5F080390D90D5FDF67CF62AECA5318B169C42877F38F25D077DFD33F584F0F85
    SHA-512:8C630BEBCF2AA368AE7D987EED651AEBD5663FC73013E4009FD73F48269E9FDE856C14E9059855630C53D535B6B8D843561D6C63BD55BB822814BBBE04DD3D8D
    Malicious:false
    Preview:.....5u..wV...l.^.....bh].T...Y..t6M...~5...~.v.>."....gN.l.G.....N~..4....b.._.Fb..So.G...[-..{...g...6y-....."L....y...\FX&..IHH..j..B.<..G..,.z...H_..=,...|.~T>J..!.:}g.EN...,x....e..\..fo...*Q..J.1C.>Y.l.........x L..Uo..$&fd..l)!K-.?D.)~..[A4I..p*.c..Z.+.........r...C..QT-(8.Dh.9._S.z.;.`W..RLt9.u..^....k...V..|..bN..R.,.nt....f+*p....1....j...w.p(..E...&.. ........*...s.......|eD...#`.p[B..p....p...\...'4.....E..<....L.@..)..7.......p...................-.....i-...]...mE ...j=.*.H..r..........q..o.Cq...A.ZA..9G.Wz..]l.|.E.vD..;.K....e.#.;ok...,.L....|D.q.Mp.\.N$.{c.o.W+j.w.:..fE.b`I...B..R.~..n...Tl.1.`2..0".F?......(.....&...vN.A9_..2......nS..I...],.....y"2....].D..1.x.@L.....F.X...:vz.<.*P.l.&....._.....k...S3.......;.FieeI.ba.....?..=.4Y.....5. .).+......|@%.......~$.h..D.".'Nc.......FI1.^.m.M#1...j+..h..Wu...z...4..........".I..M...=...@W..].m..7.D.D6..{@K)1...+.....k~6"..K.......:.eS~.E,t._......{.B.9\.6...d3..k$

    C:\Users\user\Desktop\GRXZDKKVDB\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\GRXZDKKVDB\DUUDTUBZFW.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.752597040718796
    Encrypted:false
    SSDEEP:48:vRA5yJSLNQmIHHMjWp2DJvKLly69caoG5cGQzgRN9VWyvZpGcY:y5yJ4ypoJMlyQnjQzg1VbhpdY
    MD5:7AE7A5965846253E67A23F15B2D21E5C
    SHA1:6D7EBD6F5A64BF058DF01B7F453D81F253A2BDDE
    SHA-256:2CEC2D1A2B48C6EC9EBE6E4F63F44D776B9B7EC826395E78E188FE5B38DA40E8
    SHA-512:3693449E617DC53057E73C6293E5DA9F15E442B644CCB80B7949B78BAD0E1C6F6142E76256D2F469C13E84B37229C04A2916281F968786ACB06B63D6FAD9C178
    Malicious:false
    Preview:.....5u..wV...l...5......(..@d.Ma...F.t.%..4I&u..N.&.z....[)An.^\.n.05...LyL.T.y..h...K...1.=.v..v.B..0.%..D.P8.N.&..o...~s.A....~x.+X...DE.O.`..&c..-.....$M.O..../.a....v"...q....@. I...6rU.`.%....N.+.UM.Q.....uI.CeF.._pE....*.*..73..:.6....Q:...S.q.?..&'.....>S...k"...afR......Gz3...${......i.~~N..=m+..G..@rj"..%..I.......J..\L.....(.S..Q..O.xn...Ac..f`..Z.....+q.n...0..4.....wcZV#4.V....z:.l..9."2.....=.5...+.).A..A\>,3...ZB>D$*).w.A..E[b.'.....E.f..k9.4.c..w.....X.....0..Y....B,E...Y.t.O......C...C..$.c..G........q....Q9ga\j,...-.<.........u...5O;<....... aw.....z....)..**j<.....{....8. .........m........]....yi.T...#. \...[...I:.n...U..R..._n........W..g.(./e.N^.uFR.p.(7..&....z.5.P......r...f^.........^...Z.....C[..~v2.K.1...G...<...g..L..;.`..%5-..4Iu.+Z.5.j.........}....i.4.Z....ip...P.]Z...dMu2..dT..R....A..Q.i..&....>.;U]F.z...[......_.._.9b....z...=..i...........RK.y..i<.5R{.....s.........R.o.G<...%8c.j.e..j..A4-.h.Hi.5...3

    C:\Users\user\Desktop\GRXZDKKVDB\EOWRVPQCCS.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.777449403980338
    Encrypted:false
    SSDEEP:48:BhT3wrHpzjTZCOFBWo5zQKLly69caoG5cGQzgRN9VWyvZpGcY:Bh+xXZCOFBnlyQnjQzg1VbhpdY
    MD5:ED900032EDBB4288D4E0902303AC5F5A
    SHA1:FB99D13F9A7FD097BD295B36E47E748162596E7D
    SHA-256:CC922E1793FC81209A97757816D4C10F6B5FFEC2B9EEA98615C28D1C138F57F0
    SHA-512:81E262A09210F661C1BD2A68E042DA02FA4E711630218E5CFF96B457FC185B635820A986A0B60810B7810E4EA322CDD9C1A6C998A0FC93DEEBA29F5835712932
    Malicious:false
    Preview:.....5u..wV...l.....M..#p...XP.q.}...R.<..=.I.a0'..|..`5.F..QK.Z.nwT2.a.m..Dv.......pA._"..C..m.....u...*"0.._..9.DKm....6p.)..J.J..U.`...b4~.....0f.B.-....v.;.}.......0....@=<C*rW..N.o1.' ...).....$.c.G6..3.......|l=..7..)..._.saa..6...' .1`B.@....>.BY).-....Yxj..........@..ml.>];....%h.....W....[...Nx..e..S.]t..g}}1U.h]_^y....?..=....[..NS.........v-....M.t.'8..3!.P<....$.m<.H.g6...m.RYZ....._^...*&w..s..&4......R...F..CU.r#'.1.m..F...n...Z.V.S<.kc!g...+Q....(.c..{......Eo.mJ$.Z...9+..%...G..V..Rg.....AM..]2.4...kzhk..T..T......c.....ZE......:...rm.....6.<.By.=.JPq..a...m.....d..l...L.....L.n+......f.".I.z.5.a..N...X....H..o.D...d.....Or..!r.'..`..J..8U=aC..k...&...yV.....'..N8......)..q......G..$-.......b..a.II..Zx.8.9p.q.....uk..>..........*,E...,TH.|..B..N..Pc$..]..p..`.y..>q.L...F...!v!.-..+..~.).51)>PD.Q$.....M|.ut.1F.....r\........'....~!..1.*...v..4. .J.....N.s...}..gy.2G.....R,.z.t.S....W.....+I_Vr.i......oD)i.....

    C:\Users\user\Desktop\GRXZDKKVDB\GRXZDKKVDB.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.765756733821089
    Encrypted:false
    SSDEEP:48:YTL15+ZQ3WV2L1NTrI0fbvcYhIdKLly69caoG5cGQzgRN9VWyvZpGcY:Ynj+WGVMnA0frVIClyQnjQzg1VbhpdY
    MD5:9FCBBA2749452F3F5C9FF75B6D434BCC
    SHA1:C5B694CD30AAE04D132019593C7C544962BF334F
    SHA-256:9DCD4AE6C94DE7F89308C19425F8D79F8B28987CB79AB01C1600FE4A223C9DE3
    SHA-512:11407CAA5D3EA1952B50AFF059B435E1A7064CCB0C9746606DE21C11DCFE5674D699EED58B57871F1659003FCA114F8925FB7A1A6B9B1A7CCD909DB7D11EDF94
    Malicious:false
    Preview:.....5u..wV...l...}.MnN-p?:....w?...TY.?.....l.(.k.3.\.i./.Z._Z...<M.....E.po=/.Ek2...<o..N........<.rf;.e...y..p..d...61...{#..L....#..2&(..w.#.L.c.!.YO6...1@8..0G....$.+...a..q.F.......D..F....o....@.`.....'R.M.....r.R."8R.._vMf....E..JJI.-.xw#.k....~..V.w...|2.}6..s.H.W.bXm...Q&..`...."..=4}....o...ul.L9...I.-).?....m.........-.R...%.4.]0^+..+..{J...%.+...aYx....j.l.5..^c..:}.e.)...... ..aH....Q......x..f...h.l.Zw...>.m...Ac...6.|.s.C.u..Y...]3.....M..Y;>.e.........f.{B.S...c.NE.K....`T..\{v.!Cz..dD.....$...F...W$.......z3......y.ZvhpN.a)~.p4.........Y.^vH3..P.3q./,]......@>......0?.<o}..*&)..T-.Q..D..}D.;:..[.....y.Y.A..T..S..D...-.).......0.=l....m....N%.k..("..........k.F.n..z....>.".v.f...HEe-..?.xt...*..;.._%K...X.i...y./.X..!i..(...W.......8.(.2RdX.8........x..........Qb.?k.4f.C...n.[}N..c*..'ls....z...0.F....".-..[.......=A|b&.c..a.P........M.......k...}..V......B.}....k.Ym._.....Ct_.5.t.....?no.a.@.G9.q....t#. w[....,......

    C:\Users\user\Desktop\GRXZDKKVDB\PALRGUCVEH.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.766402957522018
    Encrypted:false
    SSDEEP:48:BUUrrPmQ7TKpkDIMFZOWJcsCGz8vgqhKkYpo:BXvp7TiMpHOWJcsCGQIqr
    MD5:F557BCF5CF439987E6560EC7787079A6
    SHA1:866BC054D39FCD2190884E69F1E65CA281A952E6
    SHA-256:BF57F7902A700D1B87B4544D087C2598ED9B8C4CAFC97651165BE748CD032772
    SHA-512:0187DD52451F4D70B479042FA03BDB4D9DD4B72FF9D5D3D0A3CC48348CF1EA039E56F21FC523481EE2A8B33649330A6F9B753CCAC7274BDFE1ADA432CD527CF1
    Malicious:false
    Preview:.4.ASi....oI.8...`....b........X....].v}. .q...u...{......AJrre....4.%...O....I`.#......<.i..D..V.0.&K./.iI(.u:...?.U.1...)..g..qP..#s.D.l...,...lIl.Z.~...3..|.B...`.l... >u.\@.].....0......v.......,.O.`<b.>*.ws..x......(L.$....._..Gd.Yz.h.9....|"....rx.......e..h..u....3.S.....Gi...mc.iF1.........#.......6.m.(........&.@3...._..E:....B.N..ALU~W.ckPw..G....jh..;e]C.a.$....i.;.O....pP..G..N..P.)H...h<.PT.|;.....6sU.Nmp.U8(.l.. /.f..<......o".!..8.......#.s...2>e<kO....).2.D..7H......>.R.T...-....)B..}L...o.U3.....G.|}.....-b...Q.....As.oa.a.G.u^A....).....R...v8.......X..t.3".....KvHn..e..x..H.i..YK.........y.RJ.h9.2...g.....<O6.g....q|F.... ^.>....hKBP.|..y.....l....o..0...Wn.'%...kRo.....gN............B.....j..Q..r....V6...{-..QU.{C..b.ya#....y.. .....&-.......[.FF..\..U....pNe..d.....M...6..........6.2..G@..Q......x1q.._...w)....l...c..j.L.u.Q.9.1%.Nu...$...(.......V./.<..%...R.rKV$.N\...p._..g.......d.5.q../j..5.B<.

    C:\Users\user\Desktop\GRXZDKKVDB\ZGGKNSUKOP.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.762166415772224
    Encrypted:false
    SSDEEP:48:F3JV0n/77YJWXR98ziUsCGz8vgqhKkYpo:t4/7sm6WUsCGQIqr
    MD5:83CC8233F33824BAFC27E3953EB88113
    SHA1:D22F7C1CD19834CB75FADCA309F4142E03A0208C
    SHA-256:A5C85E276599D1A1C13790434B8075D8DB56DF75DB3C82490CFD633AEC7A2EA4
    SHA-512:195593E8A979AA1550FA54BDEAE69FFAFBD9A8E3A5BD9F0F2B7C9DE2EFE087CCC0083611EC9506E60C7C9E46441900B822BE0093BB306D2658E9ACE9DA8556DD
    Malicious:false
    Preview:.4.ASi....oI..r....7.e.7...........k1B..WN.F._..$@-.K.6w..n4..mJ".3.Q..>.D4........D`.P....q..V..l>.'.2.l.C...v;...............p.NI..gY.......;d...8.n.N.E.s.O...9dF. ....<iIG.r..._....C..s.&.q.-..}.r..tI..ah.........#u...s.V&t.*...$.J....%#.........$.].<fW.'L..m..e.;".U.eop.x.{Xh..,.1....:+.oH...(7.G...o +9....C.B...g..'..MO.........t..o6:.V.'...O............b$...e.8..D|u..'1..\...d.=n.....N.1xA.VPt.>.|.q,.).kRKa.$........=.......i.}..@.......u.8~7.oi.9..:..,@N..~.>L.........y.....i.....M9..>.L..mY.a)V....v.;..y.....!...7."M.V....M..l.<@.li....l..|..t.2;....T...R!..p.43.Jm...q.........gQK.PXi..S.@....&}o.c.. ..,#.7VCd.z*..C......l...7..$l.@....v.d:y..=...]..zF.0..-.{.7!.....!.....0.nf.H]...y..Z.1....|F..U.`...x.r.e./.V..n..Y...x.{.Zc._.F.wY..fH...Lw.#.P~m*.E......nc.eDN.F.%&...l......,..G..h:..}......V]....wR...t.m*o]..T......e..6.eeI...F.....H%.../.(GT...|.@..........,...R.s.1e.k}q\M.$r.i...:+a...?...x..QZ...o...9xA.k%.._baSU..\.9..H.......

    C:\Users\user\Desktop\JDDHMPCDUJ.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.756059632920139
    Encrypted:false
    SSDEEP:48:UTosF+SRDL5RMK8aJeC3BsCGz8vgqhKkYpo:+rtRHbqaJ53BsCGQIqr
    MD5:C2B478AEFB77E490C7AE3BCA6F419477
    SHA1:B76CB5CA2F6328C6959BE904E36C2F7D12A4B026
    SHA-256:7EC4F60CEA7EEFE6595889FA452E1515DAB2B90EECF6CE7EAA36A138CECD9965
    SHA-512:AD3B5AFE9B3109A448AA8759236651138914DBB38E04EE0071A07386408BD05C4496622F1BEDA984ACC3E4C4B9727E20C5096D744E2ABAB4567D532C58EA9579
    Malicious:false
    Preview:.4.ASi....oI...5.Yn.....t.Q.....u....{..."4...V.".cB.....#{...Ch6r..H...Hu...0)..p..........v.U.e.&.S..)..B..+.@.y..+}o3...d..0..AtP....D...2|w......!U&.....\.!.qtY..Y.$..Zc. [......`.......d.U.....80*K.V{.?F/?.dx..z.(r.a......4=&C.................#r..I......o.{.u..!.0..m.F.....(..U..h...8.....:#.*..p"......$.`....x.....idT.....X.d..7....+...~._..z2......$.E.4....-...f..o.k.q.<'.U...R.0R..d..=Uq'J..a.g}....%5X...c..e..7.!(...z........v......'..M_.....~h.H...~.X.Q.G<..]..7....Nb.t(~...|q.....&...}?.c....G.P.....DT#l.....;.._..R;..*...p....I..]..<'<.Y....'*..35N&T...d..1.<f.....O..B.yD9\&c.A...&..>.1."GO..$.|..'._.3..c..........,.i&G..t...L I.7.../P*...^W9. 9....:.p.<.\...9.E..:.BY....Qm.../....[.....:P...M.*I...yh...m...].?X.Q@7]7.....A.Q..1F.-10.UI.uk....._.cT-[...u.....r8..B+3)T3~#F].Aw*.',...`....Z.]%..m#;.:.ri..)..p...N.._.ZIZ......yUu.\.n5....../.!......'b+...Uj....BSK......!..........C.Y.j.T.z.$...y..j...G..z.'j..K.......zR...7:q

    C:\Users\user\Desktop\JDDHMPCDUJ.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.756059632920139
    Encrypted:false
    SSDEEP:48:UTosF+SRDL5RMK8aJeC3BsCGz8vgqhKkYpo:+rtRHbqaJ53BsCGQIqr
    MD5:C2B478AEFB77E490C7AE3BCA6F419477
    SHA1:B76CB5CA2F6328C6959BE904E36C2F7D12A4B026
    SHA-256:7EC4F60CEA7EEFE6595889FA452E1515DAB2B90EECF6CE7EAA36A138CECD9965
    SHA-512:AD3B5AFE9B3109A448AA8759236651138914DBB38E04EE0071A07386408BD05C4496622F1BEDA984ACC3E4C4B9727E20C5096D744E2ABAB4567D532C58EA9579
    Malicious:false
    Preview:.4.ASi....oI...5.Yn.....t.Q.....u....{..."4...V.".cB.....#{...Ch6r..H...Hu...0)..p..........v.U.e.&.S..)..B..+.@.y..+}o3...d..0..AtP....D...2|w......!U&.....\.!.qtY..Y.$..Zc. [......`.......d.U.....80*K.V{.?F/?.dx..z.(r.a......4=&C.................#r..I......o.{.u..!.0..m.F.....(..U..h...8.....:#.*..p"......$.`....x.....idT.....X.d..7....+...~._..z2......$.E.4....-...f..o.k.q.<'.U...R.0R..d..=Uq'J..a.g}....%5X...c..e..7.!(...z........v......'..M_.....~h.H...~.X.Q.G<..]..7....Nb.t(~...|q.....&...}?.c....G.P.....DT#l.....;.._..R;..*...p....I..]..<'<.Y....'*..35N&T...d..1.<f.....O..B.yD9\&c.A...&..>.1."GO..$.|..'._.3..c..........,.i&G..t...L I.7.../P*...^W9. 9....:.p.<.\...9.E..:.BY....Qm.../....[.....:P...M.*I...yh...m...].?X.Q@7]7.....A.Q..1F.-10.UI.uk....._.cT-[...u.....r8..B+3)T3~#F].Aw*.',...`....Z.]%..m#;.:.ri..)..p...N.._.ZIZ......yUu.\.n5....../.!......'b+...Uj....BSK......!..........C.Y.j.T.z.$...y..j...G..z.'j..K.......zR...7:q

    C:\Users\user\Desktop\JpQFDOA7Uk.exe.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):8168476
    Entropy (8bit):7.255112544680944
    Encrypted:false
    SSDEEP:196608:kylRRRRRgRRRRRRRRRRRRRqRRRRRRRRRRRRRcWMRcDRRRRRHVozsBJ792x87QonD:TlRRRRRgRRRRRRRRRRRRRqRRRRRRRRRJ
    MD5:8DA8EB74A7F0628620B871C8FD135BA0
    SHA1:24A52B509F341EC951E0AA54157D06A31AC303C0
    SHA-256:9F86546475EC7A9ECF2C28AB44B9B33B9414B74B5B37DC7E90E907186C091110
    SHA-512:AA1211C50487F285FE5365615728AAF4CA654099F5E75BA135B16C96A5E93BAD686E7F8816831630037DF17C9AF4B81C1564B86858C50E19AB5B27D2102A253F
    Malicious:true
    Preview:...)h@..is..B.\... .fp .T...U&z....~...../8O.D..ZT:A.wVt.g".....F_`..$a......p...#..:...=......>....Q-...j>C..ji..[.[.MQ..K...Zi4=.........$../....l+..A.{D.5.......m.!_.tJ.@ .....>..&.[....E.\...P...{...Z..jZ..D.R...I...3..>.r....IL.._..,7X.xXC#...S\. `....&.0:m..M....i.:@......xn.@.V.h.s._....w..hK.P...4./.]d....{. ...e....^.Y.E.[..-....../.s..]..Q.;)Xv....G7.[...zU.E....m.b....iJ.Y?.......9gaKA.U.....V.Mr.2...`.......c..H.Z..\^W.......4.......5.."..Z..(..;e......;..5....B:..F...6.oK.5.(6St..F.V2...e_..2.Y-..[=..\|r6......>.${....X....?.r..A..[..L2........D..M....q....$...P.<..(.l..~H...%...).8.!...R%..'......Q.]L.Ps.....-.....V.-d....`..yECK.....YJ....:.[...`.:{..Iz.f...w..Y.O.^zyFx..rZ..).v...o....V....a6..ntJ.y............O>u.....:...._.Y..5..qo.<\..X...v ...k[.........Y_n....o..G.Z`...y.`C.....f.{...wEl....;e...&a....hRN..ijm..;.T..M9XK.G.:.^.........?.Z.,...>j-.S8.../hQ.6..K..H.!M*{KC..1.7..-2."B.;."..:..w`.(.....

    C:\Users\user\Desktop\KLIZUSIQEN.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.754785040775082
    Encrypted:false
    SSDEEP:48:be83aL7mvTu/0hOjfoApo4oQT77eoDJW2vsvfWuZ9:beJ6Lu/0hmjp/oGmoDJ7vsmm
    MD5:1AA3F7DB4593160805EC7BDE6B58040A
    SHA1:94F886FA305419812FAB920E42751AF2C04A15F4
    SHA-256:1C253DBB2B64617D57F5BA3729920F2D02F3BFEA99019FDDC774B198ED849007
    SHA-512:9BE41DA3AF7B787BFFFB2C0C00E22D8692778E54E79FD5222544AD40249FF0454B8C496F5E5E20028993FB991EC9A13A5EAAF531F096FE4B7FB98F38EDE96A03
    Malicious:false
    Preview:.Zox3.....N...P..w4....y'hY...V\..L....M~.....Ck..W.............T.....X.t..+.^..JL..d.&\.Z........i^.........e.{1..XN^........~^..%.....K......o...`.}G."M.....'.N.\n..l..Mc..y....iL.=.}X...j.A`.KN}.qb.....@.T6G....y..b.s.8.#g7.=ZO...h#x.......w..G..!o..0...t.4....a.vb.f..M.!+..VV.T...LK).,N....[.#^n..........V.."..W..B......E.v7...........$.+i+...N.E..3..TU........8......:.-<..Ky.V...5sD..........k.B.7...<.=.....p.,.../..u3.u,.d4.3.$..9.y$..Es.\...B^.x.[.bU(...5~...>......@X.Y..U.&Z%`..'g.\d..._.F..N.....%....33..Wz.Q. <.s....6...........S.-...a..[.8.k"..eI.....".88........I.y..... .>.....c.....\........u.C............L...hUp..c.....[..l@..3..8zi++..E5.vs.x.y89...#.Q%..CQ....O^..4AZ>...N.`..:3.A....$"l..wS..H..F..FRj6d..d...MF...?........x.b.).c..@.....o..^..G..8...?.....g.y....e.j....;.J..........'...Tg..e.?........+..b...4v.X&...(.4.48x.:".1.....|./5...@@....n.V...._...i.G....E&..E.A^.......h>.f.._6A....t8.@I!.a.7...1-.....;

    C:\Users\user\Desktop\LIJDSFKJZG\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\NWCXBPIUYI\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\NYMMPCEIMA\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\PALRGUCVEH.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7912475329115525
    Encrypted:false
    SSDEEP:48:kcxZQeGca4vT5xm53WLBgR4LsGo4oQT77eoDJW2vsvfWuZ9:lGOb253oi4/oGmoDJ7vsmm
    MD5:B00EA96B532F08DE6B2D002B388B6CAF
    SHA1:6255CDD35424261A281EC7ABABB9870C21A5EBC1
    SHA-256:971F38542CCD590871C89C830F73EDD653B92B31FC2CADB7913FE78BFC3E56CE
    SHA-512:2F7800939F9E5A6AF210319E7DE21F6E188AECBF08C1C2DC58AF56AD5225035097C1A4784BE8F0D6D067390010F144ABD2C5FC1733E2CD595C1A3C65802BFCCA
    Malicious:false
    Preview:.Zox3.....N...P...a.<V.[.O/.G.K-.]..|.`..Q.z.:..s.=.e..Z/...R..~....xgE.g..I.....H..$r.#....=.........H..U.......w........../.n1.I..x.T..l..cshZ.[..S.; q...{...>...}\.u..tHgb..Y..@FOW&....(....=.......7F.H.K..z....c......-8......H$x"....y.k.."l>a.....4.P.._..4.v....G.t...?.8-.../.<..kB....b..."....T.U......x5....%o......uM.%h..Dg.5Eo.._.......v.....>(.iIV....)...".......f....r.T>VX.S..R...+S.,...R)!.....LG1.W.-.+.RJ...`...`..h'5........Mh..UM...3u.g...-.f......{$.u....=F...\....FL.H...T?%O;.r..o.......Mr|L.....T....v..v..g?.w...k.S${..".YD.'.Ks..]/...+......4..v..`.....PW.E&..W...C.{i....$..oG...|.....RH...Lj..#...i85g...3.QfJ.6<*.._....y0.(wIG....u+.....7.....C..z6.yU..t#SyY5..h..2D..r..Z.......=.V...^.C#k..Y...B.....h&y...%y.-..OT...};..Ly.j..b7^........2m......".t;.Q.H...*.LGx.z^..F".Cs..U.../7d.t....,.`.KpG.N...u..]..[S._`.{J...Q$.F.Q.eg.^Jc.....D!..;".^.<..8i..;..{.l...S|Z.@.....`..g.'.......!..5).hT./[.W.....}..W.N.i..|.<n...|.c.0R_..(..K%.

    C:\Users\user\Desktop\PALRGUCVEH.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7912475329115525
    Encrypted:false
    SSDEEP:48:kcxZQeGca4vT5xm53WLBgR4LsGo4oQT77eoDJW2vsvfWuZ9:lGOb253oi4/oGmoDJ7vsmm
    MD5:B00EA96B532F08DE6B2D002B388B6CAF
    SHA1:6255CDD35424261A281EC7ABABB9870C21A5EBC1
    SHA-256:971F38542CCD590871C89C830F73EDD653B92B31FC2CADB7913FE78BFC3E56CE
    SHA-512:2F7800939F9E5A6AF210319E7DE21F6E188AECBF08C1C2DC58AF56AD5225035097C1A4784BE8F0D6D067390010F144ABD2C5FC1733E2CD595C1A3C65802BFCCA
    Malicious:false
    Preview:.Zox3.....N...P...a.<V.[.O/.G.K-.]..|.`..Q.z.:..s.=.e..Z/...R..~....xgE.g..I.....H..$r.#....=.........H..U.......w........../.n1.I..x.T..l..cshZ.[..S.; q...{...>...}\.u..tHgb..Y..@FOW&....(....=.......7F.H.K..z....c......-8......H$x"....y.k.."l>a.....4.P.._..4.v....G.t...?.8-.../.<..kB....b..."....T.U......x5....%o......uM.%h..Dg.5Eo.._.......v.....>(.iIV....)...".......f....r.T>VX.S..R...+S.,...R)!.....LG1.W.-.+.RJ...`...`..h'5........Mh..UM...3u.g...-.f......{$.u....=F...\....FL.H...T?%O;.r..o.......Mr|L.....T....v..v..g?.w...k.S${..".YD.'.Ks..]/...+......4..v..`.....PW.E&..W...C.{i....$..oG...|.....RH...Lj..#...i85g...3.QfJ.6<*.._....y0.(wIG....u+.....7.....C..z6.yU..t#SyY5..h..2D..r..Z.......=.V...^.C#k..Y...B.....h&y...%y.-..OT...};..Ly.j..b7^........2m......".t;.Q.H...*.LGx.z^..F".Cs..U.../7d.t....,.`.KpG.N...u..]..[S._`.{J...Q$.F.Q.eg.^Jc.....D!..;".^.<..8i..;..{.l...S|Z.@.....`..g.'.......!..5).hT./[.W.....}..W.N.i..|.<n...|.c.0R_..(..K%.

    C:\Users\user\Desktop\PALRGUCVEH\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7820741903144
    Encrypted:false
    SSDEEP:48:dmntV/lrubuXMqJAD7Co4oQT77eoDJW2vsvfWuZ9:sntxlL/S7C/oGmoDJ7vsmm
    MD5:970B7681C59B951843D54019644F6CDA
    SHA1:B3E3624C1D056412CA05996303CA634546C0A625
    SHA-256:0C0EBE4D0EF08D3723FEA8F491C97C53DCE1231DA5E4706B0BBCF9A914218121
    SHA-512:6DB3C702B58BD84EB696BCCB66D603EF7E2F8A4D5A209124B032F26B2C3434A44FBF85DFA42AF006F3F0C2EC4D6297189761F77620FB99CA5AAF5868D6328785
    Malicious:false
    Preview:.Zox3.....N...P...O.jz..a..`.{6...'._.4$J....+.~we...l.[..4rA....;.}07.j..w.....s.~..h...y....kYx.Z...YX.OHn..h........<.RMa,tC.L^.Hj...i.......+f.Y(..'.....S2-d........Y....../G..Z.......7....B.H.....0PA..../.x..z.BA.a&.A$..u.E..!dIQ.......u]..>X........>...q$y..^....M.K..dQ:L...E!<..p.}9WV.@d.{q....x.f..\.%..."Lu......?.(.7...q......^.u.O.X`k..=gv...rB..7z.\.\.r.[..6....:..j.U.>~...;.....n.$..lI..D.]..(.l.&.]cM...I.o.d,.&..(.C.?"Q...S......N......>..)t[...{...&.y(.1pU1...?..6..j..*@..3..Wj.........&X..C.:(..z.@J......3.,.7G.?......U4e.L([......FM..b.D..w..S.....<..6....^.y...*....9.Y.9uJ=.y../,....$...w..uL..q.._%A.N..HH:.<gN..pI....._..IS..Q,i.I..V.S....5eA&.]..\...w....;.....G.R..FR+[b...).,....F(.9.Z..>.!...,..'_p.?\J~BS.4..).....Z.......p.....v.....].5.(.4...{W.%^...->...4....C?...A.MY&[....^.`...hD.O?...$.S).9..w.j|..0Hw0J...W....2p.....o..J..@.H.4.B.J.P..*..>b..[....N(Y.9.?....5...}..*........-X...`r.v.....@.....%..

    C:\Users\user\Desktop\PALRGUCVEH\GLTYDMDUST.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.767448323690586
    Encrypted:false
    SSDEEP:48:s3Gy9xhFsktmQaRqYuo1o4oQT77eoDJW2vsvfWuZ9:s3XZs7QaRd1/oGmoDJ7vsmm
    MD5:4CFAF8949FD9EAB6D71E344C698F13B5
    SHA1:4A83C959263056D5B552844D8BFA0C7FB1F2914B
    SHA-256:CC918D46C24168A82ED5A51EADAA49256DBAAD010BA244120DBC36BD763D54B9
    SHA-512:D3E8AE6F331E5B119E40B38DF0B2857DA2479635E36379FB8A6187E12DFC042145B441DD3571F0396649542AD10754B4BF6432C48806DF041F882CF9CB03ABDD
    Malicious:false
    Preview:.Zox3.....N...P.Xx..N.....xF...b.>....hR=..nM......8.(.+.0.r..qU;...,npF&T......p5.J..'y.+).|...;.c...)..*tz.0......ep6N.. .....G......\.W?..*.FPFF...<...L...'.....("L.Rr..-.^.H..'...M...9..!.57p......I........|..g..>...bh.v8...9....-.)..4..L.."..u.%o,.Q?2,B86.V...Uf.ly......c...x..g<.6{...[.{T.@..q.....|....i.H.1C..SMz..3^n..&O....I.!..}d..T..z..D.U........$..._......;..E........<...$...;9./CSz......~..5.o.;.v.Us....-h...R.m6M..un..B.R,.!zd..4.@........_sr...oJ.1...9...QG.}..}@??a...,..@.'3u,.\-...:Z....bq.].&~.C....=..aR255\..=.....I.|....g....{..../..u.n.....t.q(E.......j..7......y..X..X..T.......W=}J....JZ..M.......'[`..+*x.S ..M..l...:[....RZN..e......x..,/..Z.s..F%N.T.Lx....4|.....\...a..j3.....0.G..A..6i..x...5h..'#`0.O.P.Owb..3.....8.2D.i..a.......C.k.n%........g...5...]....).Ux@3..<.&..e...G..25...X......bh...kFA.6....U!hR.....t.X_..h........B1H..{C......i.4I..`..q...f../..?0.....I..rO.Z......I..o...n....*.....8.N...`..I...j...

    C:\Users\user\Desktop\PALRGUCVEH\JDDHMPCDUJ.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7397174062462835
    Encrypted:false
    SSDEEP:48:5I7SmRlqApfcKaXujiHu8XOPoo4oQT77eoDJW2vsvfWuZ9:53mvqsUKaejiO8So/oGmoDJ7vsmm
    MD5:ABA52614C20EFC06CF3BEE1BE63444D9
    SHA1:C6E5B5F095AA1A6813E825E0C9D0CBCD9A273D14
    SHA-256:014952EFC32A62FFCCCC0B9F048CB7C73A493809FEBCDF3791298F8A677DDEB8
    SHA-512:26015FC2E0D919D837342436FFF26213E3C93C0226087CB03BCDD3184FA29A3247019BBA0BBD16E5B3928B6D5EEF5E637D16CBAFDB82BFB38E584C56FCD3D9FD
    Malicious:false
    Preview:.Zox3.....N...P.x.(.H.90.?\Cn.n{.E..vt...1..1.....\..2..;7..QL.b.C....s.B[...lU..,...C.B...m...y.....9.`.uU.........bbt......ZQ...j.^...].8...l......d.@.y..On.....u....g.C;...E!b..:...l.}.....5e?.Nx.x.o`.?....9Dm...l@iQ..1v.B..:..K[t3............o....W....2..-...#.k..l).w...AH..../.!..lF.?.m.U.]Db....w..F>.GZ.....;.HO...<.K.[oj....OF.-.@FC.TE3....vb......3.2...............I.,.).T.}..^..{..A..0.ZQ.<@.........$..|m.1hzZ.W....X......":G."q{............<... ....#...P.'1.\X<..f..3L.....l.....[.K..Q..sDo.)Q_..%9.f...4..T'X....7....c;..0ac....Y.y5..Ui.......u.0D...[...|.I.]-..T..#...nu.u..K...E.Z.6=7..D.z._g>.....R...tx.uBv.H.....--Z.%./fi..?.1....T......A<[.-"`.l...&m...C ....N./Op.......@1<2..l.M..+..X8Y..(>..z....Ih...<PA...7Jcd.".1...;.%...?..+:.@..MF_D.m..wXeb8..G..:...N>.n.+i.C9...DZ...1Q.H....Y.....yV..qh.f...C.0..j..! t...>..{..1E.*jY....%..|.~..h./}G..3.A...k.I.@...B....y./.w$.._:...2..Q_.Wc.-.V...E...........C.VAzn...OY|;..........

    C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7912475329115525
    Encrypted:false
    SSDEEP:48:kcxZQeGca4vT5xm53WLBgR4LsGo4oQT77eoDJW2vsvfWuZ9:lGOb253oi4/oGmoDJ7vsmm
    MD5:B00EA96B532F08DE6B2D002B388B6CAF
    SHA1:6255CDD35424261A281EC7ABABB9870C21A5EBC1
    SHA-256:971F38542CCD590871C89C830F73EDD653B92B31FC2CADB7913FE78BFC3E56CE
    SHA-512:2F7800939F9E5A6AF210319E7DE21F6E188AECBF08C1C2DC58AF56AD5225035097C1A4784BE8F0D6D067390010F144ABD2C5FC1733E2CD595C1A3C65802BFCCA
    Malicious:false
    Preview:.Zox3.....N...P...a.<V.[.O/.G.K-.]..|.`..Q.z.:..s.=.e..Z/...R..~....xgE.g..I.....H..$r.#....=.........H..U.......w........../.n1.I..x.T..l..cshZ.[..S.; q...{...>...}\.u..tHgb..Y..@FOW&....(....=.......7F.H.K..z....c......-8......H$x"....y.k.."l>a.....4.P.._..4.v....G.t...?.8-.../.<..kB....b..."....T.U......x5....%o......uM.%h..Dg.5Eo.._.......v.....>(.iIV....)...".......f....r.T>VX.S..R...+S.,...R)!.....LG1.W.-.+.RJ...`...`..h'5........Mh..UM...3u.g...-.f......{$.u....=F...\....FL.H...T?%O;.r..o.......Mr|L.....T....v..v..g?.w...k.S${..".YD.'.Ks..]/...+......4..v..`.....PW.E&..W...C.{i....$..oG...|.....RH...Lj..#...i85g...3.QfJ.6<*.._....y0.(wIG....u+.....7.....C..z6.yU..t#SyY5..h..2D..r..Z.......=.V...^.C#k..Y...B.....h&y...%y.-..OT...};..Ly.j..b7^........2m......".t;.Q.H...*.LGx.z^..F".Cs..U.../7d.t....,.`.KpG.N...u..]..[S._`.{J...Q$.F.Q.eg.^Jc.....D!..;".^.<..8i..;..{.l...S|Z.@.....`..g.'.......!..5).hT./[.W.....}..W.N.i..|.<n...|.c.0R_..(..K%.

    C:\Users\user\Desktop\PALRGUCVEH\ZGGKNSUKOP.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.761369797591048
    Encrypted:false
    SSDEEP:48:fhUNreW5lFutHbgLIYnws4o4oQT77eoDJW2vsvfWuZ9:fhKeWJe8Ll+/oGmoDJ7vsmm
    MD5:8288BC2A7D36C9AF33FC80BC222BFB37
    SHA1:6ABCD1F6C56B41FA8203C498DF1BA810A346F5B8
    SHA-256:21C68F3265F66E01C6122B17EC261596DB51037BD060CCC3C632A6FACEF5225D
    SHA-512:F418FD18693C1EDD5A880FB892C57E5D23FF82E9477648D392D579D1C3E23606743558337B5BDE887ACD46DA9A6E633843A785A2B79B117F6A81DC05B9174865
    Malicious:false
    Preview:.Zox3.....N...P._pZe..*.....H...).&..T........n.}(...M.<..o..!90..b0...........H.,...../{..Ru5......-./P.....t.......+^.E.|..*=k.8....F.e...g.U...<(.....A.nd...i....e.4=........Q.....x..L.'...p...I.h..,N.:..L.c...06..cL...><c.........z......Q.q..;.@....a.%:..g........O9J..~.6e._....h.J.#.~....N. ^-.(...t....u'...\.7..5...N.f<..x..>}...)..{..#[..}(...f...'*m.)C......t..+..@:'.x,.....G.~B....P...|p?......{0T3.1D...jQC...u.|.F.K.?S\.b6...M!.,.P.b..+...w8.Wa..M..7u.$.J./..w!.s.J_.Qt.j.yCR+2FXvb.i..e.q......t..!...j.v#...H~.....(.j.....O...Z..^...W.....p.g....7.J.!....N.^....QS..H3:.2..."....!......_`U9..."..7..+.{......du..H.5..qSU..SU....%1.g..=..}.%.t7ZGDXy...y...P...... 7s..sE4..'....b~!..FAw.R..LK..p.....u.....|t...UE..d.Q...h....k.C....H.\o.O...SGS=O...uh...BZ....&.nr......o\.."..fp..w.V.....B"M..&.....eu.-......&.(.D....^3.u5HLe}..o..E..by8;.2dc.....>..WM.F..!.*M.....@..m...5...D.......Gi.'.U).'.I.A.z......JmR...Q.....

    C:\Users\user\Desktop\PALRGUCVEH\ZIPXYXWIOY.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.756789398828517
    Encrypted:false
    SSDEEP:48:Z3R8n3U1b93MKxne0o4oQT77eoDJW2vsvfWuZ9:Z3R8qFne0/oGmoDJ7vsmm
    MD5:219E6BE517561DAF2D773FF37F4EB3F0
    SHA1:0809805A2F31A2254E8AD1D1FBB8383B20317CED
    SHA-256:62F4E64EDF70340FBB8FF279A34A7F664019E74CF49D9353D6CBCD3CC5932AE1
    SHA-512:96DA920843D99FB264604B1F680C4215B52611F78B86D0FCECA0807CA9C2E554B0FD4C012441543D3582184AE2F40FDC0D6BA2473ABE568704D37C13FE3B2AED
    Malicious:false
    Preview:.Zox3.....N...P.6@..k..}....0..pl..z..a?...j..q...[..vp_.h..ar.z....'.&.].....?c..|...w..`.g..n....\W8.W.J_....y!..J.#....~nq:).R.x.1.(cln..'>.c..Y.c...2.V....Zx1..v......H1y.P. .....R.>9.fw...u.S.Vk[x.pH..@...!.l^duC."...oo....7.(...c....!..4s.].3.x.{g%....K.y......Ar!.....(..W......6Pe3F.....!Y...W..R.0.c..;+.."'..w..{.....:.:%.Ya[...pR..........S.....m>:...".-A."ibmu....fj..wl.>.}.K..;....Q5.%.....'......p..q(.u.v.4 .......b..s..h%N.E.C.$cR)...A*...........G.....d..k.T.2-.$.p.e}.S.....:.;.....=....w.T...x?.3.*..+..2........~..).u...!..b..R...@..._.vN.........D..v.5...z.ua.j....F^z.&[iz...,...l.^.......6jto..8.....w....*w%..D.E.*.Y.f.........P.3=.b..6..,..5fz{c..m.W......d..w~.?..a..........o.z^.|."G..k.0...n.....@s.......Q.,..L..z..9'..Nz...).X..&P.2.....S..g.....L....au<.jT...#.2*..mv...#.k~O.*.RE.h.......@..Z[....g{*..;.....H.....0...(B*V..4..q.....(.f.0...oF..X.Jn.'[..R..pzQ).^8#\....$.5(...US..R.Bc.:..R.......`....#~.^.......\....

    C:\Users\user\Desktop\VWDFPKGDUF\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Desktop\ZGGKNSUKOP.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.761369797591048
    Encrypted:false
    SSDEEP:48:fhUNreW5lFutHbgLIYnws4o4oQT77eoDJW2vsvfWuZ9:fhKeWJe8Ll+/oGmoDJ7vsmm
    MD5:8288BC2A7D36C9AF33FC80BC222BFB37
    SHA1:6ABCD1F6C56B41FA8203C498DF1BA810A346F5B8
    SHA-256:21C68F3265F66E01C6122B17EC261596DB51037BD060CCC3C632A6FACEF5225D
    SHA-512:F418FD18693C1EDD5A880FB892C57E5D23FF82E9477648D392D579D1C3E23606743558337B5BDE887ACD46DA9A6E633843A785A2B79B117F6A81DC05B9174865
    Malicious:false
    Preview:.Zox3.....N...P._pZe..*.....H...).&..T........n.}(...M.<..o..!90..b0...........H.,...../{..Ru5......-./P.....t.......+^.E.|..*=k.8....F.e...g.U...<(.....A.nd...i....e.4=........Q.....x..L.'...p...I.h..,N.:..L.c...06..cL...><c.........z......Q.q..;.@....a.%:..g........O9J..~.6e._....h.J.#.~....N. ^-.(...t....u'...\.7..5...N.f<..x..>}...)..{..#[..}(...f...'*m.)C......t..+..@:'.x,.....G.~B....P...|p?......{0T3.1D...jQC...u.|.F.K.?S\.b6...M!.,.P.b..+...w8.Wa..M..7u.$.J./..w!.s.J_.Qt.j.yCR+2FXvb.i..e.q......t..!...j.v#...H~.....(.j.....O...Z..^...W.....p.g....7.J.!....N.^....QS..H3:.2..."....!......_`U9..."..7..+.{......du..H.5..qSU..SU....%1.g..=..}.%.t7ZGDXy...y...P...... 7s..sE4..'....b~!..FAw.R..LK..p.....u.....|t...UE..d.Q...h....k.C....H.\o.O...SGS=O...uh...BZ....&.nr......o\.."..fp..w.V.....B"M..&.....eu.-......&.(.D....^3.u5HLe}..o..E..by8;.2dc.....>..WM.F..!.*M.....@..m...5...D.......Gi.'.U).'.I.A.z......JmR...Q.....

    C:\Users\user\Desktop\ZGGKNSUKOP.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.761369797591048
    Encrypted:false
    SSDEEP:48:fhUNreW5lFutHbgLIYnws4o4oQT77eoDJW2vsvfWuZ9:fhKeWJe8Ll+/oGmoDJ7vsmm
    MD5:8288BC2A7D36C9AF33FC80BC222BFB37
    SHA1:6ABCD1F6C56B41FA8203C498DF1BA810A346F5B8
    SHA-256:21C68F3265F66E01C6122B17EC261596DB51037BD060CCC3C632A6FACEF5225D
    SHA-512:F418FD18693C1EDD5A880FB892C57E5D23FF82E9477648D392D579D1C3E23606743558337B5BDE887ACD46DA9A6E633843A785A2B79B117F6A81DC05B9174865
    Malicious:false
    Preview:.Zox3.....N...P._pZe..*.....H...).&..T........n.}(...M.<..o..!90..b0...........H.,...../{..Ru5......-./P.....t.......+^.E.|..*=k.8....F.e...g.U...<(.....A.nd...i....e.4=........Q.....x..L.'...p...I.h..,N.:..L.c...06..cL...><c.........z......Q.q..;.@....a.%:..g........O9J..~.6e._....h.J.#.~....N. ^-.(...t....u'...\.7..5...N.f<..x..>}...)..{..#[..}(...f...'*m.)C......t..+..@:'.x,.....G.~B....P...|p?......{0T3.1D...jQC...u.|.F.K.?S\.b6...M!.,.P.b..+...w8.Wa..M..7u.$.J./..w!.s.J_.Qt.j.yCR+2FXvb.i..e.q......t..!...j.v#...H~.....(.j.....O...Z..^...W.....p.g....7.J.!....N.^....QS..H3:.2..."....!......_`U9..."..7..+.{......du..H.5..qSU..SU....%1.g..=..}.%.t7ZGDXy...y...P...... 7s..sE4..'....b~!..FAw.R..LK..p.....u.....|t...UE..d.Q...h....k.C....H.\o.O...SGS=O...uh...BZ....&.nr......o\.."..fp..w.V.....B"M..&.....eu.-......&.(.D....^3.u5HLe}..o..E..by8;.2dc.....>..WM.F..!.*M.....@..m...5...D.......Gi.'.U).'.I.A.z......JmR...Q.....

    C:\Users\user\Desktop\ZGGKNSUKOP.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.761369797591048
    Encrypted:false
    SSDEEP:48:fhUNreW5lFutHbgLIYnws4o4oQT77eoDJW2vsvfWuZ9:fhKeWJe8Ll+/oGmoDJ7vsmm
    MD5:8288BC2A7D36C9AF33FC80BC222BFB37
    SHA1:6ABCD1F6C56B41FA8203C498DF1BA810A346F5B8
    SHA-256:21C68F3265F66E01C6122B17EC261596DB51037BD060CCC3C632A6FACEF5225D
    SHA-512:F418FD18693C1EDD5A880FB892C57E5D23FF82E9477648D392D579D1C3E23606743558337B5BDE887ACD46DA9A6E633843A785A2B79B117F6A81DC05B9174865
    Malicious:false
    Preview:.Zox3.....N...P._pZe..*.....H...).&..T........n.}(...M.<..o..!90..b0...........H.,...../{..Ru5......-./P.....t.......+^.E.|..*=k.8....F.e...g.U...<(.....A.nd...i....e.4=........Q.....x..L.'...p...I.h..,N.:..L.c...06..cL...><c.........z......Q.q..;.@....a.%:..g........O9J..~.6e._....h.J.#.~....N. ^-.(...t....u'...\.7..5...N.f<..x..>}...)..{..#[..}(...f...'*m.)C......t..+..@:'.x,.....G.~B....P...|p?......{0T3.1D...jQC...u.|.F.K.?S\.b6...M!.,.P.b..+...w8.Wa..M..7u.$.J./..w!.s.J_.Qt.j.yCR+2FXvb.i..e.q......t..!...j.v#...H~.....(.j.....O...Z..^...W.....p.g....7.J.!....N.^....QS..H3:.2..."....!......_`U9..."..7..+.{......du..H.5..qSU..SU....%1.g..=..}.%.t7ZGDXy...y...P...... 7s..sE4..'....b~!..FAw.R..LK..p.....u.....|t...UE..d.Q...h....k.C....H.\o.O...SGS=O...uh...BZ....&.nr......o\.."..fp..w.V.....B"M..&.....eu.-......&.(.D....^3.u5HLe}..o..E..by8;.2dc.....>..WM.F..!.*M.....@..m...5...D.......Gi.'.U).'.I.A.z......JmR...Q.....

    C:\Users\user\Desktop\ZIPXYXWIOY.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.756789398828517
    Encrypted:false
    SSDEEP:48:Z3R8n3U1b93MKxne0o4oQT77eoDJW2vsvfWuZ9:Z3R8qFne0/oGmoDJ7vsmm
    MD5:219E6BE517561DAF2D773FF37F4EB3F0
    SHA1:0809805A2F31A2254E8AD1D1FBB8383B20317CED
    SHA-256:62F4E64EDF70340FBB8FF279A34A7F664019E74CF49D9353D6CBCD3CC5932AE1
    SHA-512:96DA920843D99FB264604B1F680C4215B52611F78B86D0FCECA0807CA9C2E554B0FD4C012441543D3582184AE2F40FDC0D6BA2473ABE568704D37C13FE3B2AED
    Malicious:false
    Preview:.Zox3.....N...P.6@..k..}....0..pl..z..a?...j..q...[..vp_.h..ar.z....'.&.].....?c..|...w..`.g..n....\W8.W.J_....y!..J.#....~nq:).R.x.1.(cln..'>.c..Y.c...2.V....Zx1..v......H1y.P. .....R.>9.fw...u.S.Vk[x.pH..@...!.l^duC."...oo....7.(...c....!..4s.].3.x.{g%....K.y......Ar!.....(..W......6Pe3F.....!Y...W..R.0.c..;+.."'..w..{.....:.:%.Ya[...pR..........S.....m>:...".-A."ibmu....fj..wl.>.}.K..;....Q5.%.....'......p..q(.u.v.4 .......b..s..h%N.E.C.$cR)...A*...........G.....d..k.T.2-.$.p.e}.S.....:.;.....=....w.T...x?.3.*..+..2........~..).u...!..b..R...@..._.vN.........D..v.5...z.ua.j....F^z.&[iz...,...l.^.......6jto..8.....w....*w%..D.E.*.Y.f.........P.3=.b..6..,..5fz{c..m.W......d..w~.?..a..........o.z^.|."G..k.0...n.....@s.......Q.,..L..z..9'..Nz...).X..&P.2.....S..g.....L....au<.jT...#.2*..mv...#.k~O.*.RE.h.......@..Z[....g{*..;.....H.....0...(B*V..4..q.....(.f.0...oF..X.Jn.'[..R..pzQ).^8#\....$.5(...US..R.Bc.:..R.......`....#~.^.......\....

    C:\Users\user\Desktop\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1340
    Entropy (8bit):5.441475555578534
    Encrypted:false
    SSDEEP:24:AzwQ7ZKn/v2VMur6Omay26qKbuCvNxwB69caEBGVzvMdGQ733QSKN9VWn+viiQWS:HoZoH2Vhr6Oma/6qKLly69caoG5cGQz1
    MD5:AF77B31C8EA4E223F3760BBD11C17665
    SHA1:F25B6A233F2BB79F4E449DFCB54BF321CAA51767
    SHA-256:81818BF8D21454EE81399BAAD376E65966050DFDD853321E6B7D671ECAB1A86A
    SHA-512:F0218A8B0BDC3D142A3B1092A9EAD8216062B15170977EE9E691F7B6B418723FCED2C9F8A604E65EA91D703D4CD9E54FB73835A2138497EF051FBB9E09F8121E
    Malicious:false
    Preview:.....5u..wV...l:.."T).u..| ]..0c...ay...&../.....j.U.IZn.......[<...*G....3......&.{...[D.d........R".932.T......d.Z......XXB`..8>l,..3Yz....&.R<..z......p&Af.......m......p.K..am&....EYE...(..9.../..c.a.n@...j... ...c..q{ ..B.n.o@..A{.7.6.xmX.L83....Y.._.......2._...<)E.........2.].i..o..z...---*8+8*---270a88dfd91a2c35e53d7073630630dd8985f965636c491542d1fd3e325f5fbc7ee9250f4383766f38f720cdcd82bff7aa46dcb0bf6d63efe7ade1e2aa13c0cf9b5a7bba86390daeaf2f1b54347334121868c71b234dac7479ac6c4060d83c523796a2560c98cdf15dfa2783e06b2ab485c7b989f2e98f6f996ea91cae265e62adb506b68a564f05e57e3365efa11cf30d2477908231937b2305689289b0a2082902531b0088bb9cad8eb5ba5ee012e8333e9afeeb60889a712f6a432a7681f6a92d586219d89f7e553a4acdb0d6fd8bf592c45405a6b8d89d22be0cbe467b52541b35129e57b5ed963c6870628196b91f64407175509071be561458fb9f6778f1f6ac1ae413535c8ce0567b85c212660f4647c8fb63d8a9b3bd8d624fa101587594f311486cf911c328d9bb1f46f2172c6411b831cefbc772888fbe5d91e774f629d8008897579b333ffbf5e0439ce679fb858ece424

    C:\Users\user\Documents\BJZFPPWAPT.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.76158152495687
    Encrypted:false
    SSDEEP:48:gOPjQbkIHHQSPTCmJGu0FbF9yo4oQT77eoDJW2vsvfWuZ9:g80Ic51IlFny/oGmoDJ7vsmm
    MD5:BD0E84743A750D29E59DE72070F222D5
    SHA1:0EB6F8A3DA2B6AF87B9F2ACD340D421E3E6936FA
    SHA-256:5C0B3362D17E4749F4904EB8D04817E0CD83860DDDF3F0526D2E5B7B65C1E2BA
    SHA-512:573836DF89652DFAB819729A3C586D82E94392A70B7D8F3295BB7EA40E405A8C6A122360C2E6919CE0D36ABD17AD670FBA9E7F6E4A2C9511766E1B48441468A6
    Malicious:false
    Preview:.Zox3.....N...P...+....Q.....C....$&....U...0"... ...b.tg .9...........Ho.GE!Ct.i.X{[7..P.....]J2..e...By..}.\A_.P$t......{.m...e..O..P.....X.[..O.l......^h.U........V.&.ay"......G.....%........}?..RWS..b.......{..?Rw$.....u....rO."...< ...H.%P.\..ejY...6|...p......_E..4...<l{........l........Z..P.".9N..W...@.$...2~.%d.....4Ut.......`..J6...8.d&.L.+BL"......2.&@o..y[.m.zqW{.J.BJi..~.u...[....1....^..iN..*E*...%..i..Z?T.1.J.t;LR.;O.Bf..W.h8.5.+w.......Aq./.}}.K|....I+.9..........f...2.D....(..6(../a.J.X..C......../.U..-4D...$o.1=e...-.....4..dr...G....|...U!..}|.Y. _XM.l.N..F.s...4..`...<&i..Ep.gB..aX&\..00.....L...e.,.'.F.k7.d.<...8.k_..cT.U....Z..........>.D.......lT+.~.o.{V\%..l..>.s`Z....%pR.....p../...W..x....<.X..V].....Zr.../....\........_n.8.7{..W..}..,(*.t...@"....._.....%..X.UL=g.@.."OLDJi1..*R..z".P.z1].Gh...V....Ys.....]..,..6...J..6..O.......=.V...z.qpUq?G..Tp/.w.u.\SO...[...0a]p....E..............uj.E

    C:\Users\user\Documents\BJZFPPWAPT.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.76158152495687
    Encrypted:false
    SSDEEP:48:gOPjQbkIHHQSPTCmJGu0FbF9yo4oQT77eoDJW2vsvfWuZ9:g80Ic51IlFny/oGmoDJ7vsmm
    MD5:BD0E84743A750D29E59DE72070F222D5
    SHA1:0EB6F8A3DA2B6AF87B9F2ACD340D421E3E6936FA
    SHA-256:5C0B3362D17E4749F4904EB8D04817E0CD83860DDDF3F0526D2E5B7B65C1E2BA
    SHA-512:573836DF89652DFAB819729A3C586D82E94392A70B7D8F3295BB7EA40E405A8C6A122360C2E6919CE0D36ABD17AD670FBA9E7F6E4A2C9511766E1B48441468A6
    Malicious:false
    Preview:.Zox3.....N...P...+....Q.....C....$&....U...0"... ...b.tg .9...........Ho.GE!Ct.i.X{[7..P.....]J2..e...By..}.\A_.P$t......{.m...e..O..P.....X.[..O.l......^h.U........V.&.ay"......G.....%........}?..RWS..b.......{..?Rw$.....u....rO."...< ...H.%P.\..ejY...6|...p......_E..4...<l{........l........Z..P.".9N..W...@.$...2~.%d.....4Ut.......`..J6...8.d&.L.+BL"......2.&@o..y[.m.zqW{.J.BJi..~.u...[....1....^..iN..*E*...%..i..Z?T.1.J.t;LR.;O.Bf..W.h8.5.+w.......Aq./.}}.K|....I+.9..........f...2.D....(..6(../a.J.X..C......../.U..-4D...$o.1=e...-.....4..dr...G....|...U!..}|.Y. _XM.l.N..F.s...4..`...<&i..Ep.gB..aX&\..00.....L...e.,.'.F.k7.d.<...8.k_..cT.U....Z..........>.D.......lT+.~.o.{V\%..l..>.s`Z....%pR.....p../...W..x....<.X..V].....Zr.../....\........_n.8.7{..W..}..,(*.t...@"....._.....%..X.UL=g.@.."OLDJi1..*R..z".P.z1].Gh...V....Ys.....]..,..6...J..6..O.......=.V...z.qpUq?G..Tp/.w.u.\SO...[...0a]p....E..............uj.E

    C:\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.76158152495687
    Encrypted:false
    SSDEEP:48:gOPjQbkIHHQSPTCmJGu0FbF9yo4oQT77eoDJW2vsvfWuZ9:g80Ic51IlFny/oGmoDJ7vsmm
    MD5:BD0E84743A750D29E59DE72070F222D5
    SHA1:0EB6F8A3DA2B6AF87B9F2ACD340D421E3E6936FA
    SHA-256:5C0B3362D17E4749F4904EB8D04817E0CD83860DDDF3F0526D2E5B7B65C1E2BA
    SHA-512:573836DF89652DFAB819729A3C586D82E94392A70B7D8F3295BB7EA40E405A8C6A122360C2E6919CE0D36ABD17AD670FBA9E7F6E4A2C9511766E1B48441468A6
    Malicious:false
    Preview:.Zox3.....N...P...+....Q.....C....$&....U...0"... ...b.tg .9...........Ho.GE!Ct.i.X{[7..P.....]J2..e...By..}.\A_.P$t......{.m...e..O..P.....X.[..O.l......^h.U........V.&.ay"......G.....%........}?..RWS..b.......{..?Rw$.....u....rO."...< ...H.%P.\..ejY...6|...p......_E..4...<l{........l........Z..P.".9N..W...@.$...2~.%d.....4Ut.......`..J6...8.d&.L.+BL"......2.&@o..y[.m.zqW{.J.BJi..~.u...[....1....^..iN..*E*...%..i..Z?T.1.J.t;LR.;O.Bf..W.h8.5.+w.......Aq./.}}.K|....I+.9..........f...2.D....(..6(../a.J.X..C......../.U..-4D...$o.1=e...-.....4..dr...G....|...U!..}|.Y. _XM.l.N..F.s...4..`...<&i..Ep.gB..aX&\..00.....L...e.,.'.F.k7.d.<...8.k_..cT.U....Z..........>.D.......lT+.~.o.{V\%..l..>.s`Z....%pR.....p../...W..x....<.X..V].....Zr.../....\........_n.8.7{..W..}..,(*.t...@"....._.....%..X.UL=g.@.."OLDJi1..*R..z".P.z1].Gh...V....Ys.....]..,..6...J..6..O.......=.V...z.qpUq?G..Tp/.w.u.\SO...[...0a]p....E..............uj.E

    C:\Users\user\Documents\BJZFPPWAPT\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.772866110821743
    Encrypted:false
    SSDEEP:48:iyp+GEUkhJgWS5FtuOvWErZ/Rs8Xbo4oQT77eoDJW2vsvfWuZ9:zShJg15wEl/fb/oGmoDJ7vsmm
    MD5:B47964F94B7B25CB1099C09CC674BD31
    SHA1:BC1BB45AFF403289732929A82CD3479EABC71312
    SHA-256:8A6A1CD0FC93D3BEBAD4AF583C54EE71E83CB12B39638577D59B4A4031F4A33B
    SHA-512:66A1623D189328F76989CE2B18E39756B9F8BBDEB723ECF36470D8AA37D05CCA280247742F756657B3DBE08406BF395D589A52EEB25C8F7F47AE855C29A646FA
    Malicious:false
    Preview:.Zox3.....N...P...r.%k...p....|y..7.2......{.?..T.\r...@...<.X...Jk..6VU......`&dn...].{....SS......6 L...-r..$A...........r..N........../.....7%..{.l....l..<..X\..Z.G....V.$.?.5.A..............{v..fN..=Do.Ct..<..;.Q.......eP..,.qb.../.X.Bx.SJ.....(.3.t..gM..F...F.E.hJ..u..r[.S..+..2...W...\.Af..B.e.F..b.........?!.L.y....eD;N....d..p....b.-iZ...fb..S2...".ZT.e^{....s...|.}J.....j.5.P.@.X...6k.U.w#..f.H......t...V..&..g..w.t......9.d.n.....,....b.>......?...;.^U..BHL+g...AHl...".0e..J...Kh...._...^<..<v5]qG..P..gt|.@.... 6..@.,.......[......G..0...W...CkX^.7@..'J..1/...T..>.`t.[:......gn.n..E.Y....B.m?.0..L...1...........?.2..x..n;.k.2$...}...?..A...h`..5Tw.....c...6..t>L&.v..8<e.+.....O....,:f.O.b.a...Y..K.wT-M....E.....2.y.>....QY...(...f>d...$..a.......2......B.o.pUsr..?....u......;5.=y.....#.lGk..G.o.~...l6r.....<f.M.....%.........s5..,.......D.p.cz".......(.....v....[........0...1....NI.....[..._C....-...h*..w.?...x..TD

    C:\Users\user\Documents\BJZFPPWAPT\EWZCVGNOWT.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.763967564193615
    Encrypted:false
    SSDEEP:48:x6SZ14Dybp1WPbaasCBwnCClyNvTBo4oQT77eoDJW2vsvfWuZ9:x6Q4mHe1sjurB/oGmoDJ7vsmm
    MD5:3093AC535F404CF2FF1B996C9C915F78
    SHA1:029F307F0C9CEC64CEA11B12CB52C5525E5C52EB
    SHA-256:1503C02875FA0C54F1C8C62814727E54F6F5DED30AFDBE51707AB580DE9F9D7E
    SHA-512:0D13BEE1B7B69E2FFB324047743FDAD76A66731D4CEC20DD4E63A4E078E8D6A47663ABB563CDAA13001D1CA98F47DA6B3CAB50F8DDE2FFAE37BC1AA897E0A9C1
    Malicious:false
    Preview:.Zox3.....N...P......X9E..Vx.7/.#.uK.r....*.....;....t"x.l..j.}.%G[....|./....[..K..u.a.2..{2p UQ.9...>...u.../,4....._9<.v.GUOi.+..GaM....du..+CC....k.-.v...a...?...9{.vSb(....U|.gkL5..........'P.gs.z. ....eM....bf...K...FFk.(..`m..r...;..&...G..E...=..../...x...C.d?K`.b..,m9LD.....oOW`....b.(. ..oQ.~..&.......;:.....t..aRt#..T...w.*r....%_]C.?...a.9....l..........%ca.HW.Ai.l$.@.....G.C.:.N.oU..G-..ib.O.n*Rx.~..Z.n.K6.X...A...'_3.[.0......u...N/..ipm.a\_ZJ..H..q..E,.h. .....X.....&..#../.Y=oL>..+.^..r.g........*.f....5*...@i~.l>....%...zu;...A@..^.O..+uX^......M../g.0...b.......b...6#.J..8#."9.X....Vg/..I...n..X.fnN..p.'a3.NY?.gc.V._..V...{.....jy...~...}..@...3...O8.D......C....'....{.:..=Gg.|..9H...*.....f.Yo....}.....+.:T'.u>....,..R...R./..*sR-..I......"..P.wUa.:k.......Py.....}.w_t.Z...V.j..4u#.......2I'F5}.[..}..(...c.7....[LFm,ONW$ +..E8E..:|E@..)X.%...Di.X.....g ..?..Y].(./u.SN...G..K.....@..Z....m...j&... .....a.>.l?..........U..N..rZ]q..[.

    C:\Users\user\Documents\BJZFPPWAPT\JDDHMPCDUJ.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7397174062462835
    Encrypted:false
    SSDEEP:48:5I7SmRlqApfcKaXujiHu8XOPoo4oQT77eoDJW2vsvfWuZ9:53mvqsUKaejiO8So/oGmoDJ7vsmm
    MD5:ABA52614C20EFC06CF3BEE1BE63444D9
    SHA1:C6E5B5F095AA1A6813E825E0C9D0CBCD9A273D14
    SHA-256:014952EFC32A62FFCCCC0B9F048CB7C73A493809FEBCDF3791298F8A677DDEB8
    SHA-512:26015FC2E0D919D837342436FFF26213E3C93C0226087CB03BCDD3184FA29A3247019BBA0BBD16E5B3928B6D5EEF5E637D16CBAFDB82BFB38E584C56FCD3D9FD
    Malicious:false
    Preview:.Zox3.....N...P.x.(.H.90.?\Cn.n{.E..vt...1..1.....\..2..;7..QL.b.C....s.B[...lU..,...C.B...m...y.....9.`.uU.........bbt......ZQ...j.^...].8...l......d.@.y..On.....u....g.C;...E!b..:...l.}.....5e?.Nx.x.o`.?....9Dm...l@iQ..1v.B..:..K[t3............o....W....2..-...#.k..l).w...AH..../.!..lF.?.m.U.]Db....w..F>.GZ.....;.HO...<.K.[oj....OF.-.@FC.TE3....vb......3.2...............I.,.).T.}..^..{..A..0.ZQ.<@.........$..|m.1hzZ.W....X......":G."q{............<... ....#...P.'1.\X<..f..3L.....l.....[.K..Q..sDo.)Q_..%9.f...4..T'X....7....c;..0ac....Y.y5..Ui.......u.0D...[...|.I.]-..T..#...nu.u..K...E.Z.6=7..D.z._g>.....R...tx.uBv.H.....--Z.%./fi..?.1....T......A<[.-"`.l...&m...C ....N./Op.......@1<2..l.M..+..X8Y..(>..z....Ih...<PA...7Jcd.".1...;.%...?..+:.@..MF_D.m..wXeb8..G..:...N>.n.+i.C9...DZ...1Q.H....Y.....yV..qh.f...C.0..j..! t...>..{..1E.*jY....%..|.~..h./}G..3.A...k.I.@...B....y./.w$.._:...2..Q_.Wc.-.V...E...........C.VAzn...OY|;..........

    C:\Users\user\Documents\BJZFPPWAPT\KLIZUSIQEN.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.754785040775082
    Encrypted:false
    SSDEEP:48:be83aL7mvTu/0hOjfoApo4oQT77eoDJW2vsvfWuZ9:beJ6Lu/0hmjp/oGmoDJ7vsmm
    MD5:1AA3F7DB4593160805EC7BDE6B58040A
    SHA1:94F886FA305419812FAB920E42751AF2C04A15F4
    SHA-256:1C253DBB2B64617D57F5BA3729920F2D02F3BFEA99019FDDC774B198ED849007
    SHA-512:9BE41DA3AF7B787BFFFB2C0C00E22D8692778E54E79FD5222544AD40249FF0454B8C496F5E5E20028993FB991EC9A13A5EAAF531F096FE4B7FB98F38EDE96A03
    Malicious:false
    Preview:.Zox3.....N...P..w4....y'hY...V\..L....M~.....Ck..W.............T.....X.t..+.^..JL..d.&\.Z........i^.........e.{1..XN^........~^..%.....K......o...`.}G."M.....'.N.\n..l..Mc..y....iL.=.}X...j.A`.KN}.qb.....@.T6G....y..b.s.8.#g7.=ZO...h#x.......w..G..!o..0...t.4....a.vb.f..M.!+..VV.T...LK).,N....[.#^n..........V.."..W..B......E.v7...........$.+i+...N.E..3..TU........8......:.-<..Ky.V...5sD..........k.B.7...<.=.....p.,.../..u3.u,.d4.3.$..9.y$..Es.\...B^.x.[.bU(...5~...>......@X.Y..U.&Z%`..'g.\d..._.F..N.....%....33..Wz.Q. <.s....6...........S.-...a..[.8.k"..eI.....".88........I.y..... .>.....c.....\........u.C............L...hUp..c.....[..l@..3..8zi++..E5.vs.x.y89...#.Q%..CQ....O^..4AZ>...N.`..:3.A....$"l..wS..H..F..FRj6d..d...MF...?........x.b.).c..@.....o..^..G..8...?.....g.y....e.j....;.J..........'...Tg..e.?........+..b...4v.X&...(.4.48x.:".1.....|./5...@@....n.V...._...i.G....E&..E.A^.......h>.f.._6A....t8.@I!.a.7...1-.....;

    C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.761369797591048
    Encrypted:false
    SSDEEP:48:fhUNreW5lFutHbgLIYnws4o4oQT77eoDJW2vsvfWuZ9:fhKeWJe8Ll+/oGmoDJ7vsmm
    MD5:8288BC2A7D36C9AF33FC80BC222BFB37
    SHA1:6ABCD1F6C56B41FA8203C498DF1BA810A346F5B8
    SHA-256:21C68F3265F66E01C6122B17EC261596DB51037BD060CCC3C632A6FACEF5225D
    SHA-512:F418FD18693C1EDD5A880FB892C57E5D23FF82E9477648D392D579D1C3E23606743558337B5BDE887ACD46DA9A6E633843A785A2B79B117F6A81DC05B9174865
    Malicious:false
    Preview:.Zox3.....N...P._pZe..*.....H...).&..T........n.}(...M.<..o..!90..b0...........H.,...../{..Ru5......-./P.....t.......+^.E.|..*=k.8....F.e...g.U...<(.....A.nd...i....e.4=........Q.....x..L.'...p...I.h..,N.:..L.c...06..cL...><c.........z......Q.q..;.@....a.%:..g........O9J..~.6e._....h.J.#.~....N. ^-.(...t....u'...\.7..5...N.f<..x..>}...)..{..#[..}(...f...'*m.)C......t..+..@:'.x,.....G.~B....P...|p?......{0T3.1D...jQC...u.|.F.K.?S\.b6...M!.,.P.b..+...w8.Wa..M..7u.$.J./..w!.s.J_.Qt.j.yCR+2FXvb.i..e.q......t..!...j.v#...H~.....(.j.....O...Z..^...W.....p.g....7.J.!....N.^....QS..H3:.2..."....!......_`U9..."..7..+.{......du..H.5..qSU..SU....%1.g..=..}.%.t7ZGDXy...y...P...... 7s..sE4..'....b~!..FAw.R..LK..p.....u.....|t...UE..d.Q...h....k.C....H.\o.O...SGS=O...uh...BZ....&.nr......o\.."..fp..w.V.....B"M..&.....eu.-......&.(.D....^3.u5HLe}..o..E..by8;.2dc.....>..WM.F..!.*M.....@..m...5...D.......Gi.'.U).'.I.A.z......JmR...Q.....

    C:\Users\user\Documents\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\DUUDTUBZFW.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.772866110821743
    Encrypted:false
    SSDEEP:48:iyp+GEUkhJgWS5FtuOvWErZ/Rs8Xbo4oQT77eoDJW2vsvfWuZ9:zShJg15wEl/fb/oGmoDJ7vsmm
    MD5:B47964F94B7B25CB1099C09CC674BD31
    SHA1:BC1BB45AFF403289732929A82CD3479EABC71312
    SHA-256:8A6A1CD0FC93D3BEBAD4AF583C54EE71E83CB12B39638577D59B4A4031F4A33B
    SHA-512:66A1623D189328F76989CE2B18E39756B9F8BBDEB723ECF36470D8AA37D05CCA280247742F756657B3DBE08406BF395D589A52EEB25C8F7F47AE855C29A646FA
    Malicious:false
    Preview:.Zox3.....N...P...r.%k...p....|y..7.2......{.?..T.\r...@...<.X...Jk..6VU......`&dn...].{....SS......6 L...-r..$A...........r..N........../.....7%..{.l....l..<..X\..Z.G....V.$.?.5.A..............{v..fN..=Do.Ct..<..;.Q.......eP..,.qb.../.X.Bx.SJ.....(.3.t..gM..F...F.E.hJ..u..r[.S..+..2...W...\.Af..B.e.F..b.........?!.L.y....eD;N....d..p....b.-iZ...fb..S2...".ZT.e^{....s...|.}J.....j.5.P.@.X...6k.U.w#..f.H......t...V..&..g..w.t......9.d.n.....,....b.>......?...;.^U..BHL+g...AHl...".0e..J...Kh...._...^<..<v5]qG..P..gt|.@.... 6..@.,.......[......G..0...W...CkX^.7@..'J..1/...T..>.`t.[:......gn.n..E.Y....B.m?.0..L...1...........?.2..x..n;.k.2$...}...?..A...h`..5Tw.....c...6..t>L&.v..8<e.+.....O....,:f.O.b.a...Y..K.wT-M....E.....2.y.>....QY...(...f>d...$..a.......2......B.o.pUsr..?....u......;5.=y.....#.lGk..G.o.~...l6r.....<f.M.....%.........s5..,.......D.p.cz".......(.....v....[........0...1....NI.....[..._C....-...h*..w.?...x..TD

    C:\Users\user\Documents\DUUDTUBZFW.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.772866110821743
    Encrypted:false
    SSDEEP:48:iyp+GEUkhJgWS5FtuOvWErZ/Rs8Xbo4oQT77eoDJW2vsvfWuZ9:zShJg15wEl/fb/oGmoDJ7vsmm
    MD5:B47964F94B7B25CB1099C09CC674BD31
    SHA1:BC1BB45AFF403289732929A82CD3479EABC71312
    SHA-256:8A6A1CD0FC93D3BEBAD4AF583C54EE71E83CB12B39638577D59B4A4031F4A33B
    SHA-512:66A1623D189328F76989CE2B18E39756B9F8BBDEB723ECF36470D8AA37D05CCA280247742F756657B3DBE08406BF395D589A52EEB25C8F7F47AE855C29A646FA
    Malicious:false
    Preview:.Zox3.....N...P...r.%k...p....|y..7.2......{.?..T.\r...@...<.X...Jk..6VU......`&dn...].{....SS......6 L...-r..$A...........r..N........../.....7%..{.l....l..<..X\..Z.G....V.$.?.5.A..............{v..fN..=Do.Ct..<..;.Q.......eP..,.qb.../.X.Bx.SJ.....(.3.t..gM..F...F.E.hJ..u..r[.S..+..2...W...\.Af..B.e.F..b.........?!.L.y....eD;N....d..p....b.-iZ...fb..S2...".ZT.e^{....s...|.}J.....j.5.P.@.X...6k.U.w#..f.H......t...V..&..g..w.t......9.d.n.....,....b.>......?...;.^U..BHL+g...AHl...".0e..J...Kh...._...^<..<v5]qG..P..gt|.@.... 6..@.,.......[......G..0...W...CkX^.7@..'J..1/...T..>.`t.[:......gn.n..E.Y....B.m?.0..L...1...........?.2..x..n;.k.2$...}...?..A...h`..5Tw.....c...6..t>L&.v..8<e.+.....O....,:f.O.b.a...Y..K.wT-M....E.....2.y.>....QY...(...f>d...$..a.......2......B.o.pUsr..?....u......;5.=y.....#.lGk..G.o.~...l6r.....<f.M.....%.........s5..,.......D.p.cz".......(.....v....[........0...1....NI.....[..._C....-...h*..w.?...x..TD

    C:\Users\user\Documents\EIVQSAOTAQ\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\EOWRVPQCCS.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.747846353153788
    Encrypted:false
    SSDEEP:48:KiLPt+F7yhk1iymNT12/o4oQT77eoDJW2vsvfWuZ9:LPt+aFNs//oGmoDJ7vsmm
    MD5:63CE8DEFABCD163CD6E071915065C59D
    SHA1:39B8412783A7A1AF30A7E7B5B1664AE9C5E18067
    SHA-256:6185FBBEA10535B4665D574EE1C9323E5FB63738DEFC48A9EF18EE84C37C160A
    SHA-512:1DF7407FE60251E24467DA30FD64E1BD82483DB5103247D332DA374D474E54CBD91E3DAA3329DAC9B552D4693DCA7A1ECDE02D6836463C2E4D508C802B2848D3
    Malicious:false
    Preview:.Zox3.....N...P..?......b..D..ySS.t.)....<.0...-./.$..k...}......Z/.....d.G..3.*3.yY......1.~..2....>.....f......-v.........m.A1q.....mT......*G..fC.S=6...$t.k.\.{....T8.B!.s...*}.?"c.....1j~.Ad7td..7.....Y5..t.....%...D..E.......C.2..Mu...B..i...7....-.{R..w..E.;..H....Z..R.......,.$f>_.gU....i.4..N.[....:.......M!`.E:..(./d.u&.r......r.lo...#.`{.a'a.0..."$T...:<...tq.}...N0Eb..D..X2~:.H......==..;...>.#(...D<&P2s......C..N.......Z}0B....6*....3......>>.&.@K.s..!..$gS...>h.....(.A....d.)..Y~..&7...........@%&.;.x9/..(d......$f.,...@.WiY.........{.|a*ZKK.}b.O;.W..yT2...0.K]St,..a..K.d..~.6..j.B.b.2....Jd:c.....I#.G..../5...+hzO..=u..$.......:..Q.7%.|.....W....:..U.!m.w.qn..)..d.G.%..Sm...%....V.i(...P..K.y..D.........G.:-.w.^.p.....;...k...S_..]M....[...l....c"..3.1...WU....\.......BB.h.Km.HV....e...`...]x.dg.3.Q.-y...=.x...H.*.2..'.V.z.x.'...q.h.Ds....5...V^...L].(..HZ....k...\U..v.g..h6.=.'.km..6...c7jyxM.4k..T.G._:rR.x...G.. ...

    C:\Users\user\Documents\EWZCVGNOWT.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7417972211255455
    Encrypted:false
    SSDEEP:48:R+PsrPTEsIbDwF9+NYFa6WpmZEPu0HzcVQC:QUjTEsIlYFYrumzcVQC
    MD5:64D7FFA37C83A19C922E5E0D4566D202
    SHA1:B7F30A34023DE9804ED7DFAC6C35FB3CAEE1AE91
    SHA-256:4B776C8FD91518026B2C50B890A838E88AD183089390379D9D8D611BDF6688AB
    SHA-512:D1E4A01EFEA6FFEA7E13665C3689763C3600C77FE164BC3834B8143FB7577B352E0DF2257E0EF0C8A58B1C685276903D7ABA9F8F211DE2EE31A2E59F15F84E58
    Malicious:false
    Preview:...U..R.......e.............:c.y...&.;.:....'"g\b.#~G8<_...z.0#.T.1.....xt:-.....T./.C...,WO.6..R.~.!!.#z+.9/]....kP...yb.C.....!...g<..!l.....6va&...<(..Kg6..pX..\....Es.N. ....=.".%.....]>...^zOn.@...9."Kzo74..z.Z...[..N. x.-8qlMlU.eqL.vY..y,B.9_.?.+..*@.P....|.V..g..lW.....<..z.I...N.R.q..)+:Ez...2..j.8.....rt....a.H.Yz..gjN.k@8.}j.. j..(.......p.m.a.1x?./F0...I....T..or..x.n[);N...$(....-...........l..[..6.eQ.s.v.>......."g.......1i7?..$>...4.:C..=A...2.N...N.....sSg...=.....ioy9..l....p...A.2N.|U..b\."...eG.."... 8.{....*...?P..s....J...q.-\.i....G@..="s..OV.....}:j~.T..>8.^...g}..X.B.~.t.)o[.e..DJ&.......D... ..A^..... .=#a..#.~.2Lls&..N1.....X..{..h>......t[..u8....1.a.[.5^..F[...[W`. ..n.d.H.w.....fZ.\.49..2K..4.8|gjS......,/..l.....a.h.....].!.)...+..5.:.[..3..uKS.y....&+<.,,...>...(.7..0.(.f....k.w...U....Nz.g.<.x....`.e...HBO..@..2...v.G./g.w8I.o.....{..|.@2.:P....==Vb'>a..:...1. .....j.O6.....Er..o......e.q..^c.w..D<.R.pS..q..6.OWQ

    C:\Users\user\Documents\EWZCVGNOWT\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\GIGIYTFFYT.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.792843524676093
    Encrypted:false
    SSDEEP:48:uQwiskEO3eYqEIxlRbJj6WpmZEPu0HzcVQC:u5kEOOYqFxl7LrumzcVQC
    MD5:B75CB80EF3777C603B0696293BC3F5D8
    SHA1:514AA98DA03805A383A8A11938438944FA078C0F
    SHA-256:DFEFC16042D561E9547232B33E6B7C3B43261C88616C290ED97170482F8AF988
    SHA-512:030811CC399D1B1B7C421A3AECCFFE2E8D41BC9ABCB5A0F664868E0B2B2F6F5C00012497C5D0CF1D40BE17DBB6CA5ED731F77F3816E6C12843C2FB6B3356A62F
    Malicious:false
    Preview:...U..R.......e....V..Dc/`....E.W......"e..m...4....WVh..b.L..+4rh#.0r7.......Dr...) .-.S*<......A..Rj.P...o..M....q..z...$.^.f.....r.hY...C..-d.o.^^U};=........>...M... ..o|..<...D.A...... Y...~.g..C........~....tq.....M!2.@`.Z.liy..'.1y.=.6..k]..;.2......P.....[%?_.`N.../.H...t;....o..NcR..B...G.VK^..a....J..<....hv^.5.l._6..'.....g.........R.....J.Z...KPi....f.u..9R......!h.......`.1.....1p..4UD\...,..=m..i...).Q...`;. ....0.l.}...N..}a..".h...=..../.p...Hy.......{.*_..Y+.....I...M.E.K..h...I....../..)N.w...d.......~i.: ......|..&..S'.0B......xdU..X;c.....'.3 3j.w..O..n.a.m..M....Ll.%..>..$w....W.V....~...qm.>.n.>.].....Q...NjQ.(..y3..pnNmh.|:................uk.f...<......0Kc.1YT.[..0..zZ.o.=....'.....SQe..3..k.GZ...E2...Fr{..W..4..................-..a..m-.*...8...3..)8H....*....f..1.O.++...Q..6$.\q!.d..XPD.o..G.x.{......X...<...f%\j<.8.$T.....@..s.~H...TS.x....../.P..?fy..t..|:..Tv%O.j..[...R%..M .i.u.}_...v.....W(.0..."../..4

    C:\Users\user\Documents\GLTYDMDUST.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7485864185403805
    Encrypted:false
    SSDEEP:48:jFL9Gm5bPTHv87JJp6Ev46WpmZEPu0HzcVQC:Zom5bPAsISrumzcVQC
    MD5:D67DBD4B1A50DF5E9C0B8E3A0D9EC61D
    SHA1:4E3A9E31B09553F56B48465A0FCCBA5E89CD76A4
    SHA-256:29A800A0C71E062684A9FC9B288FA7FC98970A255B14470A597ADE34AA67BC26
    SHA-512:765D5D6ECC349EF0424919051AFA2A394E5001D5CFD2C155EC58F44A8A098CC076A9E603A821FC7A2BB899FF2FE5B8ACF88B0DF84CE965C8A37C030FC02411B9
    Malicious:false
    Preview:...U..R.......e.u..:.OT.}...7.f....^&M.3..pH....K..B.;8(..A........'....."$.#..t..2(x5..'.`.M.h'........8KDkF(QE..s.j.......yvPo>..s^.2.)W.$1.).....$..4...,.:A.VV...%..Wd...p..(P...{.#;.s..9...Q._xs.....*...../ ....Y...v&H.9pI_".WQ{.Ep..eF{.gj........t_k....>;.6.X.I.<.e..kH.../..N..w..o[.Q.(..4.o%......pK.g(Q..]..6d.?g...J].G..(..q...mT.3k.X..gE....Y.Td...#.....a..{N9 .0.mz..`L.o..WO..q....nA.2!A.B9.~-............;?a..<.S...D.`9.m............V^.k...>.I]'.&........d..\.}zl.u.....@.+P*.A.b..hc..c.%t.}..0...j.Qg..s...$edH. `{.|.8.n..|....n.!.<1....tI.$.Y$]..Z.......~....rw......_s@.L.H..\?0T........i..$..+.....{.%..asTM.N.a.....D.#.Zc.^...-.....u..:.J.c..Z...C......K.K|...e.e..H...6h..5..+(..t.._V...O.`.Bp..K.cN%.|./.H,..l.%..<A...I.....T...4H.B/....U.$..A.5[...._.. .K..j.H.v1Bw.f.=.3.8.......Rk.......;e....S..3.}).Y..-*G..jj.|i.f.Vhj8.kp....Z.$s..[%.;......~..r.2,Ow...$....).....#...*....lcL..r)..9G.d.,u...a...Q...c"}`...c.UZ...

    C:\Users\user\Documents\GRXZDKKVDB.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.767795956690902
    Encrypted:false
    SSDEEP:48:5pMIpUeTH8JPh3dcmvMODb6WpmZEPu0HzcVQC:5pbgJPh3dLvZXrumzcVQC
    MD5:D073846A804EB02C743585B6EA8431C3
    SHA1:DB0E40BB947D839D9B09D07F78826EC2CF4B958A
    SHA-256:3300FD3FAF32B03380735D52AD6CA4398D3BDB1C948DAB9743AD48DE7C8F0E40
    SHA-512:4689CF413CFD57E9D508B9CD7038FE4B37CC1CF18D677450573DFC3C16F45A03C3CF51DDD929BE21F5F190358291460A1D106B3F81C795EFB56D0F5CFA9D73BF
    Malicious:false
    Preview:...U..R.......eS8P./....s(D.kB$._.]g*,.S...&....,?^3...%?.E..Q.!u...c..#.....J..YA.E".....;..,.5g...8..0,...;....cQ=vI.0x.7XX\.b7..U.T.(n...sH.<.. ...>.A{.F%.?F..^.I.O.UCE..$....2.9../D.a."PPt.|D.) .u>W.^........G......%2..j~a.......z..Wl...F...$.o....&l.....=./.3h~g...y2...3C......YD.\Yn.5....K.luv...Js. k.!......]Z..-.f3.q...N..Mp.t.1],..{x@/....Wt.......q@....zg...Z.n.H..C.G...6.z....+..<w..l...36a.0<.c..:.i....`F.@.h1.:.vI.......=Qn.Aruq......&.@.......O.KB..D..t%.......k.w...cS.U...K.eP~&,.{.g.p..w..-d..v..u.h.......<'02.b..X...H.a.I......T.....6d..7}..W......"...|a...}O..`...]..?j...=!aI..qe\....a\.V...Z^.Wa..%N9,r.+#%.A..oA.g`ya.0....|J]..I..S...Q.#..7U..3Y.m.KA../.o.c.=..'@. .1.....s.._.!Gb..u..Z`d.@....m.J..H....~....6B.p.....n.V.........Ck.- ..A......P.z.....]R`.Z..(J..=..Z.J..N....Z#Y..P:...:..#..+b..4.......L&...ot...5.).l:....r..n.......,..O.Tu...N.N.W8,....\..*x.G......."@.....R.H..z...&.fO...{z....$..X......I.1G(Zd.I.....Q.6./..:.

    C:\Users\user\Documents\GRXZDKKVDB\BJZFPPWAPT.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.764044431148043
    Encrypted:false
    SSDEEP:24:fflegJ+ZG4M/tNP7j+v/U4DsPZUBd7pmSgpwNWn6WFPmZXUP74+ip0l/eyPzcVDF:jJ+ZG4M/tpj4HUbV6WpmZEPu0HzcVQC
    MD5:6DF12405D5E269E6F8E412646476FD29
    SHA1:B51742733EAC82A8A2A3445BC4C82C818015C74A
    SHA-256:30E2CFB4018A7EC3905BB60BC2C4E35580550EB7538F1686CACAFACC6E1153AF
    SHA-512:E1129CE5093A878A0EE99ED365BFDECD6C003A468B2B822C54211674C2D3CA3FCEF08A9541ADDD35DEBD502D3E02A8304B44DD31EF99F11D30BF3D0A59CB1137
    Malicious:false
    Preview:...U..R.......e.TX..XM...|...._..BF.".j~q.Es.0.P.J.j2.ww..`ux...A.#.b?..j..g..Um./.^.....-*....m.........:..\f~.klp.....(.[;.`.X.A.?.w! P..d/.....6...,?b_.@.\....8y..<C....T...7...T.....U..4..j...k..=P.."EV.5;.}.$.s.w.).l..!oH....n...=n>5.+..,.P..;.k.....t.+..-.H..).^\4...1R..H...8j.].J.K..u`....A.....-.....J.{..".C...k..O.[4.m.2c.)..a.ea|....K..."0.IL.E^z.S.....3?....[<!.Q......Q{..C>.%m..<.X.S.2(......".H......o..8.{...~.....1..!.g.d...Ch.M._....,&......y...........}@.4o.1..b..y.G..N..X......I?...[[$..9-S....OO.m.,n.k...U..p.G.N#t..5....I...}o.jp.........r..&U.Y5...[..m.....4PM..k!;"w..-....A.....y.......Vu&2..S....P(.`.f MCTR..O.^.../f@./....5.4]q..F..R..O6\ .l.Rw.\....Q.Of.>....N..E.O.T...;g..k._.`.6[.....N...P..$/.U.....E.+......c*..*..:L.]N......D{{<d.)o...%.[u..n).G3..'../....~.C%F....rf.......i.b9H"n...........=:..J&..(.....v..XG5.H....z.mC...~t...t|.D..!./r1..)~...D......n8V[..(...6..Z.......;...hA..LD...7..A$Gd<.'..T.7..[..u.".e$J

    C:\Users\user\Documents\GRXZDKKVDB\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\GRXZDKKVDB\DUUDTUBZFW.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7654277994577265
    Encrypted:false
    SSDEEP:48:c9IYwzAIjm6RDb2HKbD8eXCf6WpmZEPu0HzcVQC:cSNnldIeS/rumzcVQC
    MD5:E552FBF65ABE186960E39A1DCD939460
    SHA1:52247DCD1EC977A48DCC7EB164DD44DECF1CA08D
    SHA-256:0BD6D232548E8C40789E5B63ACCFEFCA187A524BB6A92BA6EA731C7B13DA6D28
    SHA-512:81A00913C17C0B094F960A1EC539B5844234439346DEA98E6FE1096243CC2ECE096C150418EA7DEBEA11A7104EFDADEF95966EF0E3D8AEE79E522069BF05D473
    Malicious:false
    Preview:...U..R.......e.NU+.n_v...x..s..g......pT..P..HB.....K..`.&j.3.._t.*8..3I..$.HA....2.#...K...::.....tz..h.k..5.6e9k>r!%3...>.@S0@.L.G...PA..-..W....e.+.c.:XP.....T.T.....jk...,=`....4*..<.P$....3.....~.U..,....i..s1.,..........).u...h..Ve ....'..K..y{9..r......!..@.:...O......O.........P.._p....X...],.....%.^.rs...c...;...X......l...HHk}.5[.T.v..e.7. k.'U.'x.......'... r....Z.0q....=.....9.r.V).VN.....<..rvj.........O...$...;=.E....%..{]!cR.{-W .L.s....).:.Z?..6.........^.R.$G.n.-..Eh.1...`.X.../OA..B...K^0.P..).........|.d2.C.^Y...1......z)...it.1.....;g..il...`..9.-.........y...v`.kS.*..zP.70.....\.y..R..LC..e......C.&.q..gD-....+X.&p#f..H.....3...LOo.k..;s.4D.:.2.-.g..k.H.6...~....$ ..J)....^...:.....G9J.^Y' ..;.~.@/.C.P.T*Ds>(Fe*..|...a......?.f.".I.XP....eh....z...L.....g..q.da.~..&....=..gZ...IW@%#.w.S*........u.>.Kdj.:.,....>.8.=.RMC..p.........K..a.vI1.$.7...j......{F..@.....>~N.t....R..C..e_E.Q.v..=.>.5.@...$.......w.;.@?.@0xT.R

    C:\Users\user\Documents\GRXZDKKVDB\EOWRVPQCCS.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.724243907401696
    Encrypted:false
    SSDEEP:48:xS83U5jbNnkSTcCHjHW17k6WpmZEPu0HzcVQC:mECH7072rumzcVQC
    MD5:11DF8137AFA14EFBEC756370B30FD3A4
    SHA1:F01D5E1EBEA57A202274067756A9B7F0D2E006C1
    SHA-256:332C340A0F307AD4EA92773AA976C63E12BBC456BAAEE37050DB32A51FCCF35C
    SHA-512:B68E2D6A275648C2C661181358C4D964A5A58F870E191AD9B11CFCD4332252C628F0F64FC81B4758BDF0409983809A8E90ACB242ABEE289A31D6A669D62D1C46
    Malicious:false
    Preview:...U..R.......e.v\....9..I..abl].t.S..u.l.dM.....>.....ve....!8...F.[.....?'.sx:..?.;.o.%+.m..e.9B(..B..#..P..B..u...j=.).rR.F.N...G..A..Ij.k.m..<a&....9...l&.G.4'....o!.7..e<....)Z"@X8.P....cy.I.Z...-.M...a&%5.A:.|...u..u..W...4.v0n.k..m.../c..*p.(...P.r.%9...F.1.8.....(S...oj.]5_..2..{U............i[.._%4P..S..:..kAG.4..o;..%..k.guE.G...=?.9..4.m.q...>..S.....1.}..Q.S.....R1V~D..L.7dN[.x.IT.n.!.a..o.VF....n.........C*.T......V."-...Me...p..2...[...b ..I..a.8....>:[2...........-........T.BcjP...v2.s...:ml..>^.^S'e3..qm.......e.....w.@.8<..b..O.$..E-`.~l..B.J..C..I....1..2..o.......f5IM..ee..~.......B#"....#{.qy.t..G..@.($/..a8.f.."m..m]...e8iH..fa.s........>.........V.{.G..h.D......dL.}.y~....= ...0M...V...i.kY.0`.E....S...h..'..F...I..d....W.|.G.<.....6.{..3R.H.h.........u...B...*.......>..j6x.....#<g../k...w..4..X..)2.dlM.....q.o4g?....#....].c2U.W0...C.+i.:B..5.J.o..,F7I.9.1..ah.f|S...C.z..1....z}L....."l.`.`.3......Es....h.l...

    C:\Users\user\Documents\GRXZDKKVDB\GRXZDKKVDB.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.767795956690902
    Encrypted:false
    SSDEEP:48:5pMIpUeTH8JPh3dcmvMODb6WpmZEPu0HzcVQC:5pbgJPh3dLvZXrumzcVQC
    MD5:D073846A804EB02C743585B6EA8431C3
    SHA1:DB0E40BB947D839D9B09D07F78826EC2CF4B958A
    SHA-256:3300FD3FAF32B03380735D52AD6CA4398D3BDB1C948DAB9743AD48DE7C8F0E40
    SHA-512:4689CF413CFD57E9D508B9CD7038FE4B37CC1CF18D677450573DFC3C16F45A03C3CF51DDD929BE21F5F190358291460A1D106B3F81C795EFB56D0F5CFA9D73BF
    Malicious:false
    Preview:...U..R.......eS8P./....s(D.kB$._.]g*,.S...&....,?^3...%?.E..Q.!u...c..#.....J..YA.E".....;..,.5g...8..0,...;....cQ=vI.0x.7XX\.b7..U.T.(n...sH.<.. ...>.A{.F%.?F..^.I.O.UCE..$....2.9../D.a."PPt.|D.) .u>W.^........G......%2..j~a.......z..Wl...F...$.o....&l.....=./.3h~g...y2...3C......YD.\Yn.5....K.luv...Js. k.!......]Z..-.f3.q...N..Mp.t.1],..{x@/....Wt.......q@....zg...Z.n.H..C.G...6.z....+..<w..l...36a.0<.c..:.i....`F.@.h1.:.vI.......=Qn.Aruq......&.@.......O.KB..D..t%.......k.w...cS.U...K.eP~&,.{.g.p..w..-d..v..u.h.......<'02.b..X...H.a.I......T.....6d..7}..W......"...|a...}O..`...]..?j...=!aI..qe\....a\.V...Z^.Wa..%N9,r.+#%.A..oA.g`ya.0....|J]..I..S...Q.#..7U..3Y.m.KA../.o.c.=..'@. .1.....s.._.!Gb..u..Z`d.@....m.J..H....~....6B.p.....n.V.........Ck.- ..A......P.z.....]R`.Z..(J..=..Z.J..N....Z#Y..P:...:..#..+b..4.......L&...ot...5.).l:....r..n.......,..O.Tu...N.N.W8,....\..*x.G......."@.....R.H..z...&.fO...{z....$..X......I.1G(Zd.I.....Q.6./..:.

    C:\Users\user\Documents\GRXZDKKVDB\PALRGUCVEH.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.76477707498498
    Encrypted:false
    SSDEEP:48:k7Az8MXSEz9fWbElAqq08V6WpmZEPu0HzcVQC:kA8MXSifOE+bRrumzcVQC
    MD5:F24F701245A5979EEF214F868400C650
    SHA1:013C61540BF5DE45A6A53D676075B54FB92DE534
    SHA-256:38A94327CE23B4E540DDA90A2F0FCDD92DF6FAA729C71A99919D12516DB606AE
    SHA-512:4DF914591453541DAD3796014239D11C58E0FE71BF5152D5B78C575D9A87426DE84BFB9DAFD89D732D9C116666A8F481BA740E38C6E5571C28F0B7405B91829D
    Malicious:false
    Preview:...U..R.......e...7.V...(.v>..XQ.s`r.#..Vc..0....h%1..|....^....d.f......:Q...I.n.h.wUv...m*.<..E.......d.Vi..RNjp..#.....6Cb...K......... $...a...S-......V.]"y.oB....X.{. ...6.z.s......q6*G)HX.>Z....'.?.C[.L.,C.zi. ..Px.n..1o...X..p.}._:.6.iQHts..L...rc.J..R..Gb1.vr.Q^V8.2...`..Z..<..........MO.....G`M-. .....Q......X..8.K.......,...R..U...e(%.."....._...j..W..%!.d..j.b.0.d`..........!(]...uB...h.......z ...Xy.....6..6s..[R.b.b...............J./..O.F0p............8..O,.U.m*.D.%..jVf.*....ZJ..u..ea...J|.u.N.'.M..S.q......z".|..X..%.L.10..le..9....T.........y......r]..1.ef.o....p.AdB/.'....1...w.w....Z"hc..vH...../........v...,.....z...g@.....X.6..J."i..Q.?j......l.........%..`.....J.J..=.T~|...6.I......eH......J.....q8E...bPl3......{.s .....`w......h.<...9..,.{.&e...i......z\|.N......)5....>a..!c.q..'.jBh|.H..=.K...F..n.>j....y...K...ku.....=....1k&..g..T.'..M..*..^.'.l...J$.N....4.J.7P...CP....g}...EL...7...L.yq..;...h.A...n.

    C:\Users\user\Documents\GRXZDKKVDB\ZGGKNSUKOP.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.73186957212124
    Encrypted:false
    SSDEEP:48:HU9oQs+oJe721wnRmnlaje6WpmZEPu0HzcVQC:09+kUwn4lajkrumzcVQC
    MD5:978D5A8A3F58B8AE058F43019BB098E4
    SHA1:80D5F28330F0A1099F62F875F4C6233E43123CC4
    SHA-256:FF117EDFB4F10780F5DF5419A6D2E6E4F93A1D6B20A4D69A968CB7E8C9436E50
    SHA-512:04177F6E34FFDB7AE2DC942F2E54766F5BE2AE864FA7B352B05E41C5C4A04F65C1D5560DEE984F1B0C9FF3B6EE3EC70AC34498E8BEFF40EAD89A0F7CE61D7C68
    Malicious:false
    Preview:...U..R.......e#&.!..Wwa.P..>.8..sh...2P.Yz.rd..,...Lv\....I..d.C.1..._....t...}3..a.8'.4<.Z+v......1....J.3x...Z.{.N.....>7.Z.3@K.[...@.ee...8.O-............#....d\k..(...soK.(h.._...U..qw..[. .y<.#1..y.bB..<..V.D..+.O.>.........e.....K..z..#.D..?.W..mM.........zE2&.+F....%...FP...&6.X....a.I..p....ME.N........C.T?......[...uv..OVH.,g6..g..:9....y.tZ+1.p..;..I.gI.d....p.a.7p..V..P5...uv..st2.+>......z....q.sz......e......P.V1Hq.[.f4....z....s....h=....>..C|.<..P.._...2..F....n.F.E$..B..v.Y..~+.......i8...0y6..u..~....`.."...vUR.u,.!c..>ziOK...2.....H...XH("N\.@._..I.O...........s&..{...~....6#......d^..x&.$...;........}. .2.....8..fb.....;"..@0......Ze..I.T.ho..KCI. .u...WN5.A.?..+nm.uh.B..&?.4.d./.`...o.......q.^..^q~..P..@r.@....M.\....@..Y.#..O."Xg.I..."../.. v.hS..'O&)....$Y....$57@..z.7..^9|V#a....i.z..|...Ry.!.d.\2..L...+....X.~............s....G.@.(...Vf.o......]..x.,.`.........Sp....d.x...6&h&.j7..P(..6.8d.....L......N.I..

    C:\Users\user\Documents\JDDHMPCDUJ.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.760292195222222
    Encrypted:false
    SSDEEP:48:IPeNjaEtxNzWj3PzSr08FR4OpE6WpmZEPu0HzcVQC:Ye9tDW7uhwKWrumzcVQC
    MD5:BA87DE3BA58F9CF86EAB953C2254A0CB
    SHA1:F56FCC5A52CCE1A064B493A1A4EDD78C2E5D283B
    SHA-256:C1BD047558E8FD98BD219076A193CE68ECCBF878CB508C08605EE4DB130B0EAC
    SHA-512:E19B40FEC5EED30D753B252F1EA7D6A3C13FF1E40C044B37D739F420D56CDCF006FC2EBF9D07A7FA4CB6FC4D87E658F5F75DD835FCE7153AB4B2E046E64FF154
    Malicious:false
    Preview:...U..R.......e1..'a..%..zH._..........Ks......."..n..q.WM.J.!..[q@....XE_x.PF".,.'...O5q........`i1..}1.K7..`$EF....~.n..(^..Y.<Z..m.....Q;./.4.g.]....D...t...b..U....U}....]..1...S.ta.=.H..(.R?..zr\.{e-....6.d.J....]..qV-..B..~..`....`.x7.=.......xF=.9V..2]5..<qk.{...+.J%}........ .|.v\..nG<..Dr?..!..s...b.S(Z1..H.=P....*.,.......d.N.N4..]\s.q1........j.W..Nu.j5..-.....8.....3.y...T...r9.rN..h8Y'~.e....../'#.......k..%..Q..d......f.h~Pp[..W.<.D.2#Z..G. .Y.+9G...'......=6...HU ....C.......`<.=.C..A..d.........%c..K.s.4.dD}...Y..g{yK.Ji<..,....to.....L.d.#]#...1.,.....H..Ts..L...F.e/.T.z....3....(E.K.C.i.{.x')...G..l3.,..?.(.R<].TNv....JmuN....umQ..>.7......B.U...qo..U....6..........[q....&...+t.).M...'.h-....=.F.u...-..d!..4a/....8..k....3...*..#.#n|.......c(.]+...,dRp..Pt...........P.b.e~}!...,.....Eq..O?J}I.n..6..o....H.iX.`...9*h....{.....N.NAW.x|(.`[..+...,.9...m+.C...r..}.~.bu...0.r.:..;...X.M.m..}...TO.()n*E...O3G...h............

    C:\Users\user\Documents\JDDHMPCDUJ.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.760292195222222
    Encrypted:false
    SSDEEP:48:IPeNjaEtxNzWj3PzSr08FR4OpE6WpmZEPu0HzcVQC:Ye9tDW7uhwKWrumzcVQC
    MD5:BA87DE3BA58F9CF86EAB953C2254A0CB
    SHA1:F56FCC5A52CCE1A064B493A1A4EDD78C2E5D283B
    SHA-256:C1BD047558E8FD98BD219076A193CE68ECCBF878CB508C08605EE4DB130B0EAC
    SHA-512:E19B40FEC5EED30D753B252F1EA7D6A3C13FF1E40C044B37D739F420D56CDCF006FC2EBF9D07A7FA4CB6FC4D87E658F5F75DD835FCE7153AB4B2E046E64FF154
    Malicious:false
    Preview:...U..R.......e1..'a..%..zH._..........Ks......."..n..q.WM.J.!..[q@....XE_x.PF".,.'...O5q........`i1..}1.K7..`$EF....~.n..(^..Y.<Z..m.....Q;./.4.g.]....D...t...b..U....U}....]..1...S.ta.=.H..(.R?..zr\.{e-....6.d.J....]..qV-..B..~..`....`.x7.=.......xF=.9V..2]5..<qk.{...+.J%}........ .|.v\..nG<..Dr?..!..s...b.S(Z1..H.=P....*.,.......d.N.N4..]\s.q1........j.W..Nu.j5..-.....8.....3.y...T...r9.rN..h8Y'~.e....../'#.......k..%..Q..d......f.h~Pp[..W.<.D.2#Z..G. .Y.+9G...'......=6...HU ....C.......`<.=.C..A..d.........%c..K.s.4.dD}...Y..g{yK.Ji<..,....to.....L.d.#]#...1.,.....H..Ts..L...F.e/.T.z....3....(E.K.C.i.{.x')...G..l3.,..?.(.R<].TNv....JmuN....umQ..>.7......B.U...qo..U....6..........[q....&...+t.).M...'.h-....=.F.u...-..d!..4a/....8..k....3...*..#.#n|.......c(.]+...,dRp..Pt...........P.b.e~}!...,.....Eq..O?J}I.n..6..o....H.iX.`...9*h....{.....N.NAW.x|(.`[..+...,.9...m+.C...r..}.~.bu...0.r.:..;...X.M.m..}...TO.()n*E...O3G...h............

    C:\Users\user\Documents\KLIZUSIQEN.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.754575367528431
    Encrypted:false
    SSDEEP:48:0sWUeYWXXVmxEt9Zl6y8M6T6WpmZEPu0HzcVQC:/WUNUVgc96y6rumzcVQC
    MD5:52677DE722E4E159370684E191E32E12
    SHA1:CCCF8A5CCF9738544DC912285D2E0260C2B0747B
    SHA-256:F254F63ABC81C75CB509F829AEEEE8B8B6BA69D697C7EABC9DDE065AAE57D861
    SHA-512:56ED59915CE72F148392ED528AE3758CCB0037F7E030AE68FEA6217910392533D2B55D8D95E2FAE641A76148B85510492910F5935923489C2FD46662CE4D5082
    Malicious:false
    Preview:...U..R.......e..9..-..=[\...A`n?.6.#{Z.;.R.a.(x)..@...b.lj..z.d.e..Z.W.+...v.]>.........[..R......]...6].`..zF.;.....@a-u#.s!..{...+....j.....Y....._..$7......V...]m..,..8...%[...4.r;.BS../....*.*'..u.......6.A..6..&_)..AU%..........m.ZE......4O.Yt......y....(....,.S....Tn...l._.T...p8...].rS..m.#.1.Bs.Z...i....X.P^.@...a.&.^...I.3Fm.X....].U*5d'rS.c...s.iR..T.*....1....v.b..3R~...RYu.....C..).f ......o8.mC.6...........ZkT,W..?.....e.*.6...."D...P.X..or.7....[>.....8..........u...t.]...k....O...R.iH..1..f....U.F">..H=..a...2...~.qtVBsf..W...f9.+........Z.F.70.i.'.BW...<@..y%Y..\..p.D.dG("_X.....b.YA.a.@.?......5A]..N....4..).i..\.e..1.77.......I.eI..%........%:i...Ut....l"w!..,..y.%k{."qV...[...di....bG...}...S..-..tIc....2...l..(.:v.e...@...t%v.k....q..+z6..;.......+:.c*..t #..2.g..T....3..x...q.k........?T=...Z..:...w......g.;..E.M..r....|.d>$!...ott`...B.....T|..J....E......].`t.3$.Y..K...v}.....k_[.P..%.?;b. ....t.....3.H.....H>L...F.

    C:\Users\user\Documents\LIJDSFKJZG\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\NWCXBPIUYI\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\NYMMPCEIMA\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\PALRGUCVEH.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.76477707498498
    Encrypted:false
    SSDEEP:48:k7Az8MXSEz9fWbElAqq08V6WpmZEPu0HzcVQC:kA8MXSifOE+bRrumzcVQC
    MD5:F24F701245A5979EEF214F868400C650
    SHA1:013C61540BF5DE45A6A53D676075B54FB92DE534
    SHA-256:38A94327CE23B4E540DDA90A2F0FCDD92DF6FAA729C71A99919D12516DB606AE
    SHA-512:4DF914591453541DAD3796014239D11C58E0FE71BF5152D5B78C575D9A87426DE84BFB9DAFD89D732D9C116666A8F481BA740E38C6E5571C28F0B7405B91829D
    Malicious:false
    Preview:...U..R.......e...7.V...(.v>..XQ.s`r.#..Vc..0....h%1..|....^....d.f......:Q...I.n.h.wUv...m*.<..E.......d.Vi..RNjp..#.....6Cb...K......... $...a...S-......V.]"y.oB....X.{. ...6.z.s......q6*G)HX.>Z....'.?.C[.L.,C.zi. ..Px.n..1o...X..p.}._:.6.iQHts..L...rc.J..R..Gb1.vr.Q^V8.2...`..Z..<..........MO.....G`M-. .....Q......X..8.K.......,...R..U...e(%.."....._...j..W..%!.d..j.b.0.d`..........!(]...uB...h.......z ...Xy.....6..6s..[R.b.b...............J./..O.F0p............8..O,.U.m*.D.%..jVf.*....ZJ..u..ea...J|.u.N.'.M..S.q......z".|..X..%.L.10..le..9....T.........y......r]..1.ef.o....p.AdB/.'....1...w.w....Z"hc..vH...../........v...,.....z...g@.....X.6..J."i..Q.?j......l.........%..`.....J.J..=.T~|...6.I......eH......J.....q8E...bPl3......{.s .....`w......h.<...9..,.{.&e...i......z\|.N......)5....>a..!c.q..'.jBh|.H..=.K...F..n.>j....y...K...ku.....=....1k&..g..T.'..M..*..^.'.l...J$.N....4.J.7P...CP....g}...EL...7...L.yq..;...h.A...n.

    C:\Users\user\Documents\PALRGUCVEH.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.76477707498498
    Encrypted:false
    SSDEEP:48:k7Az8MXSEz9fWbElAqq08V6WpmZEPu0HzcVQC:kA8MXSifOE+bRrumzcVQC
    MD5:F24F701245A5979EEF214F868400C650
    SHA1:013C61540BF5DE45A6A53D676075B54FB92DE534
    SHA-256:38A94327CE23B4E540DDA90A2F0FCDD92DF6FAA729C71A99919D12516DB606AE
    SHA-512:4DF914591453541DAD3796014239D11C58E0FE71BF5152D5B78C575D9A87426DE84BFB9DAFD89D732D9C116666A8F481BA740E38C6E5571C28F0B7405B91829D
    Malicious:false
    Preview:...U..R.......e...7.V...(.v>..XQ.s`r.#..Vc..0....h%1..|....^....d.f......:Q...I.n.h.wUv...m*.<..E.......d.Vi..RNjp..#.....6Cb...K......... $...a...S-......V.]"y.oB....X.{. ...6.z.s......q6*G)HX.>Z....'.?.C[.L.,C.zi. ..Px.n..1o...X..p.}._:.6.iQHts..L...rc.J..R..Gb1.vr.Q^V8.2...`..Z..<..........MO.....G`M-. .....Q......X..8.K.......,...R..U...e(%.."....._...j..W..%!.d..j.b.0.d`..........!(]...uB...h.......z ...Xy.....6..6s..[R.b.b...............J./..O.F0p............8..O,.U.m*.D.%..jVf.*....ZJ..u..ea...J|.u.N.'.M..S.q......z".|..X..%.L.10..le..9....T.........y......r]..1.ef.o....p.AdB/.'....1...w.w....Z"hc..vH...../........v...,.....z...g@.....X.6..J."i..Q.?j......l.........%..`.....J.J..=.T~|...6.I......eH......J.....q8E...bPl3......{.s .....`w......h.<...9..,.{.&e...i......z\|.N......)5....>a..!c.q..'.jBh|.H..=.K...F..n.>j....y...K...ku.....=....1k&..g..T.'..M..*..^.'.l...J$.N....4.J.7P...CP....g}...EL...7...L.yq..;...h.A...n.

    C:\Users\user\Documents\PALRGUCVEH\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.792843524676093
    Encrypted:false
    SSDEEP:48:uQwiskEO3eYqEIxlRbJj6WpmZEPu0HzcVQC:u5kEOOYqFxl7LrumzcVQC
    MD5:B75CB80EF3777C603B0696293BC3F5D8
    SHA1:514AA98DA03805A383A8A11938438944FA078C0F
    SHA-256:DFEFC16042D561E9547232B33E6B7C3B43261C88616C290ED97170482F8AF988
    SHA-512:030811CC399D1B1B7C421A3AECCFFE2E8D41BC9ABCB5A0F664868E0B2B2F6F5C00012497C5D0CF1D40BE17DBB6CA5ED731F77F3816E6C12843C2FB6B3356A62F
    Malicious:false
    Preview:...U..R.......e....V..Dc/`....E.W......"e..m...4....WVh..b.L..+4rh#.0r7.......Dr...) .-.S*<......A..Rj.P...o..M....q..z...$.^.f.....r.hY...C..-d.o.^^U};=........>...M... ..o|..<...D.A...... Y...~.g..C........~....tq.....M!2.@`.Z.liy..'.1y.=.6..k]..;.2......P.....[%?_.`N.../.H...t;....o..NcR..B...G.VK^..a....J..<....hv^.5.l._6..'.....g.........R.....J.Z...KPi....f.u..9R......!h.......`.1.....1p..4UD\...,..=m..i...).Q...`;. ....0.l.}...N..}a..".h...=..../.p...Hy.......{.*_..Y+.....I...M.E.K..h...I....../..)N.w...d.......~i.: ......|..&..S'.0B......xdU..X;c.....'.3 3j.w..O..n.a.m..M....Ll.%..>..$w....W.V....~...qm.>.n.>.].....Q...NjQ.(..y3..pnNmh.|:................uk.f...<......0Kc.1YT.[..0..zZ.o.=....'.....SQe..3..k.GZ...E2...Fr{..W..4..................-..a..m-.*...8...3..)8H....*....f..1.O.++...Q..6$.\q!.d..XPD.o..G.x.{......X...<...f%\j<.8.$T.....@..s.~H...TS.x....../.P..?fy..t..|:..Tv%O.j..[...R%..M .i.u.}_...v.....W(.0..."../..4

    C:\Users\user\Documents\PALRGUCVEH\GLTYDMDUST.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7485864185403805
    Encrypted:false
    SSDEEP:48:jFL9Gm5bPTHv87JJp6Ev46WpmZEPu0HzcVQC:Zom5bPAsISrumzcVQC
    MD5:D67DBD4B1A50DF5E9C0B8E3A0D9EC61D
    SHA1:4E3A9E31B09553F56B48465A0FCCBA5E89CD76A4
    SHA-256:29A800A0C71E062684A9FC9B288FA7FC98970A255B14470A597ADE34AA67BC26
    SHA-512:765D5D6ECC349EF0424919051AFA2A394E5001D5CFD2C155EC58F44A8A098CC076A9E603A821FC7A2BB899FF2FE5B8ACF88B0DF84CE965C8A37C030FC02411B9
    Malicious:false
    Preview:...U..R.......e.u..:.OT.}...7.f....^&M.3..pH....K..B.;8(..A........'....."$.#..t..2(x5..'.`.M.h'........8KDkF(QE..s.j.......yvPo>..s^.2.)W.$1.).....$..4...,.:A.VV...%..Wd...p..(P...{.#;.s..9...Q._xs.....*...../ ....Y...v&H.9pI_".WQ{.Ep..eF{.gj........t_k....>;.6.X.I.<.e..kH.../..N..w..o[.Q.(..4.o%......pK.g(Q..]..6d.?g...J].G..(..q...mT.3k.X..gE....Y.Td...#.....a..{N9 .0.mz..`L.o..WO..q....nA.2!A.B9.~-............;?a..<.S...D.`9.m............V^.k...>.I]'.&........d..\.}zl.u.....@.+P*.A.b..hc..c.%t.}..0...j.Qg..s...$edH. `{.|.8.n..|....n.!.<1....tI.$.Y$]..Z.......~....rw......_s@.L.H..\?0T........i..$..+.....{.%..asTM.N.a.....D.#.Zc.^...-.....u..:.J.c..Z...C......K.K|...e.e..H...6h..5..+(..t.._V...O.`.Bp..K.cN%.|./.H,..l.%..<A...I.....T...4H.B/....U.$..A.5[...._.. .K..j.H.v1Bw.f.=.3.8.......Rk.......;e....S..3.}).Y..-*G..jj.|i.f.Vhj8.kp....Z.$s..[%.;......~..r.2,Ow...$....).....#...*....lcL..r)..9G.d.,u...a...Q...c"}`...c.UZ...

    C:\Users\user\Documents\PALRGUCVEH\JDDHMPCDUJ.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.760292195222222
    Encrypted:false
    SSDEEP:48:IPeNjaEtxNzWj3PzSr08FR4OpE6WpmZEPu0HzcVQC:Ye9tDW7uhwKWrumzcVQC
    MD5:BA87DE3BA58F9CF86EAB953C2254A0CB
    SHA1:F56FCC5A52CCE1A064B493A1A4EDD78C2E5D283B
    SHA-256:C1BD047558E8FD98BD219076A193CE68ECCBF878CB508C08605EE4DB130B0EAC
    SHA-512:E19B40FEC5EED30D753B252F1EA7D6A3C13FF1E40C044B37D739F420D56CDCF006FC2EBF9D07A7FA4CB6FC4D87E658F5F75DD835FCE7153AB4B2E046E64FF154
    Malicious:false
    Preview:...U..R.......e1..'a..%..zH._..........Ks......."..n..q.WM.J.!..[q@....XE_x.PF".,.'...O5q........`i1..}1.K7..`$EF....~.n..(^..Y.<Z..m.....Q;./.4.g.]....D...t...b..U....U}....]..1...S.ta.=.H..(.R?..zr\.{e-....6.d.J....]..qV-..B..~..`....`.x7.=.......xF=.9V..2]5..<qk.{...+.J%}........ .|.v\..nG<..Dr?..!..s...b.S(Z1..H.=P....*.,.......d.N.N4..]\s.q1........j.W..Nu.j5..-.....8.....3.y...T...r9.rN..h8Y'~.e....../'#.......k..%..Q..d......f.h~Pp[..W.<.D.2#Z..G. .Y.+9G...'......=6...HU ....C.......`<.=.C..A..d.........%c..K.s.4.dD}...Y..g{yK.Ji<..,....to.....L.d.#]#...1.,.....H..Ts..L...F.e/.T.z....3....(E.K.C.i.{.x')...G..l3.,..?.(.R<].TNv....JmuN....umQ..>.7......B.U...qo..U....6..........[q....&...+t.).M...'.h-....=.F.u...-..d!..4a/....8..k....3...*..#.#n|.......c(.]+...,dRp..Pt...........P.b.e~}!...,.....Eq..O?J}I.n..6..o....H.iX.`...9*h....{.....N.NAW.x|(.`[..+...,.9...m+.C...r..}.~.bu...0.r.:..;...X.M.m..}...TO.()n*E...O3G...h............

    C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.76477707498498
    Encrypted:false
    SSDEEP:48:k7Az8MXSEz9fWbElAqq08V6WpmZEPu0HzcVQC:kA8MXSifOE+bRrumzcVQC
    MD5:F24F701245A5979EEF214F868400C650
    SHA1:013C61540BF5DE45A6A53D676075B54FB92DE534
    SHA-256:38A94327CE23B4E540DDA90A2F0FCDD92DF6FAA729C71A99919D12516DB606AE
    SHA-512:4DF914591453541DAD3796014239D11C58E0FE71BF5152D5B78C575D9A87426DE84BFB9DAFD89D732D9C116666A8F481BA740E38C6E5571C28F0B7405B91829D
    Malicious:false
    Preview:...U..R.......e...7.V...(.v>..XQ.s`r.#..Vc..0....h%1..|....^....d.f......:Q...I.n.h.wUv...m*.<..E.......d.Vi..RNjp..#.....6Cb...K......... $...a...S-......V.]"y.oB....X.{. ...6.z.s......q6*G)HX.>Z....'.?.C[.L.,C.zi. ..Px.n..1o...X..p.}._:.6.iQHts..L...rc.J..R..Gb1.vr.Q^V8.2...`..Z..<..........MO.....G`M-. .....Q......X..8.K.......,...R..U...e(%.."....._...j..W..%!.d..j.b.0.d`..........!(]...uB...h.......z ...Xy.....6..6s..[R.b.b...............J./..O.F0p............8..O,.U.m*.D.%..jVf.*....ZJ..u..ea...J|.u.N.'.M..S.q......z".|..X..%.L.10..le..9....T.........y......r]..1.ef.o....p.AdB/.'....1...w.w....Z"hc..vH...../........v...,.....z...g@.....X.6..J."i..Q.?j......l.........%..`.....J.J..=.T~|...6.I......eH......J.....q8E...bPl3......{.s .....`w......h.<...9..,.{.&e...i......z\|.N......)5....>a..!c.q..'.jBh|.H..=.K...F..n.>j....y...K...ku.....=....1k&..g..T.'..M..*..^.'.l...J$.N....4.J.7P...CP....g}...EL...7...L.yq..;...h.A...n.

    C:\Users\user\Documents\PALRGUCVEH\ZGGKNSUKOP.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.73186957212124
    Encrypted:false
    SSDEEP:48:HU9oQs+oJe721wnRmnlaje6WpmZEPu0HzcVQC:09+kUwn4lajkrumzcVQC
    MD5:978D5A8A3F58B8AE058F43019BB098E4
    SHA1:80D5F28330F0A1099F62F875F4C6233E43123CC4
    SHA-256:FF117EDFB4F10780F5DF5419A6D2E6E4F93A1D6B20A4D69A968CB7E8C9436E50
    SHA-512:04177F6E34FFDB7AE2DC942F2E54766F5BE2AE864FA7B352B05E41C5C4A04F65C1D5560DEE984F1B0C9FF3B6EE3EC70AC34498E8BEFF40EAD89A0F7CE61D7C68
    Malicious:false
    Preview:...U..R.......e#&.!..Wwa.P..>.8..sh...2P.Yz.rd..,...Lv\....I..d.C.1..._....t...}3..a.8'.4<.Z+v......1....J.3x...Z.{.N.....>7.Z.3@K.[...@.ee...8.O-............#....d\k..(...soK.(h.._...U..qw..[. .y<.#1..y.bB..<..V.D..+.O.>.........e.....K..z..#.D..?.W..mM.........zE2&.+F....%...FP...&6.X....a.I..p....ME.N........C.T?......[...uv..OVH.,g6..g..:9....y.tZ+1.p..;..I.gI.d....p.a.7p..V..P5...uv..st2.+>......z....q.sz......e......P.V1Hq.[.f4....z....s....h=....>..C|.<..P.._...2..F....n.F.E$..B..v.Y..~+.......i8...0y6..u..~....`.."...vUR.u,.!c..>ziOK...2.....H...XH("N\.@._..I.O...........s&..{...~....6#......d^..x&.$...;........}. .2.....8..fb.....;"..@0......Ze..I.T.ho..KCI. .u...WN5.A.?..+nm.uh.B..&?.4.d./.`...o.......q.^..^q~..P..@r.@....M.\....@..Y.#..O."Xg.I..."../.. v.hS..'O&)....$Y....$57@..z.7..^9|V#a....i.z..|...Ry.!.d.\2..L...+....X.~............s....G.@.(...Vf.o......]..x.,.`.........Sp....d.x...6&h&.j7..P(..6.8d.....L......N.I..

    C:\Users\user\Documents\PALRGUCVEH\ZIPXYXWIOY.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7811750925408685
    Encrypted:false
    SSDEEP:48:9uEnVBUcJgdKIo0eUNQg16WpmZEPu0HzcVQC:9TVeDKIo0eirumzcVQC
    MD5:1DEEBFF9FEDC837C110CC62B7D35905E
    SHA1:721D3815703B75DA94D854B7FB56C6F6AB0EF903
    SHA-256:23B73F4109AE34C38FE274B7A03FCC53B66C29F276C9E651162125351612EDB1
    SHA-512:F82F3BE20A397AB1E2B735683492B8CE648A950431E1B97795FBC81DCDB6AC9FC817C4C3A38024DCC490C0AF5845CF8844910118577B111245177E1B063AF3F9
    Malicious:false
    Preview:...U..R.......e..y.. .j..M/&...4......-...<....f...."....<..U.iIRI.>q-.4.....u8=c.`>..'.vT...0k&P7W.3... ..B.L...fp..!.s...,Xp...-9..q{A....!..X.9....!f.A_................<..F...#.....L...&...^...?\Z.6.b../...D.....c..h.Z^......+zs.Pp.0K ..G.V..g5k...]..}..y......P.b.i.X..B]....M..s.U.k....#}.<(..&.USu..#r..8.v.%0P.=.+.S.u......e...C{...ipeE.9,._q..'.)......%e!../..1k~...S.`..#w`.....gT/H*.a.'.VDz...3......An.y....=.....#...~-.x..ce.{.......!.@..9".)r.......X..?f.B..o..,NII..iGnd.....R.Gjb?y....z.+.,...O[..o...r_c.v*...../L.....`.7.......T....I..)n.;..+...F.dG......:]./......6QlH_W.:..H...E*..o....;L.A%].~....?..:...2&.u..<.x..!..}..u...W.4.?.a....}....4 .t4.h<..<&.-...A...v.......h......s..]...PzdcN.!b_s.2.p^L....SkQ.{O..B..mmS.j.K.w /dQ.4....M..@..X..S.~........YA.K.......<..V3.K....]d...nJ.E..J..e....,..}.w...a....r..qc....';.P..(o.....Q........O.4.V_..{...7u.......N....G.......W.IZ........ ...7.....h.&..}O)..%....jF.\G..U.....]{...;._....\

    C:\Users\user\Documents\VWDFPKGDUF\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Documents\ZGGKNSUKOP.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.73186957212124
    Encrypted:false
    SSDEEP:48:HU9oQs+oJe721wnRmnlaje6WpmZEPu0HzcVQC:09+kUwn4lajkrumzcVQC
    MD5:978D5A8A3F58B8AE058F43019BB098E4
    SHA1:80D5F28330F0A1099F62F875F4C6233E43123CC4
    SHA-256:FF117EDFB4F10780F5DF5419A6D2E6E4F93A1D6B20A4D69A968CB7E8C9436E50
    SHA-512:04177F6E34FFDB7AE2DC942F2E54766F5BE2AE864FA7B352B05E41C5C4A04F65C1D5560DEE984F1B0C9FF3B6EE3EC70AC34498E8BEFF40EAD89A0F7CE61D7C68
    Malicious:false
    Preview:...U..R.......e#&.!..Wwa.P..>.8..sh...2P.Yz.rd..,...Lv\....I..d.C.1..._....t...}3..a.8'.4<.Z+v......1....J.3x...Z.{.N.....>7.Z.3@K.[...@.ee...8.O-............#....d\k..(...soK.(h.._...U..qw..[. .y<.#1..y.bB..<..V.D..+.O.>.........e.....K..z..#.D..?.W..mM.........zE2&.+F....%...FP...&6.X....a.I..p....ME.N........C.T?......[...uv..OVH.,g6..g..:9....y.tZ+1.p..;..I.gI.d....p.a.7p..V..P5...uv..st2.+>......z....q.sz......e......P.V1Hq.[.f4....z....s....h=....>..C|.<..P.._...2..F....n.F.E$..B..v.Y..~+.......i8...0y6..u..~....`.."...vUR.u,.!c..>ziOK...2.....H...XH("N\.@._..I.O...........s&..{...~....6#......d^..x&.$...;........}. .2.....8..fb.....;"..@0......Ze..I.T.ho..KCI. .u...WN5.A.?..+nm.uh.B..&?.4.d./.`...o.......q.^..^q~..P..@r.@....M.\....@..Y.#..O."Xg.I..."../.. v.hS..'O&)....$Y....$57@..z.7..^9|V#a....i.z..|...Ry.!.d.\2..L...+....X.~............s....G.@.(...Vf.o......]..x.,.`.........Sp....d.x...6&h&.j7..P(..6.8d.....L......N.I..

    C:\Users\user\Documents\ZGGKNSUKOP.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.73186957212124
    Encrypted:false
    SSDEEP:48:HU9oQs+oJe721wnRmnlaje6WpmZEPu0HzcVQC:09+kUwn4lajkrumzcVQC
    MD5:978D5A8A3F58B8AE058F43019BB098E4
    SHA1:80D5F28330F0A1099F62F875F4C6233E43123CC4
    SHA-256:FF117EDFB4F10780F5DF5419A6D2E6E4F93A1D6B20A4D69A968CB7E8C9436E50
    SHA-512:04177F6E34FFDB7AE2DC942F2E54766F5BE2AE864FA7B352B05E41C5C4A04F65C1D5560DEE984F1B0C9FF3B6EE3EC70AC34498E8BEFF40EAD89A0F7CE61D7C68
    Malicious:false
    Preview:...U..R.......e#&.!..Wwa.P..>.8..sh...2P.Yz.rd..,...Lv\....I..d.C.1..._....t...}3..a.8'.4<.Z+v......1....J.3x...Z.{.N.....>7.Z.3@K.[...@.ee...8.O-............#....d\k..(...soK.(h.._...U..qw..[. .y<.#1..y.bB..<..V.D..+.O.>.........e.....K..z..#.D..?.W..mM.........zE2&.+F....%...FP...&6.X....a.I..p....ME.N........C.T?......[...uv..OVH.,g6..g..:9....y.tZ+1.p..;..I.gI.d....p.a.7p..V..P5...uv..st2.+>......z....q.sz......e......P.V1Hq.[.f4....z....s....h=....>..C|.<..P.._...2..F....n.F.E$..B..v.Y..~+.......i8...0y6..u..~....`.."...vUR.u,.!c..>ziOK...2.....H...XH("N\.@._..I.O...........s&..{...~....6#......d^..x&.$...;........}. .2.....8..fb.....;"..@0......Ze..I.T.ho..KCI. .u...WN5.A.?..+nm.uh.B..&?.4.d./.`...o.......q.^..^q~..P..@r.@....M.\....@..Y.#..O."Xg.I..."../.. v.hS..'O&)....$Y....$57@..z.7..^9|V#a....i.z..|...Ry.!.d.\2..L...+....X.~............s....G.@.(...Vf.o......]..x.,.`.........Sp....d.x...6&h&.j7..P(..6.8d.....L......N.I..

    C:\Users\user\Documents\ZGGKNSUKOP.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.73186957212124
    Encrypted:false
    SSDEEP:48:HU9oQs+oJe721wnRmnlaje6WpmZEPu0HzcVQC:09+kUwn4lajkrumzcVQC
    MD5:978D5A8A3F58B8AE058F43019BB098E4
    SHA1:80D5F28330F0A1099F62F875F4C6233E43123CC4
    SHA-256:FF117EDFB4F10780F5DF5419A6D2E6E4F93A1D6B20A4D69A968CB7E8C9436E50
    SHA-512:04177F6E34FFDB7AE2DC942F2E54766F5BE2AE864FA7B352B05E41C5C4A04F65C1D5560DEE984F1B0C9FF3B6EE3EC70AC34498E8BEFF40EAD89A0F7CE61D7C68
    Malicious:false
    Preview:...U..R.......e#&.!..Wwa.P..>.8..sh...2P.Yz.rd..,...Lv\....I..d.C.1..._....t...}3..a.8'.4<.Z+v......1....J.3x...Z.{.N.....>7.Z.3@K.[...@.ee...8.O-............#....d\k..(...soK.(h.._...U..qw..[. .y<.#1..y.bB..<..V.D..+.O.>.........e.....K..z..#.D..?.W..mM.........zE2&.+F....%...FP...&6.X....a.I..p....ME.N........C.T?......[...uv..OVH.,g6..g..:9....y.tZ+1.p..;..I.gI.d....p.a.7p..V..P5...uv..st2.+>......z....q.sz......e......P.V1Hq.[.f4....z....s....h=....>..C|.<..P.._...2..F....n.F.E$..B..v.Y..~+.......i8...0y6..u..~....`.."...vUR.u,.!c..>ziOK...2.....H...XH("N\.@._..I.O...........s&..{...~....6#......d^..x&.$...;........}. .2.....8..fb.....;"..@0......Ze..I.T.ho..KCI. .u...WN5.A.?..+nm.uh.B..&?.4.d./.`...o.......q.^..^q~..P..@r.@....M.\....@..Y.#..O."Xg.I..."../.. v.hS..'O&)....$Y....$57@..z.7..^9|V#a....i.z..|...Ry.!.d.\2..L...+....X.~............s....G.@.(...Vf.o......]..x.,.`.........Sp....d.x...6&h&.j7..P(..6.8d.....L......N.I..

    C:\Users\user\Documents\ZIPXYXWIOY.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7811750925408685
    Encrypted:false
    SSDEEP:48:9uEnVBUcJgdKIo0eUNQg16WpmZEPu0HzcVQC:9TVeDKIo0eirumzcVQC
    MD5:1DEEBFF9FEDC837C110CC62B7D35905E
    SHA1:721D3815703B75DA94D854B7FB56C6F6AB0EF903
    SHA-256:23B73F4109AE34C38FE274B7A03FCC53B66C29F276C9E651162125351612EDB1
    SHA-512:F82F3BE20A397AB1E2B735683492B8CE648A950431E1B97795FBC81DCDB6AC9FC817C4C3A38024DCC490C0AF5845CF8844910118577B111245177E1B063AF3F9
    Malicious:false
    Preview:...U..R.......e..y.. .j..M/&...4......-...<....f...."....<..U.iIRI.>q-.4.....u8=c.`>..'.vT...0k&P7W.3... ..B.L...fp..!.s...,Xp...-9..q{A....!..X.9....!f.A_................<..F...#.....L...&...^...?\Z.6.b../...D.....c..h.Z^......+zs.Pp.0K ..G.V..g5k...]..}..y......P.b.i.X..B]....M..s.U.k....#}.<(..&.USu..#r..8.v.%0P.=.+.S.u......e...C{...ipeE.9,._q..'.)......%e!../..1k~...S.`..#w`.....gT/H*.a.'.VDz...3......An.y....=.....#...~-.x..ce.{.......!.@..9".)r.......X..?f.B..o..,NII..iGnd.....R.Gjb?y....z.+.,...O[..o...r_c.v*...../L.....`.7.......T....I..)n.;..+...F.dG......:]./......6QlH_W.:..H...E*..o....;L.A%].~....?..:...2&.u..<.x..!..}..u...W.4.?.a....}....4 .t4.h<..<&.-...A...v.......h......s..]...PzdcN.!b_s.2.p^L....SkQ.{O..B..mmS.j.K.w /dQ.4....M..@..X..S.~........YA.K.......<..V3.K....]d...nJ.E..J..e....,..}.w...a....r..qc....';.P..(o.....Q........O.4.V_..{...7u.......N....G.......W.IZ........ ...7.....h.&..}O)..%....jF.\G..U.....]{...;._....\

    C:\Users\user\Documents\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1468
    Entropy (8bit):5.791548737309277
    Encrypted:false
    SSDEEP:24:zyrEIt3+ZlFow/8XlrFlzNj+42dWAQT7kOeA3Df6wvWo9aGGSsDp9fWATzbN9:zi1EMxo4oQT77eoDJW2vsvfWuZ9
    MD5:69A59FC1CB1B83EE1D261FDB49FDEB9D
    SHA1:E34C5B3202A371126DDF14D568155D86257109F8
    SHA-256:5E5DDF7EE9BE074F94D1EDCFEE72703EA70E1DBA07033040E04E93394D014B0A
    SHA-512:DA16A49B61146F06127E146BFDB3247D876E69533259EEAE76FEF7651FA17EDF7A68DF54816DB5CC4536246FFD586D9B32D54EAA70C00DB1B3D10BEE02572EF8
    Malicious:false
    Preview:.Zox3.....N...P.6c...L...a.../.........s..K.y....BL...m.|&R..=WY.2.i.x_..c......?IN...._..`6..Ms/8) ..`...0B..c..F...w....ZrfO.>.T.b......Or..s.w.....L...%..`...c.D.:.-.F.....L..\..5...Nns....<64.4NZ.L.....3..... ."...K..7i..7.s.....V.-P.3vOG.4-..a.....p.C *..T...s...A..[[.l..C4.......T....`..V.W.=...m@9..Fcl.%S4*.....aCw[..j.L[...l.w...P..F.,..v..Q.<...P...........o3"..I../N2...a...D(}...^...eH.gT.}.:O.....z..|.---*8+8*---605c47df4e16e23221b200da9ecb7665e6e8b6709fa3e4ac37ed51f1817c881a171e8c8373704dbb101929047c38164d598eee84ffdbb4873cef95dd3fdfdcfe435e44edd04ae9c0c7d9e3f108a1026826f1ee910c88704c4036c3512ba41b76b03ebf37bd85eba29417b6b1653a4c79ea612e528b7109455472e88426ef30b21bbcd00182afeeb17136546416155f601a4d32cf98ccb448d4c0b44730aa86fb8d1381118bab8df43816bd4709bf08eea2d9d98dc44697208b72d87bc59d607b0be997f21b5ed3b64ca0adfde99c3aae075f3be3cf8573205dae05bad6f28d067b3868fa438bf324b38fd1b36ace2ac997f37e0009e97eac8c2535c1e79f5a1383b32a71a7a26fd1c93f9992e0f5f5c0fcdd5b44ab62a

    C:\Users\user\Downloads\BJZFPPWAPT.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.756935187566286
    Encrypted:false
    SSDEEP:48:08aI2FLC0m5Wi9Tfxc/7MQDW9FL4D0DSmV8Y7DsDNtRBjecQ:Fd2FLC0Ihx87MuM4ADSmV8Y3sVBjpQ
    MD5:80E663439287B124338F117A68D12B61
    SHA1:7DD9E17DF30680B39A4DF7C0A940FA5668D09D6D
    SHA-256:582D2370EC30363E13E2482EBFC1887F0AB6083A3B11918257487B3C221E4035
    SHA-512:C2CA1BE08C9414B1A50737574C4D0E13703980A5E37333C643C80E3CE73F92A811349BFF7699C70FF0E193BCFC2878969411A444D4552E9902A4B1D94E46927C
    Malicious:false
    Preview:.'........%.N.]c.+.x.."....x.P..p;6..%.F..'nU..g..:..pb..n.Q.."-..U{E.or.\s)t.x.`/#i.5..$....Q.....}.o...Zg...29J`.CN..1..D.F|...........i.EHe..yz.E..]Gs{|...'..<AL/...S...P..>...x.S&....[.-..M.'..`5...L....&-...-1..Q.{m:`y.f...Q.......^.....Z......}c.X.8.....b@...!bKo....&.h.p.q..1...j...;...:Y.].v.....q..O6(...../e.`..F.A...0....Y+..\...T.Zz..(...g..?......c....zL...;.U...G.]...........J=.Q.1.H..7!.Q..P|..i..W.v......8.G..I.....y..[..i...5..V.....S..tE.._...Go..KMX.....*Yp...{i^.&,".+.....\..N.......y.!:G..4..R..&F._.....m...p.(w..A%.;6...!..~..%....:z..zrt.d$....LPI.. ......U.<.h....8......?Y.&'&W.4L,HzJ=..k..K....\...*.k.s.Q....?...c.~.ay.a>......3N.T.).....{...HT}..\x..8....V...O.<.8.........1.l.'...u.-.!i..V0..\._d.......?'..,..1.;/:...D.....59......(.b.&.I....q.+~.e.<..ch...J.=....;....~.5x....gE.x..&.........?.0..9...8..M.5..~..px!.........`...Rb..NA@....D}.y.f.:..Oe...p..fQ n.....5..Y..j..5..J.1....J.f.;..N!.K%..b8...3.`..V..+....

    C:\Users\user\Downloads\BJZFPPWAPT.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.756935187566286
    Encrypted:false
    SSDEEP:48:08aI2FLC0m5Wi9Tfxc/7MQDW9FL4D0DSmV8Y7DsDNtRBjecQ:Fd2FLC0Ihx87MuM4ADSmV8Y3sVBjpQ
    MD5:80E663439287B124338F117A68D12B61
    SHA1:7DD9E17DF30680B39A4DF7C0A940FA5668D09D6D
    SHA-256:582D2370EC30363E13E2482EBFC1887F0AB6083A3B11918257487B3C221E4035
    SHA-512:C2CA1BE08C9414B1A50737574C4D0E13703980A5E37333C643C80E3CE73F92A811349BFF7699C70FF0E193BCFC2878969411A444D4552E9902A4B1D94E46927C
    Malicious:false
    Preview:.'........%.N.]c.+.x.."....x.P..p;6..%.F..'nU..g..:..pb..n.Q.."-..U{E.or.\s)t.x.`/#i.5..$....Q.....}.o...Zg...29J`.CN..1..D.F|...........i.EHe..yz.E..]Gs{|...'..<AL/...S...P..>...x.S&....[.-..M.'..`5...L....&-...-1..Q.{m:`y.f...Q.......^.....Z......}c.X.8.....b@...!bKo....&.h.p.q..1...j...;...:Y.].v.....q..O6(...../e.`..F.A...0....Y+..\...T.Zz..(...g..?......c....zL...;.U...G.]...........J=.Q.1.H..7!.Q..P|..i..W.v......8.G..I.....y..[..i...5..V.....S..tE.._...Go..KMX.....*Yp...{i^.&,".+.....\..N.......y.!:G..4..R..&F._.....m...p.(w..A%.;6...!..~..%....:z..zrt.d$....LPI.. ......U.<.h....8......?Y.&'&W.4L,HzJ=..k..K....\...*.k.s.Q....?...c.~.ay.a>......3N.T.).....{...HT}..\x..8....V...O.<.8.........1.l.'...u.-.!i..V0..\._d.......?'..,..1.;/:...D.....59......(.b.&.I....q.+~.e.<..ch...J.=....;....~.5x....gE.x..&.........?.0..9...8..M.5..~..px!.........`...Rb..NA@....D}.y.f.:..Oe...p..fQ n.....5..Y..j..5..J.1....J.f.;..N!.K%..b8...3.`..V..+....

    C:\Users\user\Downloads\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Downloads\DUUDTUBZFW.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7247464118950635
    Encrypted:false
    SSDEEP:48:GK6uBzIT/uBXA7U2R61rmDW9FL4D0DSmV8Y7DsDNtRBjecQ:DFBzITCw7UUmAM4ADSmV8Y3sVBjpQ
    MD5:694B02B778F51C6D05682CBAAFB1A8B7
    SHA1:032A12270AC29475D6240952DF933123D277441B
    SHA-256:FC0A4ED6825213BCFDEAC9B0E73B1614B900EDC3BB0FEF5EE9B321645B6C6037
    SHA-512:28B35F2C0745778E4411DDE8A04B74B4D27B692B43E732605726EBDBDD5BEC11710A6914F99BBBD67A692B2E9142343E2B8AB54E4AF8238A0B780B66B2F9DFBA
    Malicious:false
    Preview:.'........%.N.]c.K....<d0F=.M?......3Q..<O..OY.&..t8b..&A,.w...,....D...Ud...?...;.e..B+... .. ..n.d.a^....1.#..,.u.ev..IAl....a..w...;.wn.{..2~[..nC4.I....8..!../.U.....9.%S..=.....VO...l.H..Q...U...$.|..E..&1..fa.k.euGEc.,`....m....."....[.o+..........c..J..&mT>...A~..w....w.{O_..!..........&^...a....(p.<.K`....3Z.x6.S\|......c.h..$"..`s..g..4d|.6..O.s...*..zj-...o.Yzl.H}..}.B...$4..A.........;[N.....:W.....1....B.4..T..H6]....8P.F....W.U=[}..7wF.....(...{..j.......@..@.Y....0.F.k.l.\8F-4...G..H../A.W...G..e.#h.x\....e.Rv.3.......[,.'vCE.......b0R.O..Y...y....`.ou+.|Lq...G...`..7.Y=....v...6a[.$....@t...mr....!`#.\..*i..|..YY....../..{1........e[...7|.??.P3.r..."x.>t.\.....IS.A.....n.A..dH|wZd...\.......e.ug..%'.......}..OU..oH....9E=..x...M...".L..s.M..<U......S.}1.}2........;..5P.r[P...%..&.&2...b..L..[.q.L-.Il....5N*.m....{>.$a.a.G..@..Q^m..l.6p<.q...K(....c.&Y....d.OP=Xe.Z^...m..-..C.xU..N.e......Q*.$vx...z.Wdw.1c.[Po9..5.Y.

    C:\Users\user\Downloads\DUUDTUBZFW.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7247464118950635
    Encrypted:false
    SSDEEP:48:GK6uBzIT/uBXA7U2R61rmDW9FL4D0DSmV8Y7DsDNtRBjecQ:DFBzITCw7UUmAM4ADSmV8Y3sVBjpQ
    MD5:694B02B778F51C6D05682CBAAFB1A8B7
    SHA1:032A12270AC29475D6240952DF933123D277441B
    SHA-256:FC0A4ED6825213BCFDEAC9B0E73B1614B900EDC3BB0FEF5EE9B321645B6C6037
    SHA-512:28B35F2C0745778E4411DDE8A04B74B4D27B692B43E732605726EBDBDD5BEC11710A6914F99BBBD67A692B2E9142343E2B8AB54E4AF8238A0B780B66B2F9DFBA
    Malicious:false
    Preview:.'........%.N.]c.K....<d0F=.M?......3Q..<O..OY.&..t8b..&A,.w...,....D...Ud...?...;.e..B+... .. ..n.d.a^....1.#..,.u.ev..IAl....a..w...;.wn.{..2~[..nC4.I....8..!../.U.....9.%S..=.....VO...l.H..Q...U...$.|..E..&1..fa.k.euGEc.,`....m....."....[.o+..........c..J..&mT>...A~..w....w.{O_..!..........&^...a....(p.<.K`....3Z.x6.S\|......c.h..$"..`s..g..4d|.6..O.s...*..zj-...o.Yzl.H}..}.B...$4..A.........;[N.....:W.....1....B.4..T..H6]....8P.F....W.U=[}..7wF.....(...{..j.......@..@.Y....0.F.k.l.\8F-4...G..H../A.W...G..e.#h.x\....e.Rv.3.......[,.'vCE.......b0R.O..Y...y....`.ou+.|Lq...G...`..7.Y=....v...6a[.$....@t...mr....!`#.\..*i..|..YY....../..{1........e[...7|.??.P3.r..."x.>t.\.....IS.A.....n.A..dH|wZd...\.......e.ug..%'.......}..OU..oH....9E=..x...M...".L..s.M..<U......S.}1.}2........;..5P.r[P...%..&.&2...b..L..[.q.L-.Il....5N*.m....{>.$a.a.G..@..Q^m..l.6p<.q...K(....c.&Y....d.OP=Xe.Z^...m..-..C.xU..N.e......Q*.$vx...z.Wdw.1c.[Po9..5.Y.

    C:\Users\user\Downloads\EOWRVPQCCS.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.729226465400784
    Encrypted:false
    SSDEEP:48:nV3rHnLxHthYopcn5r3ztEDW9FL4D0DSmV8Y7DsDNtRBjecQ:nRrHLhUDwM4ADSmV8Y3sVBjpQ
    MD5:AD074E4DC81BA8079BA9C6495E50E9F3
    SHA1:FC8069C8BCF70E8221F9F6F5587B2705FE6FA886
    SHA-256:27B01C6CAC06E7F4C79033664612BADF8D63F5AC13DCEAB1BF3C9068200C5C9B
    SHA-512:7FEC244B7A5BA582F6FB38AFD2218B4898FA408C368CF915A4619B1E4D5108675E546F9C3D79CAC9E8849C95BC1C682D69C5EB6079C599C2BFCD8DE9A35261FA
    Malicious:false
    Preview:.'........%.N.]cE.|a#.09...#..P...?s.x.ax....+..P...VU4../..m..%..t'N....f.Bzk?j*qy........&...._D..".K<......p.6.O.%.,..`...W5..4=....b.+.F..oc.&P...s^..@..dc_...}..8...8|8...[.V.........w.*...";..A....X.D-X....K...`F)qM^..}7=..A*.....K.......k~...j.>.f..jh(...\M.VN$.{N9.D.R..q.9f..i...].mg%U.......@ o...Wx.......t`.l.....N7...3.=.....X...+..J...|Ju....@..kN.T..Gu..dSz....t$......6.M.4.......w..V..Mc':a......1oII..uJ.h.Os......8.7..d._w..C.-... }..U2O....%a....&......}Uo..X..Azr...#....a...H!t.Hdx&..+Sa.H5......)0..s.,..ED.x......n........7Fd}..../.!0./.Xe...-.........KBz..5.Y.......L\.R.*ta.u..P.2. j.~.~$.^ET*.......b..n...:.]..*z\...L.....NLl.d!.D....w..$A..:..#...@,7.e...3z.Z.+.......{.8.Pe]..R7..L6.>..&tS,R.Jd<..|.3...\O...U..R.."..rV.....R..Z.h}.1.......7X[..c.9.u<.7...7....xJ;.k..Vv..3.GD;..=qS..HC.'.......F0.l...N8.kV1E....8.....X.....q.U.T.L.h.,\.>.g..$j/Y.t......,4(N.eD..JC....2....6.....=... rk..~N$t...E..."...=.U..X.....H..

    C:\Users\user\Downloads\EWZCVGNOWT.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.722274931313067
    Encrypted:false
    SSDEEP:48:JTxKFji3eSCRtDRRP4DW9FL4D0DSmV8Y7DsDNtRBjecQ:JQi3eSgDLmM4ADSmV8Y3sVBjpQ
    MD5:0A478DCBCA10CBCADB42DF95D244EE70
    SHA1:A86E71D529CC1ED2900737A39A8269785FE31922
    SHA-256:3785215ACDB0A7659351C7E10C8EDBC1F743E46D34B1B04C36508E50291E244A
    SHA-512:A17FFE4B075F819BD55E8CACC2A29A83D94BC4E3FD17BD3AB615710A4FC0442C1F09C266F794AA09A244741521601995D5053BA9E3D63F47F2DBC29332F8CAF7
    Malicious:false
    Preview:.'........%.N.]c8$..b.^..Op..G.zs....u. ...0Sa!.t.e8./.m[@........B.f....@c.A./.n4..U[lq....y \wo..P.W.e2....)h.K.2p...1W..5%...D6..;....Jk3.....A.h.~.....<....5.#...[.9..%j....]9.y..._..3<..*.........fn..r...3..7 .4(.+..(...93.N"y...F..._.2Jp.-.H.(....g.....f.h4P.q.}.....%.....E.t..8bS_".....c.v<..3.8R8....-..B.J..h5.dH.2.l..+.r|....^....e.t..-..p.8...#.........,...a..K..=....w....VD_m..~3..%......Si....:..r....k.j+..U.-%..2a....0.4:p.yi.O..+1...W..:..R.Ua...8...wl\.y... .[..#..\Q...r(e_..S....0...qW8X.%.8..~...1..1.!.)...oV'j@.....=..?.x.=...~O.UH.Q..zp..*,L.[DT.j.<y.....-.C.cZ...}.3..l.m..a.....*+..px......P2.P*v!..9].[.K..5uN+....T...........|d!{5-`K..Z..Jks...u.mq.eg..|...aQlfA....A....a.H-.{.,..h^..5o.(Q2...FA..5.....]..X ...jz6.K....8.@,eV.gHhM.k!0.....Vn..h.I....@T.\....<.q<s......._.K...Y...S!..!q!.O..}.u`{....~.{aN......E..Ik3.%!,...4.>....`T...5]PPoXx...@Mm....\.).[...KP..s.l.v:.*..9{..ULI.LA1...kE.A.g~.*9E...M.

    C:\Users\user\Downloads\GIGIYTFFYT.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.754775362257371
    Encrypted:false
    SSDEEP:48:yDUkQP5BhBrr+ViqJRDW9FL4D0DSmV8Y7DsDNtRBjecQ:rkg/XOViq3M4ADSmV8Y3sVBjpQ
    MD5:A132E340A0AEC19F5479976457BEEE0F
    SHA1:BB4551ED62475AA92D126ED3BC69832D5A39569A
    SHA-256:D48F69CC34F756A1F62FE47F9AF07A1AB7E59E14F7D01EFE98F7FA1AF15AE5E9
    SHA-512:94DA9C56B66601E263A38721B119CDE5BE0BFDE3683EF49F5E16DF4883F2B4FC5D21482CB48D60EB98F66C2983DCF5C8E71B5D613597617FBDAE84BD190C1159
    Malicious:false
    Preview:.'........%.N.]c%_=..PY3....~.S.PP.D\.S........tBQ.\.b.@..@...l.Q..W...:...M..ui...JQp.o..l..*.w....y.z%.4.=ZJSx.ng....c..BOpB.'.D........D..#:..`..l...@.RL..}..y.(.=.L.PK.l...[..+.Z.c....|...3F.LHl.P.Q...j..R.<..#.]j.Se....B.D.'N....p...U.p..]F'Z.AYu..X..QC......5..Revs\W.`G...f.-F.S.pc7..,5....{.|.<..?......n.8.j...B...Cy......m...h.N..\.....7.z;Ep}..t........k.E..'..+..Y...}{...c.cQ..}1.K?.-...U7..X?..HC..O*..Wm..m.v..9.bj.P.....b..Q...Y".....\.."....dL..!n..#.I.698.S.Rs..4......?K7B ..r$....u...0nw$Q.h.^..(td...o.s^e.u..q.6..x..0!.&N...x.jw.rd..ErU...g6`:D..\..].f.r.. ...TYM...!m..+.....h39z......@`.VG......./%.....I.-....f:...,T.A.<..p.Yb..t.....JA....6..h....4[..."6.i...:...d.q. ...j@4a.L..J...9m....W@fd%`..... .......u.d..]0A.....k.....^.......Gi..?.~?;.b..].g#e. V....t3...]..H.j'?.$..6...y.....]X.]...........a.a$V63G.]..|.{..Q.."..T3.w..3....v....<..L...Yw..<.C.J.yf.n%D.a....g(Y...]@..I<.7....:le&.v._I.m..u..-.Fv.....r'7.L...~....

    C:\Users\user\Downloads\GLTYDMDUST.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.755024985534381
    Encrypted:false
    SSDEEP:48:1MeGlOLW20zTALWTornNjDW9FL4D0DSmV8Y7DsDNtRBjecQ:17U/HALWTornFM4ADSmV8Y3sVBjpQ
    MD5:4A2B321542E787C25BC4E4FC37F04265
    SHA1:0619DD0FFB195AF14242A6C39A5BFC6137F7052B
    SHA-256:C40411E8C98D8096D10561540359AEE47DFEFC6EC04F1EA97E886D6AF43BF208
    SHA-512:A1FDAFCAC2763A8FFD0AF581E2DACFC38DD3AC5F717CBDA53FD28D303366335B0D73423C01B5BBEEC9EE5DDCA3BEC19D3DDC2786AE695FE34E0AA479F5EC143F
    Malicious:false
    Preview:.'........%.N.]cmsw5N....Y!..2...\:2....|.....3A.G)P.e...0.N...\...]&....l....Q.w....y.%?.yQK.|....?.sz.a>.r.k.....L...P.CP...%...a.6..P.s)....#...../.y...r....T..,YI..._...Z.x....@_.c......(8.4.r..%...g^..."b:.|..;Gd?......Phh...8(....A,Y.....d...H.TC%.n....*.......E.~r....!.|..{.?q.z......Q......^C..8.u....\i..L7..M..P.....D=..Y.....p.....7.C....h..SZ.....(Q...b...R.Q...TaT..[&-......O..~...^...2.K...wi.".fL...y..c...M..x.......`..P.'.E...3..<.._/...$.-W`Q..........&7.)..e...<...817.t.x...!.+M...=O.m..q..T.5....."....gF.U.zK.D...... ....o.........|4yuY.A..]Z..FbI..]..ERcq@........Ne!O...Pv...#..c.n.T.K..(...yJ...s.0......h..9)x...O.}F-.9.....@..|......4+i.{j....w:G.Q....0X.D.+.....L...o.m...?i&.....;..w5..x.O.u.x1!<.3X...v..$Oh[.@l..F..S..v.0...D2..^.&tz9..H........@u.+...y.+....3s.c..Cm@. .Y.'....4s......^....4.;.n.OG...Z.X.E?.H.P5.\....@.pSF.!d.........SoQ..A...[.Z.w1wy#.S.....}`..................xe#.....*..9[/1..D..

    C:\Users\user\Downloads\GRXZDKKVDB.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7731258898542
    Encrypted:false
    SSDEEP:48:ny+SyMnQd8tV2Tt9mWVbMus/DW9FL4D0DSmV8Y7DsDNtRBjecQ:y+Sw8z2Tt9/bMpM4ADSmV8Y3sVBjpQ
    MD5:00A277B52D8401566A7E722197B17AB0
    SHA1:998BBAA2B7F35DDFA1B298919F0F20223B042F36
    SHA-256:51B474A5FD01277CC24DCA9EED7E6B3B690A36FA2231A88080B04A821EA43E96
    SHA-512:1B5DEB7453F2C7BEA259C940487565D72ABB409DCF42E9235CC5FA16298F96643BBF9F2806527F5D3C7191E79CE0F1C01E7F519F9BD7EC219DE72750FC26F9C3
    Malicious:false
    Preview:.'........%.N.]c..).....K"<.EU....E.-#.....H.t.:?....yhz...a.....D...........9.%.I......00......}w5..._..&.C.o/Ew.d.o ..UA.j.~I2.....^!^.....^p4..L=.4..?9;!2.H....>{...?....kU..n..&.8.zx.....1...A.[..k..+F..QG........|..`.N.]z...Q....^.....y..8...b..".Z.}.uBP6Zjj..r..f..@6I.%............k1i.(P0../h...ai..L+=......s...R...j.D...7gk.....e.$.vW.C.[...V........z....w.,.0.@..Act>Q...5......0..{.....h.W^.'..lg.w../...\.@#v..jz.u.L..s.J.R..%.'.?t..9K`7....sq/.]./...E...,.....".w.U)%....#j`Oh.u.;Q....Y.....|......s./.$..c..4....K?0.o3'r.<M.....@.u,]^....J.D.t.^xOM&.b....v..h.:f....&k..ROWUH.V.....A...__R&Crb...p...SZ.=6..jip....iS..sN.}..`.$.d.....KS..3...!.ec...wU.xH)..........!k..f....s;.L...W.AB..(...a...RR:h..]l.A...>swpB......{{._........mp>Z.eX.O.+O..Z...>....s/..?.F.`...M...A....Y...m....c...;.B.i.7.^_..zt..[z..5...7....6..U.....s..UM.M..2.^I..A~......O.."..U[.bp./._..m..s.}...Z..). ...:.m...~..P.,...... A...[6....B...*y../..8 ......A....d.$

    C:\Users\user\Downloads\JDDHMPCDUJ.jpg.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.754465576569014
    Encrypted:false
    SSDEEP:48:IEVLDGPyZ6EgSpHhDW9FL4D0DSmV8Y7DsDNtRBjecQ:+g5gEVM4ADSmV8Y3sVBjpQ
    MD5:A9243D3AC705795E8A44BC2B0FB4A247
    SHA1:81966009F145145194D905C661D5F3F4876D0BFC
    SHA-256:B2C053B226870E67061D3B9B193D86178053893F2F6C923273BDA1761860C59B
    SHA-512:047AE195CE66A84BC5AC016040E7D6A6144FA57C09C9BF1CA31DC5B6EEA372E72780EADB22A893F7D5EC27655357C54D0194B2C9671FEB45B385337089A508E2
    Malicious:false
    Preview:.'........%.N.]c,.G:..3.I..D&....U.3X7....t..9.....I...)jyz;'..H..>.........)e...M...p)..Y..A.V..!.......D..u{dS[^6..O.....]..T+N.,}fCg..wx.........e~)..7.;........@.t.....L.../...s.u...S+. .....WY"......e.....3.ZP|.2.4X.....+4...[.%.jy. *......v...[.f..C..A....S<...w........}..tE...b.'..`.Rz...puZ*):..'......>.k..h....t...m.0}.k'cp.l......A..J..?...XEz..kb:..T.xTBB6~.R..t...':.....51.A.B4.......<%..'..S...?....u.{......)U{Z.........2}...YP.-.T.xr.HC.)Z%!q/..K./#f..{...:..iy.....nX{.w._[G.S."8Rj..b_.3....;...x.R.Nb.?Kk.l9..n..h...mO..o.X;.._.a^..2u.F..o.a.0..a..5..(>Bf..kv...o.v2.....7.`L..{.m..bP=B..L.....o.W.F...h~j+...M....1.Dt.i..<.L.......=BePA.....l...$.chB...#=..r....X..b9Z..d7..}...'m7........d..b.c.....g<r....).. 4.N.gyL.y..nY....7...../...XP..F_E).$...0>.).#x..W_>..^..*R...L........FA{_.....9'.....6fq.F.e...8rL_..%.....M..M{..:..cA.+{s.A./..\.....U....`..a.V..VG..z@.+wq-..1(..".p.Q1. v<..r.k..&.4n...<m.g.TKT.........

    C:\Users\user\Downloads\JDDHMPCDUJ.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.754465576569014
    Encrypted:false
    SSDEEP:48:IEVLDGPyZ6EgSpHhDW9FL4D0DSmV8Y7DsDNtRBjecQ:+g5gEVM4ADSmV8Y3sVBjpQ
    MD5:A9243D3AC705795E8A44BC2B0FB4A247
    SHA1:81966009F145145194D905C661D5F3F4876D0BFC
    SHA-256:B2C053B226870E67061D3B9B193D86178053893F2F6C923273BDA1761860C59B
    SHA-512:047AE195CE66A84BC5AC016040E7D6A6144FA57C09C9BF1CA31DC5B6EEA372E72780EADB22A893F7D5EC27655357C54D0194B2C9671FEB45B385337089A508E2
    Malicious:false
    Preview:.'........%.N.]c,.G:..3.I..D&....U.3X7....t..9.....I...)jyz;'..H..>.........)e...M...p)..Y..A.V..!.......D..u{dS[^6..O.....]..T+N.,}fCg..wx.........e~)..7.;........@.t.....L.../...s.u...S+. .....WY"......e.....3.ZP|.2.4X.....+4...[.%.jy. *......v...[.f..C..A....S<...w........}..tE...b.'..`.Rz...puZ*):..'......>.k..h....t...m.0}.k'cp.l......A..J..?...XEz..kb:..T.xTBB6~.R..t...':.....51.A.B4.......<%..'..S...?....u.{......)U{Z.........2}...YP.-.T.xr.HC.)Z%!q/..K./#f..{...:..iy.....nX{.w._[G.S."8Rj..b_.3....;...x.R.Nb.?Kk.l9..n..h...mO..o.X;.._.a^..2u.F..o.a.0..a..5..(>Bf..kv...o.v2.....7.`L..{.m..bP=B..L.....o.W.F...h~j+...M....1.Dt.i..<.L.......=BePA.....l...$.chB...#=..r....X..b9Z..d7..}...'m7........d..b.c.....g<r....).. 4.N.gyL.y..nY....7...../...XP..F_E).$...0>.).#x..W_>..^..*R...L........FA{_.....9'.....6fq.F.e...8rL_..%.....M..M{..:..cA.+{s.A./..\.....U....`..a.V..VG..z@.+wq-..1(..".p.Q1. v<..r.k..&.4n...<m.g.TKT.........

    C:\Users\user\Downloads\KLIZUSIQEN.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.750331692349134
    Encrypted:false
    SSDEEP:48:+soMF9wy+8IkTA3wMkAVIK4DDW9FL4D0DSmV8Y7DsDNtRBjecQ:+xMFuy3Ir3Nkm9mM4ADSmV8Y3sVBjpQ
    MD5:730289F3FFBDE7494E022F944B441BB1
    SHA1:1A046FE2E57F92C54DFA0AF5B305E3C60B0B67A6
    SHA-256:E63A3E75054A7A16584A2888DC4CBC5F4A35278689E77DDB5C2EEF46D08F45ED
    SHA-512:4C5C4361ECCA1BD27ED2ED752A1663F4AA5FDE960E7BE221FEF403214F35719F95758BBEBE474958995F7F19AF286B8C7BC10EE7DF49211507DEDDBA455BE6BE
    Malicious:false
    Preview:.'........%.N.]csXF;e...y......a~....)...D.Dw....7...fL.WN.P..s^f..a.w...n......WE...m..Mh...........6..8.K.BV..&."x..R.phX")s.....g'h.T..h0a.k..U/...G..V.........h.. .6(.:......P.......gR..ZR%....?....W.......+!j.m...:+...s)1..{b.......b..V.J..8...x.C..%w_.8....Co..X*..x._H...j\...p..>..,WL.....p....o\?..+.M:..1.i...-.<.W.R<..D8q...J..n.EK.D..'...JM.;*R^5...G.?{1...o.%*..............X...4V....&RA.#....h..;.w.H.qR....F*.?fdv.r.@$..@.:8.....9.d}xMd.`..wP...:..4w..;....bxS...g.....Db~...VU.........L.(.az...L.hi....".,?.7...aVZA.+....H.e.......f.7..K.q.{.we?,.ij.&x5...".?....,X...R&H....piF...S...t<=O....)..c9$.[..IgD...S!..|..?.$..&.f.%.....H..-.z..J./..,0_......?1.Y.bNn,.9E....M...-G.X..:...n(.f..c.........,..=.X..m.9U..l......(u.. lg...L..5........(.@.KC.7P4i..U.]eSm........v...u.............\.,"..7....P.y.7.C..(.3.D8C...+Y.D+|....c.$.%.!.+....@....HW.......[.....I..<...Q^....^.\md.......d.b.w>..s.[{'.<A...^.....2w(.

    C:\Users\user\Downloads\PALRGUCVEH.docx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.773022961527402
    Encrypted:false
    SSDEEP:48:xWbxBUHxjFcFZq99m0BDW9FL4D0DSmV8Y7DsDNtRBjecQ:ev+mZq99msM4ADSmV8Y3sVBjpQ
    MD5:3DE5DF598545DB6212147BF83FE59029
    SHA1:228074584699049632DD8AC7E15FABC5A9245520
    SHA-256:87009CCDF1B690A535FDC9AE6BE8D4A4345763E229E0C15BA1B68367F86B27D4
    SHA-512:9B7DA52E3D328E9A25CE531D13FD4A5A760442A957F7D85DB3E1EBA990E4B2F03EA5751F0EEF12143348F103B190D9D4CDDDD2E4F388877936FD8CBD2C860A6B
    Malicious:false
    Preview:.'........%.N.]c..;...q.=.0...":.N..j|?.7..F.:3..l.........k.h../.0..w.:.<.....+.....x...Wu..h..q.J....._}....B.N..A...<;...S...[k....| .?UZ[k+..l.E.0...;....>...zY..pfOX.'..&.s..Vu. ("y....%.r.....J>..J.p.c..."2.D....v~..}....!)....-..U...H!...".!o_V.K.+..Pn.#"aM'W..`C^.}..:u3...g.MC.`......+[.k...Azx....N!...7+.Y.....-...3.2.X..X..%.Y...D.s....F..U....ZP....JI..tJ.j.9.....C^.J..4.W..*.=U..mu./X.C.|'..(.g..#D...U..>....q.B!..9...m.'..N+...1.&....c.#.`..5..z._nM...=6d.@...c.._s.{...U"e..t..C....?.+.........#;.3....k...+..j.....]"h.....[w.k'.,=..V......_.]a....I.@9`4=...~//...T.......=L6.g....8.W.3..o.}..L4.y..k....3.Z....f......pk._...Ip.....m...3d..1.....}.j......u ...pB..f.h..(h..{.w..?"....xn-X...Vv.S.! ...z..o\J.......wS......V.6.s/&8...g.*...."U.X.+...Q5n.N.|..\.THU...4.Xp.Qq#.u ..Zyl...C.yY c.2..# ...^.v Z.N?.|..h...}.#.........p....~.....<EP}..Mv;......,...V.;M.....@.D....|...-.oV.JL..R...qpH.e.S&..l..W...,.%w..H.o....s....Um.?...%.[.SJ.b

    C:\Users\user\Downloads\PALRGUCVEH.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.773022961527402
    Encrypted:false
    SSDEEP:48:xWbxBUHxjFcFZq99m0BDW9FL4D0DSmV8Y7DsDNtRBjecQ:ev+mZq99msM4ADSmV8Y3sVBjpQ
    MD5:3DE5DF598545DB6212147BF83FE59029
    SHA1:228074584699049632DD8AC7E15FABC5A9245520
    SHA-256:87009CCDF1B690A535FDC9AE6BE8D4A4345763E229E0C15BA1B68367F86B27D4
    SHA-512:9B7DA52E3D328E9A25CE531D13FD4A5A760442A957F7D85DB3E1EBA990E4B2F03EA5751F0EEF12143348F103B190D9D4CDDDD2E4F388877936FD8CBD2C860A6B
    Malicious:false
    Preview:.'........%.N.]c..;...q.=.0...":.N..j|?.7..F.:3..l.........k.h../.0..w.:.<.....+.....x...Wu..h..q.J....._}....B.N..A...<;...S...[k....| .?UZ[k+..l.E.0...;....>...zY..pfOX.'..&.s..Vu. ("y....%.r.....J>..J.p.c..."2.D....v~..}....!)....-..U...H!...".!o_V.K.+..Pn.#"aM'W..`C^.}..:u3...g.MC.`......+[.k...Azx....N!...7+.Y.....-...3.2.X..X..%.Y...D.s....F..U....ZP....JI..tJ.j.9.....C^.J..4.W..*.=U..mu./X.C.|'..(.g..#D...U..>....q.B!..9...m.'..N+...1.&....c.#.`..5..z._nM...=6d.@...c.._s.{...U"e..t..C....?.+.........#;.3....k...+..j.....]"h.....[w.k'.,=..V......_.]a....I.@9`4=...~//...T.......=L6.g....8.W.3..o.}..L4.y..k....3.Z....f......pk._...Ip.....m...3d..1.....}.j......u ...pB..f.h..(h..{.w..?"....xn-X...Vv.S.! ...z..o\J.......wS......V.6.s/&8...g.*...."U.X.+...Q5n.N.|..\.THU...4.Xp.Qq#.u ..Zyl...C.yY c.2..# ...^.v Z.N?.|..h...}.#.........p....~.....<EP}..Mv;......,...V.;M.....@.D....|...-.oV.JL..R...qpH.e.S&..l..W...,.%w..H.o....s....Um.?...%.[.SJ.b

    C:\Users\user\Downloads\ZGGKNSUKOP.mp3.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7617346248161
    Encrypted:false
    SSDEEP:48:2pm/SwUWH0JXk6gMOhrFr/ueXyBL99FSnfYli2J7:8mKwUKKDgdzTuEMJinQi2N
    MD5:AFB8B281E96CE0B3D8B299B17BD9F5F3
    SHA1:0413D43D6FA2950E53179CDB18F17014F93D93E3
    SHA-256:2D1C041FF84C18D3D68C01AD8C06D65D67114E1545B9B51736886ACCAFA2A78B
    SHA-512:F7B22B9EE43A28E85AC09D6B5371BD88269CCDEDBD8D35149FD703667EC7382AEF0E1AA069B751821626B30C59BCA044EE2CF75CE5780D0198D53AAFC0B0418D
    Malicious:false
    Preview:"M...k....3 .d.+...W.,....p.I6......~.Xa...@...0i'/....e..e../.*z..eC2...d.V.kv...".>.+s......U*........XL+y....F4,j<...Z..o.[...P\..m..E._TG..5d.~.....?.<......6vm.C.5.......i..|..~}...p.K.....y..~...B...fH..tB.5.....x<".I.3..{hx_o..A..C=..Q...-..7..i...d.|.D..P....<a...w.AcB......o......~""YCd...{.-$.&...LF|..|.d:|..^H..*E4=...e$.^....5..SV.T.[E.#.Rw....B..)....}.r......E.q....%..........]..&KS.*.=.@.O,).../.#..FW..........$ebDz.J..F....f.3..@..a..>K.0.....~....y.:e.W.un.ko.!.|..i.&.'.9.or'..^u.z9u*.*-..Imx..yN..:....4........N%.dK\..[Z.P........7x.2..4|9..Q^...7.K..~E..[..X..b.L...p...sj${.-.86c0.V\...tow...I.....>.E...f...,[DL.....^9.V.Y.K'.nY.R^..../... :Z#.(:..I..y.`N.L.d....<..@.E.7.."i.w.< .P..d<.1........liz68.S<~$.B.2f.......v...s[..yJ....n.s.zuI:.t.2..`.m.f.J.x.cu.S.WN.LC..n.:.............@.....k..]X.ge....g.&.c..k!.|!7.nAM.N..y...0h.....J.U.O(......../}J.*u..d.{.:#.`#.p..J.*..6....w>..];Q..i...fF..........V....Ic-...p.EX.W..A..

    C:\Users\user\Downloads\ZGGKNSUKOP.pdf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7617346248161
    Encrypted:false
    SSDEEP:48:2pm/SwUWH0JXk6gMOhrFr/ueXyBL99FSnfYli2J7:8mKwUKKDgdzTuEMJinQi2N
    MD5:AFB8B281E96CE0B3D8B299B17BD9F5F3
    SHA1:0413D43D6FA2950E53179CDB18F17014F93D93E3
    SHA-256:2D1C041FF84C18D3D68C01AD8C06D65D67114E1545B9B51736886ACCAFA2A78B
    SHA-512:F7B22B9EE43A28E85AC09D6B5371BD88269CCDEDBD8D35149FD703667EC7382AEF0E1AA069B751821626B30C59BCA044EE2CF75CE5780D0198D53AAFC0B0418D
    Malicious:false
    Preview:"M...k....3 .d.+...W.,....p.I6......~.Xa...@...0i'/....e..e../.*z..eC2...d.V.kv...".>.+s......U*........XL+y....F4,j<...Z..o.[...P\..m..E._TG..5d.~.....?.<......6vm.C.5.......i..|..~}...p.K.....y..~...B...fH..tB.5.....x<".I.3..{hx_o..A..C=..Q...-..7..i...d.|.D..P....<a...w.AcB......o......~""YCd...{.-$.&...LF|..|.d:|..^H..*E4=...e$.^....5..SV.T.[E.#.Rw....B..)....}.r......E.q....%..........]..&KS.*.=.@.O,).../.#..FW..........$ebDz.J..F....f.3..@..a..>K.0.....~....y.:e.W.un.ko.!.|..i.&.'.9.or'..^u.z9u*.*-..Imx..yN..:....4........N%.dK\..[Z.P........7x.2..4|9..Q^...7.K..~E..[..X..b.L...p...sj${.-.86c0.V\...tow...I.....>.E...f...,[DL.....^9.V.Y.K'.nY.R^..../... :Z#.(:..I..y.`N.L.d....<..@.E.7.."i.w.< .P..d<.1........liz68.S<~$.B.2f.......v...s[..yJ....n.s.zuI:.t.2..`.m.f.J.x.cu.S.WN.LC..n.:.............@.....k..]X.ge....g.&.c..k!.|!7.nAM.N..y...0h.....J.U.O(......../}J.*u..d.{.:#.`#.p..J.*..6....w>..];Q..i...fF..........V....Ic-...p.EX.W..A..

    C:\Users\user\Downloads\ZGGKNSUKOP.xlsx.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.7617346248161
    Encrypted:false
    SSDEEP:48:2pm/SwUWH0JXk6gMOhrFr/ueXyBL99FSnfYli2J7:8mKwUKKDgdzTuEMJinQi2N
    MD5:AFB8B281E96CE0B3D8B299B17BD9F5F3
    SHA1:0413D43D6FA2950E53179CDB18F17014F93D93E3
    SHA-256:2D1C041FF84C18D3D68C01AD8C06D65D67114E1545B9B51736886ACCAFA2A78B
    SHA-512:F7B22B9EE43A28E85AC09D6B5371BD88269CCDEDBD8D35149FD703667EC7382AEF0E1AA069B751821626B30C59BCA044EE2CF75CE5780D0198D53AAFC0B0418D
    Malicious:false
    Preview:"M...k....3 .d.+...W.,....p.I6......~.Xa...@...0i'/....e..e../.*z..eC2...d.V.kv...".>.+s......U*........XL+y....F4,j<...Z..o.[...P\..m..E._TG..5d.~.....?.<......6vm.C.5.......i..|..~}...p.K.....y..~...B...fH..tB.5.....x<".I.3..{hx_o..A..C=..Q...-..7..i...d.|.D..P....<a...w.AcB......o......~""YCd...{.-$.&...LF|..|.d:|..^H..*E4=...e$.^....5..SV.T.[E.#.Rw....B..)....}.r......E.q....%..........]..&KS.*.=.@.O,).../.#..FW..........$ebDz.J..F....f.3..@..a..>K.0.....~....y.:e.W.un.ko.!.|..i.&.'.9.or'..^u.z9u*.*-..Imx..yN..:....4........N%.dK\..[Z.P........7x.2..4|9..Q^...7.K..~E..[..X..b.L...p...sj${.-.86c0.V\...tow...I.....>.E...f...,[DL.....^9.V.Y.K'.nY.R^..../... :Z#.(:..I..y.`N.L.d....<..@.E.7.."i.w.< .P..d<.1........liz68.S<~$.B.2f.......v...s[..yJ....n.s.zuI:.t.2..`.m.f.J.x.cu.S.WN.LC..n.:.............@.....k..]X.ge....g.&.c..k!.|!7.nAM.N..y...0h.....J.U.O(......../}J.*u..d.{.:#.`#.p..J.*..6....w>..];Q..i...fF..........V....Ic-...p.EX.W..A..

    C:\Users\user\Downloads\ZIPXYXWIOY.png.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):2078
    Entropy (8bit):6.758372916669944
    Encrypted:false
    SSDEEP:48:Ty9Rk0G1YH/EWi1QA2CCidj8QWnSrrFr/ueXyBL99FSnfYli2J7:5cvij8QxTuEMJinQi2N
    MD5:8992E3ED31B4D0EB4F51E5B292AAAFF1
    SHA1:110A283FDD66ADAF5C7C2A89417EB1176D9D5604
    SHA-256:53F87DF343F16D56969ACE50C0ABC18B8108979429670289AC0D055FEFCF7B27
    SHA-512:7E73FE58F8CCB325ED12A9522B7AE0F01F14351E30E5FE0F51ED7F522B357BE6D06AF01CA22E872BA087C424F1D3D881F7C0607575254A15FBFF23A1B4E5799F
    Malicious:false
    Preview:"M...k....3 .d.8..]........QF.|...\..v....Q.#.9..p.{o.Y.%..9.O..n/......J4.......T..+..8.D.T..)Xz..H..p.G....B>.}.LN$.=PTk.dA...).{c.....A............9..R!v2.LG}=.M$B. ....D..J.{..C.."...|..t..#-Ce...xw.%..>...p...HR....F.....M..l"...^......ri}r..M.....A.y.d...2.x]D..cB.~ms...W.Z...R.=+8..8(.8.h.....m.......{..I......{y.4...>....N....h.....A.(.1..Z...Pm.*.u.5~..BAIVP..\...t.T(...HEeO..(ml...g.h..o"..j.C.a... ..>..2..ep..V6.'.6.1....={.+.Ug.XC.nM.[@..ZS../V....}IA.;........Q...i8eAm...-..^.o...K.Z...6.]./ .g..VF...ZD..:.Tl........dJ..y..;.@K.K..z..l.k. =.bJ._I....u2.:.8D.B1~zy"PxA.D.^..y95@....G...=..m.......m..*....9>....0.ZJ..;j.L...>.q....G=.)u.[.....%0W;.#d.....g.'. F[............@..4..J...=\.*..,......p..1!...n.Z]!.4t1..hHUPe..v.....|9...BZ7HS.e...mK..qZJ.3.)..q.N..$>....uaUP8....Q.....Q..'.uD......).$.....9..h\7...G.\D.c.._{........!....... .g.k...7..TP.......:U.....^p......G..7.,..P0...X.m.A...Sy...v.8MM.\2.&{X.#~..y..Z.#.&.....Y..$g*I.

    C:\Users\user\Downloads\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1340
    Entropy (8bit):5.451377713892017
    Encrypted:false
    SSDEEP:24:HB0ZXk60oUKvwIqBlW9FL4DYJDSGqY8vFGyBlvZTY7DsDNthHBjeXMhSn:ySXpDDW9FL4D0DSmV8Y7DsDNtRBjecQ
    MD5:B074298E656F340EE49EBB03CB025D54
    SHA1:F615C5F8297C56986EEEB0E8B168371D6A048A84
    SHA-256:1874996B4FAD970C08A285600095E1CDB76C7AAFA0691223C813E7654CB01408
    SHA-512:2BE07F946CEE56BFB02FB4D1429D98C7F915E33E171E953B9CA84B7CD8AAC379AD8ABF7F70C334DEEAFE69D7AA1C1E5B005D14C08B6FEE6CA3A7D809AC481A04
    Malicious:false
    Preview:.'........%.N.]c.u.. ..^...D....!...@;.%%....}".t_...`9.....ts..K.)..Xv..iEG.....=.y...B+ ..c..q'5.E0.._u..@.%).{.^%..x.6PqE.-g..L..4.k,]....N..8.=.3...Q...`.....Pt.s.p#...Q.`~.c4...........#...X....3.N`..v...7.L.(47...>...Z.......4......M.~...n.IW..=.....{>I]..~Z....N..nzE.mWj...o.vw>.....4z---*8+8*---6f62b9c8ff8c463953247673de7ac10090024fd3b820943f5e1f02b5d581e94105071642281ebf75b6790244267292c438e685d40c87524b51d4656ea2e815496fb678d1a310874ec0263ef6a4e7238750178ce74a7fef2a198264cef2b42d24512490b2b262f20e9cbc293c75b0339adbc650552325b75f740a3fcb8336e8425d3ee7f527718f556722db4c863bde3f935acc673d0f0098ebe2ec965440458e0265d931a7b89c8f72a0aea590d7912922a2e3f083eb9753f9d6d507e2c49389d9eee970ac8969c9786242333bc39878ee60ad134050f1df3ca9f4888a3e7f0751c7b800f54cba492a6831535cb970a6078225b4400d220c0e7bde259f60b09cd392fc4db10595b8a15734310303785a14139049be75706b8c76a032e1f57d1799a00e7cf273373ca087b860864d8546792e62e6be7d395b2ce40e0d552050097687afc571e6d7626705e6c53f9733de17ce96b304e4e

    C:\Users\user\Favorites\Amazon.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.7421890891283125
    Encrypted:false
    SSDEEP:24:DbkkOUSX+02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kd5rFr/ueXyBL99FSnfYli2J7
    MD5:0B86FE63E89D06B6E17A867C47ECF148
    SHA1:65091AEF48A7C1E7CF5500E2AC72FA4987001A53
    SHA-256:6401C3ABBA7FBF3400B47C116A221A6EEB6EC2F69497C80D3F9FB8EB8DB2E1C9
    SHA-512:7FC541078449DD82CBEDB463620C26B3FD943568123C385D9B6605AB590FC88FB09162613D696345C8B53ABEC3DD8C01ABC96D4A2C2FAD559C42A03331F200A2
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9;R...8.....'.&.m---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Favorites\Bing.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1260
    Entropy (8bit):5.177373213373953
    Encrypted:false
    SSDEEP:24:DbkkOZmc602PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kLdrFr/ueXyBL99FSnfYli2J7
    MD5:0B8F95925D441501D80722D790E6977A
    SHA1:C03B73ED5360A1BE45AF71F88AA6462BA5101B8E
    SHA-256:19BF9F9A2C10CAB3E332AFF7C5579D69F4ACB6E9A0BA801C8ADC610877B4B63C
    SHA-512:28F99AB24430AC80C3E3F8E6A3AB0DA4C89BAD4F58038410AB85B02FE605CC5A7A39DBD5115C323E0C2DA2D2D9437E39B340567AD6E20D50F696EC6ACD2CBE5D
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|..`.y,.8..N.t..D.}Q......=..se$j...>........h....G..E.zH)./..4Sv...?.<.PQ.....&......<6T.Q3.=:.B.Z..[ZYT.x,..u2....YZ<K.Fv...---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55ed

    C:\Users\user\Favorites\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Favorites\Facebook.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1180
    Entropy (8bit):4.811862816703631
    Encrypted:false
    SSDEEP:24:DbkkOUP102PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kdP1rFr/ueXyBL99FSnfYli2J7
    MD5:586EF77967767E1B2436C51DAFED5E69
    SHA1:7B23DEFA207DE14C33CAA0D6DD5AFD6F6AC9AA3B
    SHA-256:F8CD7D218D6D9E8D874EB659A92D8E823E95C82FACDFF958A344A2EC78BF536A
    SHA-512:A17615098E3D8A21CF977A80279A0BE03ABE7665D5F34139F54BB13CD88DA0E054E500EDBA1F02A1D5A89E624ECE5F261D6D267BEE88783205220B25478AA9A8
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...92.Dh...Z...B..65U..q...%t...e...---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd1398

    C:\Users\user\Favorites\Google.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.749951719631439
    Encrypted:false
    SSDEEP:24:DbkkOU/02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kd/rFr/ueXyBL99FSnfYli2J7
    MD5:F7F5A638CF339E6D58A2BBDFCEAC4B80
    SHA1:16FCC9CFA0DB431DEC9D36E576610996F494466C
    SHA-256:567D99ADD6C4AA374C94C1C6131E9A8DCFAC496432ED9AC922791700A04FBCD9
    SHA-512:C03E348A828627A1E568B04B41B6EC038735C120BFBBD7A40E3B04D817AA7F54A82E762A8AF44A7B6A74FD92E478571AC96BE931E75127455047F771207EF697
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9....s....Jc/}U..---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Favorites\Links\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:true
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Favorites\Links\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1132
    Entropy (8bit):4.583916495494443
    Encrypted:false
    SSDEEP:24:DbFOKhdh02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:vHhrFr/ueXyBL99FSnfYli2J7
    MD5:C00FC03DBA7F93E3C9D3DCD90130BCE4
    SHA1:B5E334194A4A2599FB076ECE1FA212AAAA7B7F74
    SHA-256:306BCA537776C90BA5357E758A02DD98271E2BF5A29A10FC4F1A4C6A3F06947F
    SHA-512:2159BDD5789704905967A4D5962633393BAA6C1D024790A53848EB650F998741CAB8BEB80758C5AD9725FF70C501D6EEE1CF677D88235F45283537B5AE6B9440
    Malicious:false
    Preview:"M...k....3 .d..... ...X....7&..:Zq...r.{..d.].a.>V..*.....V.07)..9q.we.@?.'.!@..k.2.`a...---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20afe34fcbe6be324132c2262dc8ce72a23a

    C:\Users\user\Favorites\Live.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.745806779367827
    Encrypted:false
    SSDEEP:24:DbkkOUB+02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kdwrFr/ueXyBL99FSnfYli2J7
    MD5:530B155021DA7225D98A88A66EE7CEA7
    SHA1:D5E66F25F5C4BF24249F188CFC88ED286D317E44
    SHA-256:11C76E7745D3C341CE613859CF39E4CAD81346B5EB02AD3653AF5B5235101FF2
    SHA-512:1FB2227ACD60B6B878DBDE6F7DD610890A89374F61C140801EA5F2946488262725A22515B4993FAB41DA306BAD47F4D8F505B12BD73D2A4295364571B8B38D93
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9:~e.\..?......I<---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Favorites\NYTimes.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.751121429128712
    Encrypted:false
    SSDEEP:24:DbkkOUfr02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kdzrFr/ueXyBL99FSnfYli2J7
    MD5:A0452A0FBEB0E5A18458DF5D6981EF87
    SHA1:330CBD9AD3D482BDE3AFD52265548B9162CC2779
    SHA-256:7994FF2D8215B9BB4B3D340A1C876BF29A8CFE4ADBC329BC9AB86C8B26B12FFA
    SHA-512:3D7F9994DBF49D443CCA2365E863BFC9E64FD0E5D98E70F3EB514CB75F5EBDB2C68EADBE821AB734D2EF52858E9CE398C3AAF16428AC555A2171EEB4E69053E7
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9.H".{jvYu.*....---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Favorites\Reddit.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.7392354851469785
    Encrypted:false
    SSDEEP:24:DbkkOUq+k102PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kdq+k1rFr/ueXyBL99FSnfYli2J7
    MD5:54AE8A21640780A4090EF11F18C62743
    SHA1:5F6D1D6CCC9D0EFB966B86C24634903170EDFA31
    SHA-256:E96133542B67955C38A44DBB16ABCFD47A3CA507CED95AF322877C080C9871A9
    SHA-512:090352520B6CDE1727C4B94A493818849AB962B664C1DD9494C52950AE39B9614989426F5FFFEDBFC11D8E8ADC6E7311A317ABB95D0DD97B538B3BB1B150F164
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9N2..[...1...^..---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Favorites\Twitter.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.736026395755844
    Encrypted:false
    SSDEEP:24:DbkkOUx902PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kdzrFr/ueXyBL99FSnfYli2J7
    MD5:185AF532372A3DBCCE324E12581EFE17
    SHA1:ADBD02015DF19CBCC75A63FA8D005BABE6E27C38
    SHA-256:18FB2F8308DAD3FDE0897EB58926F5616F92DFBE3109D056AD92DDB713FADF7A
    SHA-512:2F7B2252B0A9EECF3A58CF464F09C56FA5F9E9552A6A8C99A97C9C250963054BED2CBD666C7253028ED4DB4F5062EB00064DD17964E5CB067E59E4BDD138A913
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9I.PS.0...u5.{ZV.---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Favorites\Wikipedia.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1180
    Entropy (8bit):4.81130326445716
    Encrypted:false
    SSDEEP:24:DbkkOU1It02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kdatrFr/ueXyBL99FSnfYli2J7
    MD5:8EF8E5E2E4AB3F6CDDC34E6CA8D02F1E
    SHA1:673CFC43A20DE2608DE4BB6999E00B01BDC2A8DF
    SHA-256:7A39EF8FCE9A9A92744EA36DE987EDDFD29B5E395340DABF7313A275A43741FB
    SHA-512:273708BF5156259E1561FF49C29F9FF0267C5EFB275088DF9FC931CA817EF2023F9997743447FFC4E837A0CAF1099B7E92506AACD06D2AC16201E81A2CC50524
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9.w}as..B.G#DI..8.m{..2. ....---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd1398

    C:\Users\user\Favorites\Youtube.url.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.743227699369347
    Encrypted:false
    SSDEEP:24:DbkkOUq02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:0kdqrFr/ueXyBL99FSnfYli2J7
    MD5:32934F8F78304C2523CA669A72DDA910
    SHA1:5979E1EEFF0AEDF18EF4BB71F304E7A969AF0D66
    SHA-256:5F8C94E7CE85F884EAED4C5F3224338DD0DCA4E5862423FC6A24A88447678CE5
    SHA-512:845B65ECF61DF1B5EC607ADED650BF99BD7041D146A7B4F89F28D77F118764112E98D4D77B134C27F73C2510F8627D47F1CE01DEAECF18279C3EE570CF1FADE5
    Malicious:false
    Preview:"M...k....3 .d.w-.e.2..8.V....3.H.mV.....^.M%]..kI+.'..V..C..u......0gIV...va.?..Z.;.5?..O.|.V..G.....<...9|K.6i...B .VY.l.---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Favorites\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1468
    Entropy (8bit):5.844592138408294
    Encrypted:false
    SSDEEP:24:Db1R2b9MAOMn02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:FR2bDrFr/ueXyBL99FSnfYli2J7
    MD5:43F35F279B47C8C527C01D06ECF25D8A
    SHA1:563C9C4D9D11C076C06DB7C4828D51FF321B4BD5
    SHA-256:2CACFFC1589DCABB453D153ED9DEDFF21C5E91775A4A4A27A8C9B18CB80E2303
    SHA-512:2EAC9EB5000A623BCC560E5A76633D78B93D558438AF29E74353912148D6EC7D413014F34B99BFCB3103513231FEB8CF780E546E9080964CE63C7E3DDC122F5C
    Malicious:false
    Preview:"M...k....3 .d.....D%T'...(>...+....7...... CA...:.v...J.e......I...q!.+..^..[.I. ....n....`.z..{.,.......O.G.j../.1.l.g..../......fN .L..t.......IR.@T..6..z.X....u.<$./..].4:...O.D!N...4..+{..).M8..9E.R8c...Gy.Xn.....o.lY\.........*Aw.}..|+.z.E!^..@o.^..]!#....W..+V.......q....;.E.e.E.....>.p&uh,G.z{co....,X.z...s.M._.....nMs...:..i.rs........i...S.V..8.=..Iz.T...w.v9....9pX..GM.?.z2eU.!H...u...#.>..r&P>.E....---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3

    C:\Users\user\Links\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Links\Desktop.lnk.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1548
    Entropy (8bit):5.970852265449946
    Encrypted:false
    SSDEEP:48:gQVHbzKGrMDI7y0/trFr/ueXyBL99FSnfYli2J7:tHbfJTuEMJinQi2N
    MD5:136B8158E7A4091231C028B28397FC19
    SHA1:5ECA9DABD96C0A0F1A54D724BE4ED5C2C01166D3
    SHA-256:08FC67D52AE47B819D10CE5F77E9054EB2202748D83D30E827478662A03E65B5
    SHA-512:D0F182742FB4835A015B542F543929C26D082579ADF21AE179E55552D31A27AF6A6C338C78C627869A0F6C7C8796AB7F775DEF0DD1BEF750A0A175CC23FDAEE5
    Malicious:false
    Preview:"M...k....3 .d..1..i.D2.?..@.+...,.&..w.......M..K.+.+....19..uiy..<%WQ..Ic%.~.C.Dff...f.bw.@.P.....rT..o...g.....aO7..0.J......y...'..a_.q.....Nj2c.:..S....h.iI.s.zxf"......9...FKY.3..)P3)5q...x.[9.R...G.G..H..m.J.....Nt..~h.......j....MRG&Y.."6...k.....OJ.'..G6..U.....G.\z.ei...R.X....!E.%_..F.W:&!..xo.!B.1.e.N.i...KG.9.oH'..Sy...H...k}.C..n.0:.]...2.*.r.b~..7.Xw..:.0.^.o.V.!...2...W2...@1...y#;..B\..Q#...L...L,.."D#.S.....DaY*;n..[...9E.{.nT.W..p...L.R..V.U../...K!.~....`.~17.q.h.j---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f

    C:\Users\user\Links\Downloads.lnk.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1996
    Entropy (8bit):6.674946535309034
    Encrypted:false
    SSDEEP:48:g0DA/Pd2/ZBSSQUl7RrFr/ueXyBL99FSnfYli2J7:7DGPOBSRETuEMJinQi2N
    MD5:338F35385D1FB24E5CA5C2B99C27457E
    SHA1:612DC9265951A2272B636769C4F8E7E3E5997C98
    SHA-256:5E6BF9842699166D288218B148E2B14242AA0EFADA04E117B202541041331FC8
    SHA-512:248160F88CE76EE76363E70319888794A32A15BABD71EFF7E14F7C5424E06A665C055CC6F1232076780456198FC2A404CFBF71805147D5C5CA1C72F6413EA3ED
    Malicious:false
    Preview:"M...k....3 .d..1..i.D2.?..@.+...,.&..w.......M[*.i.3.N`6..d...g.,;L#.x0.v.v..B......[..s-.$.........eed.X.0.r...B..Z.$.)..."...Eq:.$.(....e...<7../d.....&.\#..Y....pX....'.....{...h.......32.U..^<.@.1.~..U%.*P....<.......[....&...U...<.-.....jG..|..|D..@..c...E.q.E.P..9..t..y..1yXl....>dCLb.....m....)n&.:'dVu..(...K......m..!.......f.8.?V...ct...6.S.....[...d...H..y.-...}.../.....\......UNn...-E3...........#..i.qX.w.d].".......... .s...#5bt.w;+T.R#.m"....I.~..&..(._.L.+:|......y.'S.k.x.b".@....Y.Zx.....9W.p..h\...\.....4..9.b'...5.4..Hk.9qc..Ne.SJD.YMAOZ...p.{Q....BAK.V.oA\....X....}...... .....K.ljA.}.2..O....i.(....X.L?..g'.h4....X..~n...2r......n..+..._.A+.Z..Dq*.7.LM......m..FW............@........B..i...xan..`.c?>...D......L..u.~>+F...m..>(a.c..<2z...f|.#~.R....8.hF.-3'..@~..U..q..........jG..Y...4..f-.t..S.Z..J(..d.G,...]F.....dx.:..(..Ek.8..v...P^....".;...$.....?....X...f.`.>.....;7..q*..67.F.+..$..---*8+8*---1d73ea0fb90c8a1586050188f1c95

    C:\Users\user\Links\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1564
    Entropy (8bit):6.039418958806117
    Encrypted:false
    SSDEEP:24:Db1R2lcrfgTw56SbiNxq02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:FR2+DMKTrFr/ueXyBL99FSnfYli2J7
    MD5:3FCC2C31A928289F16BCEC33378C8A0F
    SHA1:BDB9D3DD98C96BE17FE449C9A7EE8A9AC9A1427C
    SHA-256:7B7D4A07302E74825FECB76A696A6C95053EFB21C5C0F20339D110943D2CF825
    SHA-512:2E9DB13083F40510EF1D789566B67ACCA50934145A1C1EE045327E6A89B924A238D609049B6A9E401CF4970BAF8B484AB551D00A10916D3DA1EFF5A01100B5F5
    Malicious:false
    Preview:"M...k....3 .d.....D%T'...(>...+....7...... CA...:.v...J.e......I...q!.+..^..[.I. ....n....`.z..{.,.......O.G.j../.1.l.g..../......fN .L..t.......IR.@T..6..z.X....u.<$...2...(..Z.J.d#.^..t...;..a..n.*D.G..J..a...4[s_i.....[[d5.~Ec<..X..............~..-).....I...+".-....bhA./.[H.{-.5....c.Xr..VbO.h.....K@...#..V.:.T..D%.Hx...f.#j.......c.s.....ti.N............RQ....6...........W._..9...,..#.&..4....?"..a.0...CI'...a..`..`.Qc........JJ).n..#c.R..}>n.\c.....p.:.g4,.4.%..._.....~..v...B...tP.@h$.s#B...----*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512e

    C:\Users\user\Music\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Music\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1564
    Entropy (8bit):6.069910464978212
    Encrypted:false
    SSDEEP:24:Db1R2UTxTb2KEHpRA402PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:FR2cnx6LA4rFr/ueXyBL99FSnfYli2J7
    MD5:16BC8A72FE390CBD98CF80DAD15338C5
    SHA1:AC8F31B5608DC011744ABC891D97D8A2834E2102
    SHA-256:0411F6CD7BAF4F4BC322E7A0CA5681F39837CAB2AF51EE4CE1B3D6668DD3C1B5
    SHA-512:B71DB58344F09CDB79F0B7C828A8F6EE69B67BF18229B5B2BECEDFD295C28EEC0F4F1D0EB77950A18B508F2E3C15C7E425E65C5B8AD7558CBCDE12B0CA6DFD18
    Malicious:false
    Preview:"M...k....3 .d.....D%T'...(>...+....7...... CA...:.v...J.e......I...q!.+..^..[.I. ....n....`.z..{.,.......O.G.j../.1.l.g..../......fN .L..t.......IR.@T..6..z.X....u.<$.......S29.z]....OR.X...?..[...M..z.G.^.4..2..{&.b......7..p...R.I.*n..Td...[).;..K.8...Y..Q............Y....x....M....mD.i$..v9..9....7.f......*....bn..U..%....gP...>.h't.t.b......Pc......n..M.....d.... ".I..Ki.y...'.|......B..H.p:._N.l....N}._.]x....Q.."...Az.p.L...f.gE:G..b.2.Y-l.H_...j........q.;.w/.0dUH....[..c.8..N..E\...i..?..---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512e

    C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):66588
    Entropy (8bit):1.6670926433938036
    Encrypted:false
    SSDEEP:192:2WFjeT645R8szlGMubFwalZ2aG64LR8sw6MSVyq2MWvUSDQi9:NjeG4/4Hw8Z2a4txMmWvR9
    MD5:8FC9F96542BCA0FEBE3DE27581AFF1EE
    SHA1:7F6D89BC060F6561C58A8E3DF418CA7BC8E5B83B
    SHA-256:CCAF0B3B106DFA738D0B540A3BA95637905E283EE613B33F757710CADC31A848
    SHA-512:A5FA4818AAF553B2F8F73E571072D690F5078A539EDF49514E7DA232EBD3B51F561DDB8AAF60A6E78870AADAEFE4492A30E4A1C4C803D04F79E44243A7F5E59C
    Malicious:false
    Preview:.n........:hB...J.....e.."...Q.8.]..X............"W.b*...$?...w.......T.v..Tn].%0C..........t.........n.P.....4.5Q)#..1;!W`..*.'`m.-..eA.p{RF.,k..;........16......\.@_..:..#..l..0...a...-..N.\.xrtJk..).T~h...:.@..y..p.....zB..Ku...V.[......y <..)-..]%92..\..z83...FA..W8.00>T.s..Z_......A!'Y.q.o.....*.my...@+...p..2.q....g...x...].....<....W),X.........7..}E25N!;u..e..G).....+................C..f%J.3.e..9sd...>o(.....:<.%..N..}Z.... .=....Pn..."......!Z.....?..g..i...A.....i.......d.7...S......Mpc.......N.........;Ys.)M^cn.2.R..5...Z.+W..p.K/V..I.lf...xr\.....xiaV..^I..Y....`....(..%.S.%.*t...:...e..%...<5h.....P.N.P..b.#.{.R.D/+m.L...<?r;K..Q..ji.]........V8...k.....3......G.M.R.......(..bb.,.e.Y.I.H|.. })M.}%..r.0..Y....Gn..X....(..KC,......`..7.U.2Svk......p..s.G....!...)g..J......0o&h.........lc(..~9.1.....kj..=..."*S....w.._..X.....-...4........~.v..).4..q...C+.i].Z..&..i.^.F.k..p,.#.j..]f.dt.s.gF..Oxg.1.0R\....|XL;../.'b...oN..g.1.r....4.b.

    C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):525340
    Entropy (8bit):1.3008854844099562
    Encrypted:false
    SSDEEP:1536:CzaLgjkzWc3aLrUTFn6hBnt12nR97A19ONbQA:ZLgwzWtvUTFn+Bnt12nkHaf
    MD5:E681C2DBE9F87554A2717B4C3D03B91D
    SHA1:AB8C599A40C591C30D418F0DD532916821E1DF8A
    SHA-256:EA13BB5006BAE170B636172B2A3FED9916271C94FC07390D43CFA4DE7863C120
    SHA-512:C8A4757CE01105992EC526568E1BEACB7041384B2A8E22DF9349E58C473D273425A0503252D56DD46E822B39418F7A3CE90DC1922D08637F5E22BA55542C7D49
    Malicious:false
    Preview:%..3y..9.)dFN,.... .8-M<..|....`..@.....>.Bm.yY...O...c.'!u.'i.E.<e@~..O.BA.7..,...en..n..y'0l...-d.. .`D.p0.#..@......z.0.....k..ki..........=.....I..(...A..... .c...<....s.. .*......_*.....+....._..7..8.....&zXQ.#..e.x..E.idF..rFV.....<..<......~..7.y....^)l~o.....;j....j/.Y..| B.}0.q.......=.0..E]/....Q.`H...C.........x:.W..:}c..apn....5.g....{..Z.v..sY.7HL.k.......t.w....*...B..@.O.....9k..r...=...2.J..P..s...R-...t%.M=K....v.M9.u t....;O..........."..j~...P......u.6.$..E.\`..H{...._.$f.|..N#........@..r.|...L..|.J...@.........\v,|........B4.<.O..y...h......1^=.."o....~....K..nZ)..@R.Mhx."............A..$...."=YV..{.F...#....%..b.Eq..S.3...N....50"..l..4...r.|!......W...M...o.........(ke.....}.;.ft....z.d~.3\i.5.."..8/....z._W-......V.\x.B'..._.o...0^.l.g.{6.o..............r..w..v..+Q@ v....$T...".G.2l..8.}".'{.Vs...F..W$0..;RR/..!.Hx0....a...g...8V.vPp..A..y...._..%.}P.t~.[.......q35.M.......gC.0'.tuL.X.._.3..)...sO_h...f..W`...

    C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):525340
    Entropy (8bit):1.3009261460089776
    Encrypted:false
    SSDEEP:768:5ITcu7tRsFh+joJ6KRDVnZnL0MC6R/eXN2TVdHKq05hxCeKbBsr8gWds0Mb0iMn9:GcuRRsFcoJTYl2xRtR4qlQjs
    MD5:F6DE85F11CD1D9A97020D77A3D40EEFA
    SHA1:40298D8F46EB11256ADAF305E1D09A81A9CDC3DD
    SHA-256:4A0539CAFC7B4D890AFB6ECBB54693D15E417343599A31A354E1B2236080371E
    SHA-512:F1F5609C8A49261EA7F6DB70B9A14A68D1A3A2D7F08C8D9FF3EF9F3CE17A7C0A189C203475F23DAE7D3B3B9A463624EBA46B7B6B12CDD1510DCCBB22EF55889C
    Malicious:false
    Preview:7..Xq..*.....l..F.2.R...,...C2.."..M..G.z..a}&...p./>.=......).....'.3.!l..t.........K.a,...k....xtG..'.C`#..;.....8........ [L.._.&..+8.S.E#8.. {......9L,1.<;.9#...'}B....*..R.i8...A....|....#.....CN:.".....d..C.......}G....\..-#..H.=2.........*`..Z..c..1...S.>....Q..s...[...l.=.dH;.7.n(4D.8*$..-.....\3..E?F./..`..6V..9.4Y*==....&...o]..p3..c.....Z.....s.....C<..........]..........s..lb...+.~.y..".%...F....kbS.5z..S.......0..6..].H...E..l..z.......i41x....M......%.....R..N<-..].....&0...(.H...O.D(.....M.uA...M...$.q......j....*.&M..>....@L.&...R.....>....h.]:w7.e....1:7....._.|..D.2p.?.&.hCD..J.b2...W$.\..X6mD'ev.9._..dV.i7\..5iW.<...1....![G.u....`A....E.F...CZ.....5..y.k]:.....X.L.(..o..........S(......6....x.K.S..zbb.-.....B!o..-.j1.m%.A..f.`.-.r....gk......rp!xD.u......0../..5.*..]...}...2K.$.....3]jLo.N.a^..2|.7&)..7..Ho.. .X#.@l...s...9..>.v.-:...W..W.........=j(?e...g....dK.2.I..U7...n.-..A..yo=...x......LQ.(.......8.H...

    C:\Users\user\OneDrive\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\OneDrive\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):4.758580568404544
    Encrypted:false
    SSDEEP:24:DbH2tAN+tt02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:GyqtrFr/ueXyBL99FSnfYli2J7
    MD5:DAB6B5CE74710DD6276CF561E4C9CE28
    SHA1:DBA32C852F03A5A6697F44189B355EF314F014BD
    SHA-256:9912B2B0CD646E04289EA008E183B450245395D02AEE350E6CAD911CAD4EE2F3
    SHA-512:D3572ADEE29C02BE53EA2D626C0761144325CA4EE561D01B4F58DC405F1E62AD7881EC8E1C1FB03F77893177A21228F8AB3EB21F0FB89977039C0AF24F2B9EA5
    Malicious:false
    Preview:"M...k....3 .d..... ...X....7..m.B....a...o}..S4..D5g../W'.6t...\....'...og%\M...oh(.....7..D.tu..@,..1.BX....D....../....v---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20af

    C:\Users\user\Pictures\Camera Roll\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Pictures\Camera Roll\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1244
    Entropy (8bit):5.15288451630608
    Encrypted:false
    SSDEEP:24:0KXLWCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:9zCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:5E0C1C9231604F36CB03DF99DE3EBC7E
    SHA1:929ED90DF6749F1A026898E33871578B617F9143
    SHA-256:316A54F13E2DD5BEE087187FDE384C12240A7687976C5AA87F8237034B2D03E0
    SHA-512:7A6AC74249DF1E37D3092DB9ABD33C1D28475E78DDB07AE1F6ADCC4B4B239036D3C7F89A0DDBF5AB6AA1503B113A3D49C5323585CFFBEF2A4327EC0D23950B66
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.....r...?i....-J/..........yev...../....+x..v....;..i...?.q.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc89c821d2813e1f7c8032556453a969e9946aa903deada1eed76ccd15888dd8cfa

    C:\Users\user\Pictures\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Pictures\Saved Pictures\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Pictures\Saved Pictures\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1244
    Entropy (8bit):5.140301050370242
    Encrypted:false
    SSDEEP:24:0KXLRKCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:9RvCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:6373ED409A17D567C15519D432EB06EE
    SHA1:8C87C5BCAA04A01963E7F69D4A3ECACCC25F1572
    SHA-256:8771717E6C3FA797006B37487DCE4A542BA3A78E11043E54033239F3DC51CA2F
    SHA-512:281346466B9E63D6FCE8FFF36EB639C0A489C34008D64177D9166BB7BDF3B0047CEB11F829D0DFD64287C4DC2BBFD6DDAD0E356A0E0EB2FEAE5FF4AC3EBB746B
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.....r...?i....-J/..........yev...../....+x...2.......0..CD.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc89c821d2813e1f7c8032556453a969e9946aa903deada1eed76ccd15888dd8cfa

    C:\Users\user\Pictures\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1564
    Entropy (8bit):6.0450794697392
    Encrypted:false
    SSDEEP:24:0KX95XEKixCRNW8CCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEcI:jlEJxwNWtCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:8020F857CB2B9FE9FF0B2E7037C636AB
    SHA1:0F1472AF0968002C87FCF5ECEECA648609C30395
    SHA-256:693DB7672AC2F99FDD4C4EA3A8E388C0867B9BDA30E54DF1DE48FC29001DC820
    SHA-512:C319B39E72F43A45326A70588E44C09AF17E161A657B6438D2822B4F5D22C81C9160AAA8C7AE03645F88B1FF1E35BEFEC62E8904BA3960E74EDBA496D1DACA2D
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3#T.vm.G..@E..t%.#..8..:../.Bw.Co.'.`.....n..HA.k.~l./...?...f.#O^>.n.....W?4...".wd.....!t.Bta.U..h...x.......HN...>.....y.....=.3E.C.d........h..p..'..T.j[..8nod./...x....L...]H..\.....n....C.M..pc\.X.0..$.m0.<.K.I.o_.-.=}S.T.%Ns..=..g......-3.&.f.#;.B..:...3...lo.K.. Ls.3K.mC..3J...x7...J.bD.&.F.<.8.ln....X....`..".&..yAG.;6..j..X.N..---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219c

    C:\Users\user\Recent\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Saved Games\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Saved Games\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1340
    Entropy (8bit):5.467085103308685
    Encrypted:false
    SSDEEP:24:0KXg+4jETCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:bKxCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:71C1AE26EDC8F86477880EA0D7A2DCA2
    SHA1:3666F0E3D95867BCEDBB0C5653525B7C765370FB
    SHA-256:8E15227A87B41D6226D97A06E552BA59183B10CF1FFD86EB298CCFE834893E54
    SHA-512:D512DBA72377C7CBAD8762E232009FAA9F688F89F847448DBE8BF7F4B0B26CFDA3D675A3ED13F8EE69127DDB985F5E425A2FE7BE11404C249384BFF711805044
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3B[q.(d....'.P.Hyj...........0#.c.]+j...,Oj.yk...f.......M..^.a..#.3.+.vs..-...0ox..Hq....h~jN...r...r.q...{.T...&.W.i..9.i---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd

    C:\Users\user\Searches\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Searches\Everywhere.search-ms.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1308
    Entropy (8bit):5.3292613518479
    Encrypted:false
    SSDEEP:24:0KA+Mkh5187qwQQVCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEX:KCKHQQ0CP1A1UuPL8aUzNpXnh1Q6WK
    MD5:FC17CF161AC0310F70C3515EDA83B6B6
    SHA1:0DD3C8EFEF32E6A25317B60AF112E24C4C307366
    SHA-256:158C3F713759C27F5B6354737486C3AC61793DA3242D8C542DE098C8F6C60A91
    SHA-512:8C48FAE517D1BE175FB2C73CD1A5E09DD406AB247D0A107A431847873E21C74C81164FCB3FB2E3BC94602FC0814DF46B8EB0BF5229DFFFE3BD4B8DB91BC68DDE
    Malicious:false
    Preview:%t.m.....u._q^..l..q.Pa....W.a}..._|/..........v7.6l...J...b.`.S@VE.R...7.X8.<._y1...K.S8.......$...T.F..DG..X`CG_.H#.2Gz?.4s..?.Q......(6.>....j..._.......%.T.....e.......0).....8...)...*6..W.....$.........l.'.D....F.l_O....u.6..d..K`I.D~...%&.j......c.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc8

    C:\Users\user\Searches\Indexed Locations.search-ms.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1308
    Entropy (8bit):5.347031125912063
    Encrypted:false
    SSDEEP:24:0KA+Mkh518arfhCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:KCH8CP1A1UuPL8aUzNpXnh1Q6WK
    MD5:186BBD9FAC26A556964F61FA9CB5DE79
    SHA1:B6CFA27489CAFCEFC6695258CD3BF2EEB87C3A53
    SHA-256:0F28E58020C621A9B8E9133CC988B6DB1928E5D82356994857BA6C769B0409B3
    SHA-512:2CEEC408B716A355CF5E749F9DB564E07B096069D57A208D30F7AB0F47938ABAAAE6A8CE1AC0C39760FD8B7AAF57B35EB7078A5D4EB01F5D5EFA4F16CDBEA8EB
    Malicious:false
    Preview:%t.m.....u._q^..l..q.Pa....W.a}..._|/..........v7.6l...J...b.`.S@VE.R...7.X8.<._y1...K.S8.......$...T.F..DG..X`CG_.H#.2Gz?.4s..?.Q......(6.>....j..._.......%.T.....+..V...p....b-W..7...*i..a.).4....W...|....X. .}...$.J.I......UX..N....cr..z$A.+W...h...K...w.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc8

    C:\Users\user\Searches\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1580
    Entropy (8bit):6.086634703464789
    Encrypted:false
    SSDEEP:48:2cvAmZU5TcCP1A1UuPL8aUzNpXnh1Q6WK:TvFuIN1UuD8HTvRn
    MD5:9CF5DDEB7EF0BD08C147D3B21C31B185
    SHA1:A28D59887E1BF15AFD555B98B3DD4D3DE93A44DE
    SHA-256:A618EDBC9231F9493388A11F9DD6B73C6BCCCE65A4D1F342FD039816D42295D6
    SHA-512:45A38F24A1860B74F381B6A56DA56590E7ADFD37BF219348FB751AC2013CA83A5C51D0E5141903BD3C6627E7E6B19F54B9F2432BB7EE4EC7DE467E80E319FF95
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3a.1..q.p....2k.......J.[.A@YL..u..9....+....R...f...=DY.l..../hY..fi.C..3.s..,.L...E.l.HE..@..W.Ki.,A.l.u|...m....B...}......VB......o%XW.+o.....)..I4.U....4.....h...yvk...o.`z...M|..ku..2.89&....2...D./.-.TS.0.[ng......v.L..V.....x.D.W...k.^......w....*v....1...{.._..Y.wK".`).....k.W.......J....^|%..].[.F..N.!...s.)f3....H...*.M..q...6.n0....s.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710

    C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1916
    Entropy (8bit):6.573192825914695
    Encrypted:false
    SSDEEP:48:Ky0aBCpbrl+EtvhZcs3Hl0Mo0CP1A1UuPL8aUzNpXnh1Q6WK:9ClttvMgl0Mo0N1UuD8HTvRn
    MD5:21E8307C93FB83300B78E9A88CB47563
    SHA1:B91930FEFEDFA01F673310212C00E1E20977AFDE
    SHA-256:DACCDD7AF53261FA99FB3C5D5C14CD02A28FD71088098515E5EBED104ACB4ACF
    SHA-512:5436F8515265F34FB37B2DAD18C4F459C38F48C5B832DF239D4D764B8545E3C8423CFCE516B6455775064F14C72EE04BB13DE90B6774D6313C554101E16D5F4A
    Malicious:false
    Preview:%t.m.....u._q^..l..q.Pa....W.a}.....k......z...[fh.....Rz).J.J.uBss...R..............f......1....l...U..I.../.*.6L......\s..)K..._.^2..xnP...dR............;su.\.j..A..g<SL,.t..~.v$J..o.Jn..D..1Z.L.iu.'.\..|..Ay.3.._.d.S..Q..evmP<\CY..e../rs...d..Pv.._.iv.N.<...f..D..1...X.h.`..>. <.J.U-Z..........[>Ke7.p..&..4..2GE.....K....3...)TD.l....a.3....Pw4.p.5)0...Q.u=..U.........j-..y.i.&..#.? .g7.(....Q..... &4.......#.....Q.....+..+".<.Sh@5.vy-..bt.j.U....). ....Ja..L ....5m...U.c..-d..1.(i....P1...X..6$.p......b28qM....e-....u....n.!H7.lC.w,E.x<....V.&NZ_|..N.hm..43Y.........g.Vx...... ...T...D.Q.K.aq.9..{.<g.Q..8.o....6..4d.N`.d...w;.(|q.....5."...,...<S...n@.vG.M.U=.IW.Vb-C....l.7[u.....z...f...%i6g`...E....=7....E.....n...~M%.1G.Q...r.3._J.A].*.8Ka.a.{..\G.....q/.Kr.k.. .....P_......#..D.k......p.;..'..Im......j.~.j......TV.`.U<---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e

    C:\Users\user\Videos\CyberVolk_ReadMe.txt

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):347
    Entropy (8bit):4.680830333675681
    Encrypted:false
    SSDEEP:6:xi7GxCX2mrcHAu8xIzGCc3CjhXYPmXrdyF5zPOjXg1wVvswqoculySufEAa+:oqQnIguJZhXYub25zOjXqwVkZclssA1
    MD5:1970E4711D514956D223B523F808ED4D
    SHA1:3BF6A90017BF22083AB735ECF3F8589A3F220E53
    SHA-256:E84FE77734D5682E498F89721B9B3F6ACAAAB134322006931C8EF7C778EDFFA2
    SHA-512:940F6F2CAC1DDA146319BB90E21B0E344995733D5851CF71B1FD084A77D2EC3D7D8CC3FFB2B4C37E766DFCE0E9A2DDB0121C30FED4F58891EBE4F493E8182A7F
    Malicious:false
    Preview:Greetings.. All your files have been encrypted by CyberVolk ransomware.. Please never try to recover your files without decryption key which I give you after pay. .They could be disappeared?.You should follow my words..Pay $1000 BTC to below address..My telegram : @hacker7.Our Team : https://t.me/cubervolk.We always welcome you and your payment.

    C:\Users\user\Videos\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1564
    Entropy (8bit):6.036676156192474
    Encrypted:false
    SSDEEP:24:0KX96iJHS2vYhCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:nzYYCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:E3652B2E70ED94450318B7F5DCDE4542
    SHA1:990B821F6AEDBD86B28F6FB39DC48D885D79092C
    SHA-256:F532227540010CA045BCC4C2B04205F539CBFC1C5D6767532DC539796AC032C2
    SHA-512:D9151A8FF9345506E35441D3BA15F84AAB390F3834C8B3322A25D4478071C63F2197C98A60CA7CF085E4A6E8610107495F27ABC042897AE42C2BAE7A7522255E
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3.k...`.w.9...C..n...q.b.+.....9.#.E/U..D`.....4?.O'.=A'..`.e.P..w......X7p\.Q...} .._..dR.............}..N.........s..-.A.:..9 ...T.7./.}..bt...4.>:D..7v.y....(._t`.D[N.e.8....vE...UcF..........D.[^)>"........D..;.^%.........3~...)}m.b....d^d+j..k..x.jM+J~.k..Mq@(=........\.P^.%S../.....uJj;..Q.L...........^.B.v.z...s..I...k...c\x....---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219c

    C:\Users\user\_curlrc.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1068
    Entropy (8bit):4.251713760950484
    Encrypted:false
    SSDEEP:24:0KKqCCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:sqXCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:04D4F96913C64CEE82F95F8F03ED463D
    SHA1:950837334D9F65B7015DC1DE2D9062CC166B351E
    SHA-256:FCFD14045F1760953E8603F233DD94839E06FC3F1EB0DF380322441620716204
    SHA-512:C489760E65F363FC0171B40DCC3F9D2C16630D8856E79A52475FEFA3A00D522DBDE81E66FF694FF67819F0B6D5DCC427484AF84183C875A0D4B18077B5A0B1E0
    Malicious:false
    Preview:%t.m.....u._q^....fU..6...Z|.---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc89c821d2813e1f7c8032556453a969e9946aa903deada1eed76ccd15888dd8cfad01c3b73a8d111f51ac674fa25c2589848782d7dd1b7c1215c456d8411a02a89c106d2c3f1b84e14e7763675bcad6f17d988d48033c84d5d68cffd3a7604701ca5f8fe10394d87997c73c6b4e6e981df2e1d8cc707290cc2

    C:\Users\user\ntuser.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1084
    Entropy (8bit):4.345820851647413
    Encrypted:false
    SSDEEP:24:DbrN02PxAwiKVZtPmewWyBRVJJEW/lHYhuS/nnfYli2JaS:JrFr/ueXyBL99FSnfYli2J7
    MD5:A0A828F809C33691EBFD7ACF0DE2167F
    SHA1:9C728A2F0E210807C82547E00E36DE4FE6C61DB8
    SHA-256:73299FE74688AC45997950645DCBFC444FA1E33CC2A79F758540471D614D2680
    SHA-512:1E7A5ED4B81611547AC55E7F46A100EA2262D7D02D56A1A3730E3AF6E7661DFF116F0CA70C89CD58738CE658E19A6A8D1CBF862E95A7CEFADDB21B75B02C210D
    Malicious:false
    Preview:"M...k....3 .d....$..r..{C.*k\......b.......~---*8+8*---1d73ea0fb90c8a1586050188f1c957f4ac5a241e739918d3fc878f5986f96169a90887b61abe5aaf4068240ee19d206c305b78fce7d657f7c846c1e42333c1fe392377dfc518bb61866241001416e455682295d7cc2510db4baadf77f7c884137df2f7595375246dc1d57ababf07f8fe9ea815d38773ad551e8ee405bd49402f07016d8408f651e4bee27a72e762dab502a87e7feaf8efaf87ca869b53d4c935fb572c5b0492ab7bda9ecdabeb8b1b2c4c4a2c9ca419e2e4c012a53d01df2c8f5c2c887e2c0035004e3a6bc3f922c2083010b72128fbc22381281434d1f3e93ecfb2e2520512ed8cdc6927e68bb6f985fa197899be2c268740d9d90bfb214a48aad4640eb9b8a4774b3f7745e3d2daad3f89b06ae6ba3a70830cf495bf478eb5fad302c5241b0daef7282ebe2ac5da8b0257fb65e8d1c9d0f3ddb42ca00ce233d01a47396b6a9d66284a6a37739f63bcf1ac424cf3bb1f6266a73ace21b31948e040c603ec9c0c43908d6d4cf79b1a932aa9d1773f4f460b21258746b55edd29120988a6e362eb004604edc17b7f82f64d8412487bfb0a770d3254c2030cba2fb0383ebbd13986505b16f13ea20afe34fcbe6be324132c2262dc8ce72a23ac1e9f1e1d279637600abf9d585a91fb0598186153d6b03ed

    C:\Users\desktop.ini.CyberVolk

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:data
    Category:dropped
    Size (bytes):1228
    Entropy (8bit):5.058807891672308
    Encrypted:false
    SSDEEP:24:0KXNCCSzbC1AupOE2UuPL8clUzat0pXTyymWUg1zJb7Q0+2gpnEc9K:SCP1A1UuPL8aUzNpXnh1Q6WK
    MD5:EB51991DFD925B2736ED5BC153B56A45
    SHA1:B5B82657F6D0963F163968C73D8B0F7EFB64A828
    SHA-256:5B9E10BA875BB0C2647AB57C84507F6D7F537257FA645A06A43376A7B7D37E16
    SHA-512:1D4E6E2ACA7C863B714327029157870B0B0DAB6ABBB8C83D2636BCCD63666E3D52D78C3B1AD42EA1CB4713442BC23F683F0B4A795185D4131581E14984F06F0C
    Malicious:false
    Preview:%t.m.....u._q^.....r..>...Lsb.o.g...w.f...a....>..........W..[..U.;9..>...|.P.>`.K.#..@.o;...........F..M.....R..?...}......oM%)HF.....!.1_4...\G.+.... g.(..H;..5....3...b.;.."...---*8+8*---b8d3d7fe07f33f5169736f283c23a5190dfa2d664c38ade83b4a4bcf88d960a489668ed5328a630a69230aaec38ef1c342e1d8b6ead4e5ba3c80dd355d225767eb092731a885e86ecb9707050898771de9cbea38e970c8fc5ecc51c576422a3ed04d25cc5bdf4de3b554b0f86c58c8d06c7ba03b40488fbd8f62c260aacbcb70a03dac39d986e05f7c9494fc33532790e960ee7f4478a411ce43a54112185ec32054733b259dcd068057594e2f9586a98bcf2e356a468e77c4a20aee36ef1c4b4aa9de53f41b954883b2133f59a71eeab41ed9d83307fea3cb1a805a99710918f5238f46c219ca3ad5ab3c31e470198dcf708023ed0574107243157d0805d0e6dfee6ed5ee5741b82677ae55c8009028932827ed993cbb7f202ccf0bafcf6d0508fd6f65a9257a4ab60a7c2a65eeb96ec486a0a901e9effd3209ad074fbac446169b7e109e1f0bc76f0b6665c880268fb00543f40bfbd4e5cc4429b67e3903f5fb41244329cc89c821d2813e1f7c8032556453a969e9946aa903deada1eed76ccd15888dd8cfad01c3b73a8d111f5

    \Device\ConDrv

    Download File
    Process:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):31474
    Entropy (8bit):5.400622690566633
    Encrypted:false
    SSDEEP:192:IglensjUX6QuR3NPeadKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKy:E6nPo
    MD5:3704DB0A5E1EA7E7D3920CD4EDFE3AC3
    SHA1:995740A7E221404B0447A14841E3411546061C9A
    SHA-256:146B6D2702A5439D824F7A594D5D2480AABA2A45249302C2DF62F988F963D64F
    SHA-512:FE68BB72AB9B854C1CE8D04355683ED636B5892C70B16E12EB3DB9720B5691F5C8BCC073FA5240FC77281480B3A7D15A883413052DCB5258EE381C9896A069F3
    Malicious:false
    Preview:Wallpaper set successfully...Encrypting File : C:\Users\user\.curlrc..Encrypting File : C:\Users\user\3D Objects\desktop.ini..Encrypting File : C:\Users\user\Contacts\desktop.ini..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.xlsx..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT\EWZCVGNOWT.jpg..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT\JDDHMPCDUJ.mp3..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT\KLIZUSIQEN.png..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.pdf..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT.docx..Encrypting File : C:\Users\user\Desktop\BJZFPPWAPT.xlsx..Encrypting File : C:\Users\user\Desktop\desktop.ini..Encrypting File : C:\Users\user\Desktop\DUUDTUBZFW.jpg..Encrypting File : C:\Users\user\Desktop\DUUDTUBZFW.xlsx..Encrypting File : C:\Users\user\Desktop\EOWRVPQCCS.png..Encrypting File : C:\Users\user\Desktop\EWZCVGNO

    Static File Info

    General

    File type:PE32 executable (console) Intel 80386, for MS Windows
    Entropy (8bit):7.090697371035919
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:JpQFDOA7Uk.exe
    File size:8'167'424 bytes
    MD5:4e66429d85967e344d8354e9b81719dc
    SHA1:b958fb7241cc9675b8dd967b02df6a6ad92de52d
    SHA256:de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324
    SHA512:8645025d5c94eb2580c6094f47f733a7ab27d1482e4e5bcc9f93dc0e419b4d50fc1a1e0236ba8204f07389136032a9ebe64f5ea9cd3e42ddf2879a516d6cbe09
    SSDEEP:196608:9RRRRRgRRRRRRRRRRRRRURRRRRRRRRRRRR/3LRcDRRRRRH56RRRRR9BcM9tpfHmH:9RRRRRgRRRRRRRRRRRRRURRRRRRRRRR6
    TLSH:EB86AF3256D37356E5616F3930B08730E25AECC1264FA6066305F5EABEF11BB5F9C2A0
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................7...........................Ur......Ur......Ur......eq......eqq.....eq......Rich............PE..L..

    File Icon

    Icon Hash:00928e8e8686b000

    Static PE Info

    General

    Entrypoint:0x401367
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows cui
    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    DLL Characteristics:TERMINAL_SERVER_AWARE
    Time Stamp:0x668E1122 [Wed Jul 10 04:42:10 2024 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:0982e392aba6a868dc7bda8b61e977ab

    Entrypoint Preview

    Instruction
    call 00007F8E248A6FBDh
    jmp 00007F8E248A6B59h
    jmp 00007F8E248B0DE1h
    push ebp
    mov ebp, esp
    jmp 00007F8E248A6CEFh
    push dword ptr [ebp+08h]
    call 00007F8E248B29D3h
    pop ecx
    test eax, eax
    je 00007F8E248A6CF1h
    push dword ptr [ebp+08h]
    call 00007F8E248B0DB1h
    pop ecx
    test eax, eax
    je 00007F8E248A6CC8h
    pop ebp
    ret
    cmp dword ptr [ebp+08h], FFFFFFFFh
    je 00007F8E248A73A7h
    jmp 00007F8E248A7384h
    push ebp
    mov ebp, esp
    mov eax, dword ptr [ebp+08h]
    push esi
    mov ecx, dword ptr [eax+3Ch]
    add ecx, eax
    movzx eax, word ptr [ecx+14h]
    lea edx, dword ptr [ecx+18h]
    add edx, eax
    movzx eax, word ptr [ecx+06h]
    imul esi, eax, 28h
    add esi, edx
    cmp edx, esi
    je 00007F8E248A6CFBh
    mov ecx, dword ptr [ebp+0Ch]
    cmp ecx, dword ptr [edx+0Ch]
    jc 00007F8E248A6CECh
    mov eax, dword ptr [edx+08h]
    add eax, dword ptr [edx+0Ch]
    cmp ecx, eax
    jc 00007F8E248A6CEEh
    add edx, 28h
    cmp edx, esi
    jne 00007F8E248A6CCCh
    xor eax, eax
    pop esi
    pop ebp
    ret
    mov eax, edx
    jmp 00007F8E248A6CDBh
    push esi
    call 00007F8E248A7555h
    test eax, eax
    je 00007F8E248A6D02h
    mov eax, dword ptr fs:[00000018h]
    mov esi, 0042C9A4h
    mov edx, dword ptr [eax+04h]
    jmp 00007F8E248A6CE6h
    cmp edx, eax
    je 00007F8E248A6CF2h
    xor eax, eax
    mov ecx, edx
    lock cmpxchg dword ptr [esi], ecx
    test eax, eax
    jne 00007F8E248A6CD2h
    xor al, al
    pop esi
    ret
    mov al, 01h
    pop esi
    ret
    push ebp
    mov ebp, esp
    cmp dword ptr [ebp+08h], 00000000h
    jne 00007F8E248A6CE9h
    mov byte ptr [0042C9A8h], 00000001h
    call 00007F8E248A7340h

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x2a4040x64.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x310000x79e9a0.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
    IMAGE_DIRECTORY_ENTRY_DEBUG0x293f00x38.rdata
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x293300x40.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x230000x20c.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x2179c0x218008ec5ee60cd4ab09755c4e6a64ea4ac18False0.5522023670708955COM executable for DOS6.638895728332605IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x230000x7f420x8000dee617dfd318e2fd9770a2e23d3234abFalse0.463958740234375OpenPGP Public Key Version 25.1922661075956995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x2b0000x5cbc0x1a0025473274afa92567c8c8914a70b769acFalse0.470703125DOS executable (block device driver)4.628521520525546IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0x310000x79e9a00x79ea00a5274a96925125ea0d5c983a555f784dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    AFX_DIALOG_LAYOUT0x312780x2dataEnglishUnited States5.0
    RT_BITMAP0x312800x1afaf4Device independent bitmap graphic, 939 x 627 x 24, image size 1768140EnglishUnited States0.45211315155029297
    RT_BITMAP0x1e0d780x5eec28Device independent bitmap graphic, 1920 x 1080 x 24, image size 6220800EnglishUnited States0.2339496612548828
    RT_DIALOG0x311400x136dataEnglishUnited States0.6064516129032258

    Imports

    DLLImport
    USER32.dllEndPaint, GetWindowLongW, PostMessageW, SetWindowPos, EndDialog, GetSystemMetrics, ShowWindow, OpenClipboard, GetDlgItemTextA, SetTimer, DrawTextA, CloseClipboard, EmptyClipboard, MessageBoxA, LoadBitmapW, SetClipboardData, wsprintfW, GetDlgItem, SetRect, KillTimer, SystemParametersInfoW, DialogBoxParamW, FindWindowA, LoadImageW, InvalidateRect, BeginPaint, MessageBoxW
    GDI32.dllBitBlt, CreateFontA, SelectObject, CreateCompatibleDC, DeleteDC, SetTextColor, SetBkMode, GetObjectW, DeleteObject
    SHELL32.dllSHGetFolderPathA
    KERNEL32.dllGetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, GetFileSizeEx, FreeEnvironmentStringsW, MultiByteToWideChar, LCMapStringW, CompareStringW, SetEnvironmentVariableW, GetStringTypeW, GetProcessHeap, FlushFileBuffers, WriteConsoleW, HeapSize, HeapReAlloc, WideCharToMultiByte, UnhandledExceptionFilter, HeapFree, GetFileAttributesW, SetFileAttributesW, DeleteFileW, SizeofResource, FindFirstFileW, FindNextFileW, WriteFile, WaitForMultipleObjects, GetTempPathW, FindClose, CreateFileW, GetSystemDirectoryW, FreeResource, Sleep, LockResource, GlobalAlloc, CloseHandle, CreateThread, LoadResource, FindResourceW, GlobalLock, GetModuleHandleW, GetConsoleWindow, GlobalUnlock, GetDriveTypeW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, DecodePointer, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetCurrentProcess, TerminateProcess, HeapAlloc, RaiseException, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, SetEndOfFile, SetFilePointerEx, ReadFile, GetConsoleMode, ReadConsoleW, GetFileType, GetConsoleOutputCP, ExitProcess, GetModuleHandleExW, QueryPerformanceFrequency, GetStdHandle, GetModuleFileNameW, GetCommandLineA, GetCommandLineW, SetStdHandle

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States

    Network Behavior

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Oct 6, 2024 10:03:33.312390089 CEST5352712162.159.36.2192.168.2.5
    Oct 6, 2024 10:03:33.789691925 CEST5763653192.168.2.51.1.1.1
    Oct 6, 2024 10:03:33.797420025 CEST53576361.1.1.1192.168.2.5

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Oct 6, 2024 10:03:33.789691925 CEST192.168.2.51.1.1.10x7e99Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Oct 6, 2024 10:03:33.797420025 CEST1.1.1.1192.168.2.50x7e99Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:04:03:00
    Start date:06/10/2024
    Path:C:\Users\user\Desktop\JpQFDOA7Uk.exe
    Wow64 process (32bit):true
    Commandline:"C:\Users\user\Desktop\JpQFDOA7Uk.exe"
    Imagebase:0x400000
    File size:8'167'424 bytes
    MD5 hash:4E66429D85967E344D8354E9B81719DC
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:1
    Start time:04:03:01
    Start date:06/10/2024
    Path:C:\Windows\System32\conhost.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Imagebase:0x7ff6d64d0000
    File size:862'208 bytes
    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:13.1%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:11%
      Total number of Nodes:2000
      Total number of Limit Nodes:10
      execution_graph 10473 4225c0 10474 4225d5 FindWindowA 10473->10474 10475 4225e2 PostMessageW 10474->10475 10476 4225eb Sleep 10474->10476 10475->10476 10476->10474 10477 4220a0 10478 4220fe 10477->10478 10479 4220cf 10477->10479 10480 422120 119 API calls 10478->10480 10484 422120 10479->10484 10482 42210c 10480->10482 10483 4220ee Sleep 10483->10478 10483->10479 10486 42212d __wsopen_s 10484->10486 10485 422599 10485->10483 10486->10485 10486->10486 10487 422192 GetSystemDirectoryW 10486->10487 10488 422277 wsprintfW FindFirstFileW 10487->10488 10489 4221ec wsprintfW 10487->10489 10488->10485 10519 4222b0 10488->10519 10491 422230 __dosmaperr 10489->10491 10492 422254 10491->10492 10493 422268 GetFileAttributesW 10491->10493 10495 422120 109 API calls 10492->10495 10493->10485 10493->10488 10494 4224b9 FindNextFileW 10496 4224cf 10494->10496 10494->10519 10497 422261 10495->10497 10567 4054b4 10496->10567 10497->10483 10500 4054b4 39 API calls 10502 422501 10500->10502 10501 4054b4 39 API calls 10501->10519 10503 422570 10502->10503 10504 42250a 10502->10504 10505 422592 FindClose 10503->10505 10506 422576 DeleteFileW 10503->10506 10576 40b9dd 10504->10576 10505->10485 10627 404ae8 DeleteFileW 10506->10627 10510 42258f 10510->10505 10511 422524 10512 422556 10511->10512 10579 40bf6c 10511->10579 10585 40bb30 10512->10585 10514 4224b1 Sleep 10514->10494 10519->10494 10519->10501 10519->10514 10520 422120 109 API calls 10519->10520 10521 401070 77 API calls 10519->10521 10522 41b570 10519->10522 10591 41b050 10519->10591 10520->10519 10521->10519 10632 40a551 10522->10632 10524 41b8fe 10525 41b911 GetFileAttributesW SetFileAttributesW DeleteFileW 10524->10525 10526 40a602 44 API calls 10524->10526 10525->10519 10528 41b90e 10526->10528 10528->10525 10530 41b654 10531 4054b4 39 API calls 10530->10531 10532 41b667 10531->10532 10533 4054b4 39 API calls 10532->10533 10534 41b678 10533->10534 10535 4054b4 39 API calls 10534->10535 10536 41b68a 10535->10536 10537 40a551 __wsopen_s 96 API calls 10536->10537 10540 41b6a3 10537->10540 10538 41b8c3 10538->10524 10746 40a602 10538->10746 10540->10538 10644 41b980 10540->10644 10543 41b980 40 API calls 10544 41b711 10543->10544 10651 40af47 10544->10651 10547 41b722 __wsopen_s 10548 40af47 72 API calls __wsopen_s 10547->10548 10549 41b82d 10547->10549 10657 405010 10547->10657 10548->10547 10550 40af47 __wsopen_s 72 API calls 10549->10550 10551 41b83c 10550->10551 10687 4046ec 10551->10687 10569 4054c3 10567->10569 10572 4054d1 10567->10572 10568 40e714 __dosmaperr 14 API calls 10575 4054db 10568->10575 10569->10572 10573 4054ff 10569->10573 10570 40de18 __wsopen_s 39 API calls 10571 4054e5 10570->10571 10571->10500 10572->10568 10573->10571 10574 40e714 __dosmaperr 14 API calls 10573->10574 10574->10575 10575->10570 11684 40b927 10576->11684 10580 40bf7f __wsopen_s 10579->10580 11735 40bd4e 10580->11735 10582 40bf94 10583 4043cb __wsopen_s 39 API calls 10582->10583 10584 40bfa1 10583->10584 10584->10511 10586 40bb43 __wsopen_s 10585->10586 11803 40ba0b 10586->11803 10588 40bb4f 10589 4043cb __wsopen_s 39 API calls 10588->10589 10590 40bb5b FindClose 10589->10590 10590->10483 10592 41b100 10591->10592 10593 4010f4 3 API calls 10592->10593 10594 41b14d 10593->10594 10595 40a551 __wsopen_s 96 API calls 10594->10595 10596 41b1ba 10595->10596 10597 40a551 __wsopen_s 96 API calls 10596->10597 10598 41b4a2 10596->10598 10610 41b1dd 10597->10610 10599 41e9a0 14 API calls 10598->10599 10600 41b4b6 10598->10600 10599->10600 10601 41b4f6 10600->10601 10602 40a602 44 API calls 10600->10602 10603 41b506 10601->10603 10604 40a602 44 API calls 10601->10604 10602->10601 10605 404ae8 16 API calls 10603->10605 10604->10603 10606 41b511 10605->10606 10606->10519 10607 4048cb 43 API calls 10609 41b2d2 10607->10609 10611 405010 53 API calls 10609->10611 10610->10598 10612 405010 53 API calls 10610->10612 10617 41b2a0 10610->10617 11837 4048cb 10610->11837 10613 41b2e3 10611->10613 10612->10610 10614 4048cb 43 API calls 10613->10614 10615 41b2f4 10614->10615 10616 41ecd0 22 API calls 10615->10616 10618 41b2f9 10616->10618 10617->10598 10617->10607 11843 419d70 10618->11843 10628 404afa GetLastError 10627->10628 10629 404b0c 10627->10629 10630 40e6ba __dosmaperr 14 API calls 10628->10630 10629->10510 10631 404b06 10630->10631 10631->10510 10758 409a76 10632->10758 10635 4010f4 10636 401376 10635->10636 10637 401395 10636->10637 10638 40d071 __dosmaperr 2 API calls 10636->10638 10640 401397 10636->10640 10637->10530 10638->10636 10639 401a61 10641 4025ac RaiseException 10639->10641 10640->10639 11388 4025ac 10640->11388 10643 401a7e 10641->10643 10643->10530 11391 40b2ab GetSystemTimeAsFileTime 10644->11391 10646 41b98d 11393 40498a 10646->11393 10648 41b704 10648->10543 10650 41b993 10650->10648 11396 404969 10650->11396 10652 40af5a __wsopen_s 10651->10652 11426 40af7e 10652->11426 10655 4043cb __wsopen_s 39 API calls 10656 40af79 10655->10656 10656->10547 10658 40501c __wsopen_s 10657->10658 10659 405024 10658->10659 10663 40503f 10658->10663 10660 40e701 __dosmaperr 14 API calls 10659->10660 10661 405029 10660->10661 10662 40e714 __dosmaperr 14 API calls 10661->10662 10686 405031 10662->10686 10664 405056 10663->10664 10666 405091 10663->10666 10665 40e701 __dosmaperr 14 API calls 10664->10665 10667 40505b 10665->10667 10668 40509a 10666->10668 10669 4050af 10666->10669 10670 40e714 __dosmaperr 14 API calls 10667->10670 10671 40e701 __dosmaperr 14 API calls 10668->10671 11442 40d876 EnterCriticalSection 10669->11442 10674 405063 10670->10674 10675 40509f 10671->10675 10673 4050b5 10676 4050d4 10673->10676 10677 4050e9 10673->10677 10680 40de18 __wsopen_s 39 API calls 10674->10680 10678 40e714 __dosmaperr 14 API calls 10675->10678 10679 40e714 __dosmaperr 14 API calls 10676->10679 10681 405129 __wsopen_s 51 API calls 10677->10681 10678->10674 10682 4050d9 10679->10682 10680->10686 10683 4050e4 10681->10683 10684 40e701 __dosmaperr 14 API calls 10682->10684 11443 405121 10683->11443 10684->10683 10686->10547 10688 4046ff __wsopen_s 10687->10688 11447 404407 10688->11447 10691 4043cb __wsopen_s 39 API calls 10692 40471e 10691->10692 10693 41ecd0 10692->10693 10694 41ecda 10693->10694 10696 41ece3 10694->10696 11467 420f20 MessageBoxW 10694->11467 10697 41b853 10696->10697 10698 420f20 22 API calls 10696->10698 10700 41ae00 10697->10700 10699 41ed28 10698->10699 10701 41ae12 10700->10701 10702 41b010 10701->10702 10703 41ae1f 10701->10703 10704 420f20 22 API calls 10702->10704 10705 41b01a 10703->10705 10707 41ae33 10703->10707 10704->10705 10706 420f20 22 API calls 10705->10706 10708 41b024 10706->10708 10707->10708 10710 41ae66 10707->10710 10709 420f20 22 API calls 10708->10709 10711 41b02e 10709->10711 10710->10711 10714 41ae7a 10710->10714 10712 420f20 22 API calls 10711->10712 10713 41b038 10712->10713 10715 420f20 22 API calls 10713->10715 10714->10713 10718 41aead 10714->10718 10716 41b042 10715->10716 10717 420f20 22 API calls 10716->10717 10719 41b04c 10717->10719 10718->10716 10720 41aec1 10718->10720 11539 41eae0 10720->11539 10723 41eae0 22 API calls 10724 41aef6 10723->10724 10747 40a615 __wsopen_s 10746->10747 11664 40a632 10747->11664 10750 4043cb __wsopen_s 39 API calls 10751 40a62d 10750->10751 10751->10524 10759 409a82 __wsopen_s 10758->10759 10760 409a89 10759->10760 10762 409ab4 10759->10762 10816 40e714 10760->10816 10769 40a227 10762->10769 10768 409a98 10768->10524 10768->10635 10826 409f75 10769->10826 10772 40a272 10844 40d94e 10772->10844 10773 40a259 10858 40e701 10773->10858 10777 40a25e 10782 40e714 __dosmaperr 14 API calls 10777->10782 10778 40a280 10780 40e701 __dosmaperr 14 API calls 10778->10780 10779 40a297 10857 409ee0 CreateFileW 10779->10857 10783 40a285 10780->10783 10806 409ad8 10782->10806 10784 40e714 __dosmaperr 14 API calls 10783->10784 10784->10777 10785 40a34d GetFileType 10786 40a358 GetLastError 10785->10786 10787 40a39f 10785->10787 10790 40e6ba __dosmaperr 14 API calls 10786->10790 10867 40d899 10787->10867 10788 40a322 GetLastError 10862 40e6ba 10788->10862 10792 40a366 CloseHandle 10790->10792 10791 40a2d0 10791->10785 10791->10788 10861 409ee0 CreateFileW 10791->10861 10792->10777 10794 40a38f 10792->10794 10798 40e714 __dosmaperr 14 API calls 10794->10798 10796 40a315 10796->10785 10796->10788 10800 40a394 10798->10800 10799 40a40c 10804 40a413 10799->10804 10897 409c8a 10799->10897 10800->10777 10891 40a6d5 10804->10891 10805 40a44f 10805->10806 10808 40a4cb CloseHandle 10805->10808 10822 409b0b 10806->10822 10924 409ee0 CreateFileW 10808->10924 10810 40a4f6 10811 40a500 GetLastError 10810->10811 10812 40a52c 10810->10812 10813 40e6ba __dosmaperr 14 API calls 10811->10813 10812->10806 10814 40a50c 10813->10814 10925 40da61 10814->10925 10817 40e2eb __dosmaperr 14 API calls 10816->10817 10818 409a8e 10817->10818 10819 40de18 10818->10819 11381 40dd64 10819->11381 10823 409b11 10822->10823 10825 409b4f 10822->10825 11387 40d92b LeaveCriticalSection 10823->11387 10825->10768 10827 409f96 10826->10827 10828 409fb0 10826->10828 10827->10828 10830 40e714 __dosmaperr 14 API calls 10827->10830 10934 409f05 10828->10934 10831 409fa5 10830->10831 10832 40de18 __wsopen_s 39 API calls 10831->10832 10832->10828 10833 409fe8 10834 40a017 10833->10834 10836 40e714 __dosmaperr 14 API calls 10833->10836 10842 40a06a 10834->10842 10941 40cdc6 10834->10941 10838 40a00c 10836->10838 10837 40a065 10839 40a0e2 10837->10839 10837->10842 10840 40de18 __wsopen_s 39 API calls 10838->10840 10948 40de28 IsProcessorFeaturePresent 10839->10948 10840->10834 10842->10772 10842->10773 10843 40a0ee 10845 40d95a __wsopen_s 10844->10845 10966 4107f7 EnterCriticalSection 10845->10966 10847 40d961 10848 40d986 10847->10848 10853 40d9f5 EnterCriticalSection 10847->10853 10855 40d9a8 10847->10855 10970 40d728 10848->10970 10854 40da02 LeaveCriticalSection 10853->10854 10853->10855 10854->10847 10967 40da58 10855->10967 10857->10791 11020 40e2eb GetLastError 10858->11020 10860 40e706 10860->10777 10861->10796 10863 40e701 __dosmaperr 14 API calls 10862->10863 10864 40e6c5 __dosmaperr 10863->10864 10865 40e714 __dosmaperr 14 API calls 10864->10865 10866 40e6d8 10865->10866 10866->10777 10868 40d911 10867->10868 10869 40d8a8 10867->10869 10870 40e714 __dosmaperr 14 API calls 10868->10870 10869->10868 10874 40d8ce __wsopen_s 10869->10874 10871 40d916 10870->10871 10872 40e701 __dosmaperr 14 API calls 10871->10872 10873 40a3c0 10872->10873 10873->10799 10876 40a0ef 10873->10876 10874->10873 10875 40d8f8 SetStdHandle 10874->10875 10875->10873 10877 40a149 10876->10877 10878 40a117 10876->10878 10877->10799 10878->10877 11084 40490b 10878->11084 10881 40a137 10884 40e701 __dosmaperr 14 API calls 10881->10884 10882 40a14d 11090 405129 10882->11090 10886 40a13c 10884->10886 10886->10877 10889 40e714 __dosmaperr 14 API calls 10886->10889 10887 40a175 10887->10886 10888 40490b __wsopen_s 41 API calls 10887->10888 10888->10886 10889->10877 10892 40a6e8 __wsopen_s 10891->10892 11368 40a705 10892->11368 10894 40a6f4 10895 4043cb __wsopen_s 39 API calls 10894->10895 10896 40a700 10895->10896 10896->10806 10898 409da5 10897->10898 10899 409cbb 10897->10899 10898->10804 10898->10805 10900 40cdc6 __wsopen_s 39 API calls 10899->10900 10907 409cdb 10899->10907 10901 409cd2 10900->10901 10902 409ed5 10901->10902 10901->10907 10903 40de28 __wsopen_s 11 API calls 10902->10903 10904 409edf 10903->10904 10905 409dcb 10905->10898 10906 405129 __wsopen_s 51 API calls 10905->10906 10910 409dd5 10905->10910 10914 409dfb 10906->10914 10907->10898 10907->10905 10908 40490b __wsopen_s 41 API calls 10907->10908 10909 409d9c 10907->10909 10911 409db5 10908->10911 10909->10898 10909->10910 10912 40af47 __wsopen_s 72 API calls 10909->10912 10910->10898 10918 40e714 __dosmaperr 14 API calls 10910->10918 10911->10909 10917 409dc0 10911->10917 10912->10909 10913 409e66 10919 40490b __wsopen_s 41 API calls 10913->10919 10914->10898 10914->10910 10914->10913 10915 409e40 10914->10915 10916 409e33 10914->10916 10915->10913 10922 409e48 10915->10922 10920 40e714 __dosmaperr 14 API calls 10916->10920 10921 40490b __wsopen_s 41 API calls 10917->10921 10918->10898 10919->10910 10920->10910 10921->10905 10923 40490b __wsopen_s 41 API calls 10922->10923 10923->10910 10924->10810 10926 40da70 10925->10926 10927 40dad7 10925->10927 10926->10927 10932 40da9a __wsopen_s 10926->10932 10928 40e714 __dosmaperr 14 API calls 10927->10928 10929 40dadc 10928->10929 10930 40e701 __dosmaperr 14 API calls 10929->10930 10931 40dac7 10930->10931 10931->10812 10932->10931 10933 40dac1 SetStdHandle 10932->10933 10933->10931 10936 409f1d 10934->10936 10935 409f38 10935->10833 10936->10935 10937 40e714 __dosmaperr 14 API calls 10936->10937 10938 409f5c 10937->10938 10939 40de18 __wsopen_s 39 API calls 10938->10939 10940 409f67 10939->10940 10940->10833 10942 40cdd2 10941->10942 10943 40cde7 10941->10943 10944 40e714 __dosmaperr 14 API calls 10942->10944 10943->10837 10945 40cdd7 10944->10945 10946 40de18 __wsopen_s 39 API calls 10945->10946 10947 40cde2 10946->10947 10947->10837 10949 40de34 10948->10949 10952 40dc1c 10949->10952 10953 40dc38 __wsopen_s 10952->10953 10954 40dc64 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10953->10954 10957 40dd35 __wsopen_s 10954->10957 10956 40dd53 GetCurrentProcess TerminateProcess 10956->10843 10958 401c6c 10957->10958 10959 401c74 10958->10959 10960 401c75 IsProcessorFeaturePresent 10958->10960 10959->10956 10962 401cb7 10960->10962 10965 401c7a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 10962->10965 10964 401d9a 10964->10956 10965->10964 10966->10847 10978 41083f LeaveCriticalSection 10967->10978 10969 40a277 10969->10778 10969->10779 10979 40db5c 10970->10979 10972 40d73a 10976 40d747 10972->10976 10986 40ea9a 10972->10986 10991 40dbb9 10976->10991 10977 40d876 EnterCriticalSection 10977->10855 10978->10969 10985 40db69 __dosmaperr 10979->10985 10980 40dba9 10982 40e714 __dosmaperr 13 API calls 10980->10982 10981 40db94 RtlAllocateHeap 10983 40dba7 10981->10983 10981->10985 10982->10983 10983->10972 10985->10980 10985->10981 10997 40d071 10985->10997 11006 40e85a 10986->11006 10988 40eab6 10989 40ead4 InitializeCriticalSectionAndSpinCount 10988->10989 10990 40eabf 10988->10990 10989->10990 10990->10972 10992 40d79c 10991->10992 10993 40dbc4 RtlFreeHeap 10991->10993 10992->10855 10992->10977 10993->10992 10994 40dbd9 GetLastError 10993->10994 10995 40dbe6 __dosmaperr 10994->10995 10996 40e714 __dosmaperr 12 API calls 10995->10996 10996->10992 11000 40d09d 10997->11000 11001 40d0a9 __wsopen_s 11000->11001 11002 4107f7 __wsopen_s EnterCriticalSection 11001->11002 11003 40d0b4 __dosmaperr 11002->11003 11004 40d0eb __dosmaperr LeaveCriticalSection 11003->11004 11005 40d07c 11004->11005 11005->10985 11007 40e88a 11006->11007 11011 40e886 __dosmaperr 11006->11011 11007->11011 11012 40e78f 11007->11012 11010 40e8a4 GetProcAddress 11010->11011 11011->10988 11018 40e7a0 __dosmaperr 11012->11018 11013 40e7be LoadLibraryExW 11014 40e7d9 GetLastError 11013->11014 11015 40e83d 11013->11015 11014->11018 11016 40e836 11015->11016 11017 40e84f FreeLibrary 11015->11017 11016->11010 11016->11011 11017->11016 11018->11013 11018->11016 11019 40e80c LoadLibraryExW 11018->11019 11019->11015 11019->11018 11021 40e301 11020->11021 11022 40e307 11020->11022 11043 40ea19 11021->11043 11026 40e30b SetLastError 11022->11026 11048 40ea58 11022->11048 11026->10860 11028 40db5c __dosmaperr 12 API calls 11029 40e338 11028->11029 11030 40e340 11029->11030 11031 40e351 11029->11031 11033 40ea58 __dosmaperr 6 API calls 11030->11033 11032 40ea58 __dosmaperr 6 API calls 11031->11032 11034 40e35d 11032->11034 11040 40e34e 11033->11040 11035 40e361 11034->11035 11036 40e378 11034->11036 11037 40ea58 __dosmaperr 6 API calls 11035->11037 11053 40dfc8 11036->11053 11037->11040 11038 40dbb9 __freea 12 API calls 11038->11026 11040->11038 11042 40dbb9 __freea 12 API calls 11042->11026 11044 40e85a __dosmaperr 5 API calls 11043->11044 11045 40ea35 11044->11045 11046 40ea50 TlsGetValue 11045->11046 11047 40ea3e 11045->11047 11047->11022 11049 40e85a __dosmaperr 5 API calls 11048->11049 11050 40ea74 11049->11050 11051 40ea92 TlsSetValue 11050->11051 11052 40e323 11050->11052 11052->11026 11052->11028 11058 40de5c 11053->11058 11059 40de68 __wsopen_s 11058->11059 11072 4107f7 EnterCriticalSection 11059->11072 11061 40de72 11073 40dea2 11061->11073 11064 40df6e 11065 40df7a __wsopen_s 11064->11065 11076 4107f7 EnterCriticalSection 11065->11076 11067 40df84 11077 40e14f 11067->11077 11069 40df9c 11081 40dfbc 11069->11081 11072->11061 11074 41083f __wsopen_s LeaveCriticalSection 11073->11074 11075 40de90 11074->11075 11075->11064 11076->11067 11078 40e15e __dosmaperr 11077->11078 11080 40e185 __dosmaperr 11077->11080 11079 4130dd __dosmaperr 14 API calls 11078->11079 11078->11080 11079->11080 11080->11069 11082 41083f __wsopen_s LeaveCriticalSection 11081->11082 11083 40dfaa 11082->11083 11083->11042 11085 40491f __wsopen_s 11084->11085 11161 404848 11085->11161 11087 404934 11167 4043cb 11087->11167 11091 405153 11090->11091 11092 40513b 11090->11092 11093 405495 11091->11093 11097 405196 11091->11097 11094 40e701 __dosmaperr 14 API calls 11092->11094 11096 40e701 __dosmaperr 14 API calls 11093->11096 11095 405140 11094->11095 11098 40e714 __dosmaperr 14 API calls 11095->11098 11099 40549a 11096->11099 11101 4051a1 11097->11101 11102 405148 11097->11102 11108 4051d1 11097->11108 11098->11102 11100 40e714 __dosmaperr 14 API calls 11099->11100 11103 4051ae 11100->11103 11104 40e701 __dosmaperr 14 API calls 11101->11104 11102->10887 11155 40451e 11102->11155 11106 40de18 __wsopen_s 39 API calls 11103->11106 11105 4051a6 11104->11105 11107 40e714 __dosmaperr 14 API calls 11105->11107 11106->11102 11107->11103 11109 4051ea 11108->11109 11110 405225 11108->11110 11111 4051f7 11108->11111 11109->11111 11144 405213 11109->11144 11217 40efae 11110->11217 11112 40e701 __dosmaperr 14 API calls 11111->11112 11113 4051fc 11112->11113 11115 40e714 __dosmaperr 14 API calls 11113->11115 11118 405203 11115->11118 11121 40de18 __wsopen_s 39 API calls 11118->11121 11119 405371 11122 4053e5 11119->11122 11125 40538a GetConsoleMode 11119->11125 11120 40dbb9 __freea 14 API calls 11123 40523f 11120->11123 11153 40520e __wsopen_s 11121->11153 11124 4053e9 ReadFile 11122->11124 11126 40dbb9 __freea 14 API calls 11123->11126 11128 405401 11124->11128 11129 40545d GetLastError 11124->11129 11125->11122 11130 40539b 11125->11130 11127 405246 11126->11127 11131 405250 11127->11131 11132 40526b 11127->11132 11128->11129 11135 4053da 11128->11135 11133 4053c1 11129->11133 11134 40546a 11129->11134 11130->11124 11136 4053a1 ReadConsoleW 11130->11136 11138 40e714 __dosmaperr 14 API calls 11131->11138 11140 40490b __wsopen_s 41 API calls 11132->11140 11145 40e6ba __dosmaperr 14 API calls 11133->11145 11133->11153 11139 40e714 __dosmaperr 14 API calls 11134->11139 11148 405426 11135->11148 11149 40543d 11135->11149 11135->11153 11136->11135 11141 4053bb GetLastError 11136->11141 11137 40dbb9 __freea 14 API calls 11137->11102 11142 405255 11138->11142 11143 40546f 11139->11143 11140->11144 11141->11133 11146 40e701 __dosmaperr 14 API calls 11142->11146 11147 40e701 __dosmaperr 14 API calls 11143->11147 11208 40ef58 11144->11208 11145->11153 11146->11153 11147->11153 11224 404e3b 11148->11224 11151 405456 11149->11151 11149->11153 11237 404c5d 11151->11237 11153->11137 11156 404531 __wsopen_s 11155->11156 11254 404555 11156->11254 11159 4043cb __wsopen_s 39 API calls 11160 404550 11159->11160 11160->10887 11173 40daf2 11161->11173 11163 40485a 11164 404876 SetFilePointerEx 11163->11164 11166 404862 __wsopen_s 11163->11166 11165 40488e GetLastError 11164->11165 11164->11166 11165->11166 11166->11087 11168 4043d7 11167->11168 11169 4043ee 11168->11169 11186 404501 11168->11186 11171 404401 11169->11171 11172 404501 __wsopen_s 39 API calls 11169->11172 11171->10881 11171->10882 11172->11171 11174 40db14 11173->11174 11175 40daff 11173->11175 11177 40e701 __dosmaperr 14 API calls 11174->11177 11179 40db39 11174->11179 11176 40e701 __dosmaperr 14 API calls 11175->11176 11178 40db04 11176->11178 11180 40db44 11177->11180 11181 40e714 __dosmaperr 14 API calls 11178->11181 11179->11163 11182 40e714 __dosmaperr 14 API calls 11180->11182 11183 40db0c 11181->11183 11184 40db4c 11182->11184 11183->11163 11185 40de18 __wsopen_s 39 API calls 11184->11185 11185->11183 11187 404514 11186->11187 11188 40450b 11186->11188 11187->11169 11193 4044bb GetLastError 11188->11193 11190 404510 11190->11187 11197 40d668 11190->11197 11194 4044d4 11193->11194 11195 40e39c __wsopen_s 14 API calls 11194->11195 11196 4044ec SetLastError 11195->11196 11196->11190 11198 4135ed __wsopen_s EnterCriticalSection LeaveCriticalSection 11197->11198 11199 40d66d 11198->11199 11200 40d678 11199->11200 11201 413632 __wsopen_s 38 API calls 11199->11201 11202 40d682 IsProcessorFeaturePresent 11200->11202 11206 40d6a1 11200->11206 11201->11200 11203 40d68e 11202->11203 11205 40dc1c __wsopen_s 8 API calls 11203->11205 11204 40b78c __wsopen_s 21 API calls 11207 40451d 11204->11207 11205->11206 11206->11204 11209 40ef72 11208->11209 11210 40ef65 11208->11210 11212 40e714 __dosmaperr 14 API calls 11209->11212 11214 40ef7e 11209->11214 11211 40e714 __dosmaperr 14 API calls 11210->11211 11213 40ef6a 11211->11213 11215 40ef9f 11212->11215 11213->11119 11214->11119 11216 40de18 __wsopen_s 39 API calls 11215->11216 11216->11213 11218 40efec 11217->11218 11222 40efbc __dosmaperr 11217->11222 11219 40e714 __dosmaperr 14 API calls 11218->11219 11221 405236 11219->11221 11220 40efd7 RtlAllocateHeap 11220->11221 11220->11222 11221->11120 11222->11218 11222->11220 11223 40d071 __dosmaperr 2 API calls 11222->11223 11223->11222 11243 404b10 11224->11243 11228 404f4f 11231 404f58 GetLastError 11228->11231 11234 404e83 11228->11234 11229 404ecd 11232 40e714 __dosmaperr 14 API calls 11229->11232 11230 404edd 11235 404e97 11230->11235 11236 40490b __wsopen_s 41 API calls 11230->11236 11233 40e6ba __dosmaperr 14 API calls 11231->11233 11232->11234 11233->11234 11234->11153 11249 40f094 11235->11249 11236->11235 11238 404c97 11237->11238 11239 404d2d ReadFile 11238->11239 11240 404d28 11238->11240 11239->11240 11241 404d4a 11239->11241 11240->11153 11241->11240 11242 40490b __wsopen_s 41 API calls 11241->11242 11242->11240 11244 404b44 11243->11244 11245 404bb5 ReadFile 11244->11245 11246 404bb0 11244->11246 11245->11246 11247 404bce 11245->11247 11246->11229 11246->11230 11246->11234 11246->11235 11247->11246 11248 40490b __wsopen_s 41 API calls 11247->11248 11248->11246 11252 40effc 11249->11252 11253 40f00d MultiByteToWideChar 11252->11253 11253->11228 11274 40437e 11254->11274 11257 4045b1 11261 40db5c __dosmaperr 14 API calls 11257->11261 11258 40490b __wsopen_s 41 API calls 11262 404543 11258->11262 11259 40490b __wsopen_s 41 API calls 11263 404687 11259->11263 11260 40466f 11260->11259 11268 404638 11260->11268 11270 4045bd __wsopen_s 11261->11270 11262->11159 11264 40daf2 __wsopen_s 39 API calls 11263->11264 11263->11268 11265 40469f SetEndOfFile 11264->11265 11266 4046ab GetLastError 11265->11266 11265->11268 11266->11268 11267 40dbb9 __freea 14 API calls 11267->11268 11268->11258 11271 4045c5 11270->11271 11272 404629 __wsopen_s 11270->11272 11279 40b08f 11270->11279 11271->11267 11273 40dbb9 __freea 14 API calls 11272->11273 11273->11268 11275 40490b __wsopen_s 41 API calls 11274->11275 11276 404397 11275->11276 11277 40490b __wsopen_s 41 API calls 11276->11277 11278 4043a6 11277->11278 11278->11257 11278->11260 11278->11268 11280 40b0b7 11279->11280 11306 40b0da __wsopen_s 11279->11306 11281 40b0bb 11280->11281 11283 40b116 11280->11283 11321 40dd9b 11281->11321 11286 40b134 11283->11286 11332 40494b 11283->11332 11307 40abd4 11286->11307 11288 40b193 11292 40b1a7 11288->11292 11293 40b1fc WriteFile 11288->11293 11289 40b14c 11290 40b154 11289->11290 11291 40b17b 11289->11291 11290->11306 11335 40ab6c 11290->11335 11340 40a7a5 GetConsoleOutputCP 11291->11340 11296 40b1e8 11292->11296 11297 40b1af 11292->11297 11295 40b21e GetLastError 11293->11295 11293->11306 11295->11306 11314 40ac51 11296->11314 11301 40b1d4 11297->11301 11302 40b1b4 11297->11302 11360 40ae15 11301->11360 11304 40b1bd 11302->11304 11302->11306 11353 40ad2c 11304->11353 11306->11270 11308 40ef58 __wsopen_s 39 API calls 11307->11308 11311 40abe6 11308->11311 11309 40ac4a 11309->11288 11309->11289 11310 40ac14 11310->11309 11313 40ac2e GetConsoleMode 11310->11313 11311->11309 11311->11310 11312 409340 __wsopen_s 49 API calls 11311->11312 11312->11310 11313->11309 11317 40ac60 __wsopen_s 11314->11317 11322 40ddb2 11321->11322 11323 40ddab 11321->11323 11325 40dbf3 __wsopen_s GetLastError SetLastError 11322->11325 11328 40ddc0 11322->11328 11324 4044bb __wsopen_s 16 API calls 11323->11324 11324->11322 11326 40dde7 11325->11326 11327 40de28 __wsopen_s 11 API calls 11326->11327 11326->11328 11329 40de17 11327->11329 11328->11306 11330 40dd64 __wsopen_s 39 API calls 11329->11330 11331 40de24 11330->11331 11331->11306 11333 404848 __wsopen_s 41 API calls 11332->11333 11334 404964 11333->11334 11334->11286 11338 40ab8e 11335->11338 11339 40abc3 11335->11339 11336 410784 5 API calls __wsopen_s 11336->11338 11337 40abc5 GetLastError 11337->11339 11338->11336 11338->11337 11338->11339 11339->11306 11341 40a817 11340->11341 11346 40a81e __wsopen_s 11340->11346 11342 409340 __wsopen_s 49 API calls 11341->11342 11342->11346 11343 40aad4 11346->11343 11347 41010f 49 API calls __wsopen_s 11346->11347 11348 4105a1 __wsopen_s WideCharToMultiByte 11346->11348 11349 40aa4d WriteFile 11346->11349 11351 41067c 5 API calls __wsopen_s 11346->11351 11352 40aa8b WriteFile 11346->11352 11347->11346 11348->11346 11349->11346 11351->11346 11352->11346 11363 40ae24 __wsopen_s 11360->11363 11369 40daf2 __wsopen_s 39 API calls 11368->11369 11372 40a715 11369->11372 11370 40a71b 11373 40da61 __wsopen_s 15 API calls 11370->11373 11371 40a74d 11371->11370 11375 40daf2 __wsopen_s 39 API calls 11371->11375 11372->11370 11372->11371 11374 40daf2 __wsopen_s 39 API calls 11372->11374 11380 40a773 __wsopen_s 11373->11380 11376 40a744 11374->11376 11377 40a759 CloseHandle 11375->11377 11378 40daf2 __wsopen_s 39 API calls 11376->11378 11377->11370 11379 40a765 GetLastError 11377->11379 11378->11371 11379->11370 11380->10894 11382 40dd76 __wsopen_s 11381->11382 11383 40dd9b __wsopen_s 39 API calls 11382->11383 11384 40dd8e 11383->11384 11385 4043cb __wsopen_s 39 API calls 11384->11385 11386 40dd99 11385->11386 11386->10768 11387->10825 11389 4025f3 RaiseException 11388->11389 11390 4025c6 11388->11390 11389->10639 11390->11389 11392 40b2e4 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 11391->11392 11392->10646 11399 40e19a GetLastError 11393->11399 11397 40e19a __wsopen_s 39 API calls 11396->11397 11398 40496e 11397->11398 11398->10650 11400 40e1b0 11399->11400 11401 40e1b6 11399->11401 11402 40ea19 __dosmaperr 6 API calls 11400->11402 11403 40ea58 __dosmaperr 6 API calls 11401->11403 11405 40e1ba SetLastError 11401->11405 11402->11401 11404 40e1d2 11403->11404 11404->11405 11407 40db5c __dosmaperr 14 API calls 11404->11407 11409 404994 11405->11409 11410 40e24f 11405->11410 11408 40e1e7 11407->11408 11411 40e200 11408->11411 11412 40e1ef 11408->11412 11409->10650 11413 40d668 __wsopen_s 37 API calls 11410->11413 11415 40ea58 __dosmaperr 6 API calls 11411->11415 11414 40ea58 __dosmaperr 6 API calls 11412->11414 11416 40e254 11413->11416 11417 40e1fd 11414->11417 11418 40e20c 11415->11418 11423 40dbb9 __freea 14 API calls 11417->11423 11419 40e210 11418->11419 11420 40e227 11418->11420 11422 40ea58 __dosmaperr 6 API calls 11419->11422 11421 40dfc8 __dosmaperr 14 API calls 11420->11421 11424 40e232 11421->11424 11422->11417 11423->11405 11425 40dbb9 __freea 14 API calls 11424->11425 11425->11405 11428 40af8a __wsopen_s 11426->11428 11427 40af6c 11427->10655 11428->11427 11429 40afcb 11428->11429 11431 40b011 11428->11431 11430 40dd9b __wsopen_s 39 API calls 11429->11430 11430->11427 11437 40d876 EnterCriticalSection 11431->11437 11433 40b035 11438 40b087 11433->11438 11434 40b017 11434->11433 11435 40b08f __wsopen_s 70 API calls 11434->11435 11435->11433 11437->11434 11441 40d92b LeaveCriticalSection 11438->11441 11440 40b08d 11440->11427 11441->11440 11442->10673 11446 40d92b LeaveCriticalSection 11443->11446 11445 405127 11445->10686 11446->11445 11448 404418 11447->11448 11451 40442b 11447->11451 11448->10691 11449 404460 11450 40dd9b __wsopen_s 39 API calls 11449->11450 11450->11448 11451->11449 11452 404464 11451->11452 11454 4042a0 11452->11454 11455 4042ac __wsopen_s 11454->11455 11462 40d876 EnterCriticalSection 11455->11462 11457 4042ba 11458 4042f3 11457->11458 11459 404555 __wsopen_s 72 API calls 11457->11459 11463 40432a 11458->11463 11459->11458 11462->11457 11466 40d92b LeaveCriticalSection 11463->11466 11465 404313 11465->11448 11466->11465 11470 40b7c8 11467->11470 11473 40b5fc 11470->11473 11474 40b629 11473->11474 11475 40b63b 11473->11475 11494 401824 GetModuleHandleW 11474->11494 11486 40b48d 11475->11486 11480 40b685 11481 40b678 11481->10696 11487 40b499 __wsopen_s 11486->11487 11508 4107f7 EnterCriticalSection 11487->11508 11489 40b4a3 11509 40b514 11489->11509 11491 40b4b0 11513 40b4ce 11491->11513 11495 401830 11494->11495 11495->11475 11496 40b6dd GetModuleHandleExW 11495->11496 11497 40b71c GetProcAddress 11496->11497 11498 40b730 11496->11498 11497->11498 11499 40b743 FreeLibrary 11498->11499 11500 40b63a 11498->11500 11499->11500 11500->11475 11508->11489 11512 40b520 __dosmaperr __wsopen_s 11509->11512 11510 40b584 __wsopen_s 11510->11491 11512->11510 11516 40d39c 11512->11516 11528 41083f LeaveCriticalSection 11513->11528 11515 40b4bc 11515->11480 11515->11481 11517 40d3a8 __EH_prolog3 11516->11517 11520 40d0f4 11517->11520 11521 40d100 __wsopen_s 11520->11521 11522 4107f7 __wsopen_s EnterCriticalSection 11521->11522 11523 40d10e 11522->11523 11524 40d2ac __wsopen_s 14 API calls 11523->11524 11528->11515 11540 41eaf6 11539->11540 11540->11540 11541 41e700 22 API calls 11540->11541 11542 41eb16 11541->11542 11543 41ec7b 11542->11543 11547 41ebc7 11542->11547 11548 41aeea 11542->11548 11544 420f20 22 API calls 11543->11544 11546 40b472 ___vcrt_freefls@4 14 API calls 11546->11548 11547->11546 11548->10723 11665 40a65b 11664->11665 11670 40a621 11664->11670 11666 40a6aa 11665->11666 11668 40a682 11665->11668 11667 40dd9b __wsopen_s 39 API calls 11666->11667 11667->11670 11671 40a571 11668->11671 11670->10750 11672 40a57d __wsopen_s 11671->11672 11679 40d876 EnterCriticalSection 11672->11679 11674 40a58b 11675 40a705 __wsopen_s 42 API calls 11674->11675 11676 40a5bc 11674->11676 11675->11676 11680 40a5f6 11676->11680 11679->11674 11683 40d92b LeaveCriticalSection 11680->11683 11682 40a5df 11682->11670 11683->11682 11687 40b933 __wsopen_s 11684->11687 11685 40b93a 11686 40e714 __dosmaperr 14 API calls 11685->11686 11688 40b93f 11686->11688 11687->11685 11689 40b95c 11687->11689 11690 40de18 __wsopen_s 39 API calls 11688->11690 11691 40b961 11689->11691 11692 40b96e 11689->11692 11695 40b94a 11690->11695 11693 40e714 __dosmaperr 14 API calls 11691->11693 11701 410cd3 11692->11701 11693->11695 11695->10505 11695->10511 11697 40b98a 11709 40b9c6 11697->11709 11698 40b97d 11699 40e714 __dosmaperr 14 API calls 11698->11699 11699->11695 11702 410cdf __wsopen_s 11701->11702 11713 4107f7 EnterCriticalSection 11702->11713 11704 410ced 11714 410d77 11704->11714 11710 40b9ca 11709->11710 11734 404ad4 LeaveCriticalSection 11710->11734 11712 40b9db 11712->11695 11713->11704 11715 410d9a 11714->11715 11716 410df2 11715->11716 11722 410cfa 11715->11722 11730 404ac0 EnterCriticalSection 11715->11730 11731 404ad4 LeaveCriticalSection 11715->11731 11717 40db5c __dosmaperr 14 API calls 11716->11717 11718 410dfb 11717->11718 11720 40dbb9 __freea 14 API calls 11718->11720 11721 410e04 11720->11721 11721->11722 11723 40ea9a __wsopen_s 6 API calls 11721->11723 11727 410d33 11722->11727 11725 410e23 11723->11725 11732 404ac0 EnterCriticalSection 11725->11732 11733 41083f LeaveCriticalSection 11727->11733 11729 40b977 11729->11697 11729->11698 11730->11715 11731->11715 11732->11722 11733->11729 11734->11712 11736 40bd84 11735->11736 11737 40bd5c 11735->11737 11736->10582 11737->11736 11738 40bd69 11737->11738 11739 40bd8b 11737->11739 11740 40dd9b __wsopen_s 39 API calls 11738->11740 11743 40bca7 11739->11743 11740->11736 11744 40bcb3 __wsopen_s 11743->11744 11751 404ac0 EnterCriticalSection 11744->11751 11746 40bcc1 11752 40bd02 11746->11752 11751->11746 11762 410428 11752->11762 11759 40bcf6 11802 404ad4 LeaveCriticalSection 11759->11802 11761 40bcdf 11761->10582 11782 4103ea 11762->11782 11764 410439 11765 40bd1a 11764->11765 11766 40efae __wsopen_s 15 API calls 11764->11766 11769 40bdc5 11765->11769 11767 410492 11766->11767 11768 40dbb9 __freea 14 API calls 11767->11768 11768->11765 11770 40bd38 11769->11770 11773 40bdd7 11769->11773 11778 4104d3 11770->11778 11771 40bde5 11772 40dd9b __wsopen_s 39 API calls 11771->11772 11772->11770 11773->11770 11773->11771 11776 40be1b __wsopen_s 11773->11776 11775 410242 39 API calls 11775->11776 11776->11770 11776->11775 11777 40af7e __wsopen_s 72 API calls 11776->11777 11796 40ee41 11776->11796 11777->11776 11779 40bcce 11778->11779 11780 4104de 11778->11780 11779->11759 11780->11779 11781 40ee41 72 API calls 11780->11781 11781->11779 11783 4103f6 11782->11783 11784 410420 11783->11784 11789 410242 11783->11789 11784->11764 11786 410411 11787 40ef58 __wsopen_s 39 API calls 11786->11787 11788 410417 11787->11788 11788->11764 11790 410263 11789->11790 11791 41024e 11789->11791 11790->11786 11792 40e714 __dosmaperr 14 API calls 11791->11792 11793 410253 11792->11793 11794 40de18 __wsopen_s 39 API calls 11793->11794 11795 41025e 11794->11795 11795->11786 11797 40ee81 11796->11797 11798 40ee5a 11796->11798 11797->11776 11798->11797 11799 410242 39 API calls 11798->11799 11800 40ee76 11799->11800 11801 40af7e __wsopen_s 72 API calls 11800->11801 11801->11797 11802->11761 11804 40ba17 __wsopen_s 11803->11804 11805 40ba21 11804->11805 11806 40ba44 11804->11806 11807 40dd9b __wsopen_s 39 API calls 11805->11807 11813 40ba3c 11806->11813 11814 404ac0 EnterCriticalSection 11806->11814 11807->11813 11809 40ba62 11815 40baa2 11809->11815 11811 40ba6f 11829 40ba9a 11811->11829 11813->10588 11814->11809 11816 40bad2 11815->11816 11817 40baaf 11815->11817 11819 40baca 11816->11819 11820 40ee41 72 API calls 11816->11820 11818 40dd9b __wsopen_s 39 API calls 11817->11818 11818->11819 11819->11811 11821 40baea 11820->11821 11832 40ef18 11821->11832 11824 410242 39 API calls 11825 40bafe 11824->11825 11826 40a632 44 API calls 11825->11826 11827 40bb05 11826->11827 11827->11819 11828 40dbb9 __freea 14 API calls 11827->11828 11828->11819 11836 404ad4 LeaveCriticalSection 11829->11836 11831 40baa0 11831->11813 11833 40baf2 11832->11833 11834 40ef2f 11832->11834 11833->11824 11834->11833 11835 40dbb9 __freea 14 API calls 11834->11835 11835->11833 11836->11831 11838 4048df __wsopen_s 11837->11838 12043 404723 11838->12043 11841 4043cb __wsopen_s 39 API calls 11842 404903 11841->11842 11842->10610 11844 419d82 11843->11844 11845 41accc 11844->11845 11846 419d8f 11844->11846 11847 420f20 22 API calls 11845->11847 11848 41acd6 11846->11848 11849 419da3 11846->11849 11847->11848 11850 420f20 22 API calls 11848->11850 11851 41ace0 11849->11851 11854 419dd6 11849->11854 11850->11851 11852 420f20 22 API calls 11851->11852 11853 41acea 11852->11853 11855 420f20 22 API calls 11853->11855 11854->11853 11857 419dea 11854->11857 11856 41acf4 11855->11856 11858 420f20 22 API calls 11856->11858 11857->11856 11861 419e20 11857->11861 11859 41acfe 11858->11859 11860 420f20 22 API calls 11859->11860 11862 41ad08 11860->11862 11861->11859 11865 419e34 11861->11865 11863 420f20 22 API calls 11862->11863 11864 41ad12 11863->11864 11866 420f20 22 API calls 11864->11866 11865->11862 11869 419e6a 11865->11869 11867 41ad1c 11866->11867 11868 420f20 22 API calls 11867->11868 11870 41ad26 11868->11870 11869->11864 11874 419e7e 11869->11874 11871 420f20 22 API calls 11870->11871 11872 41ad30 11871->11872 11873 420f20 22 API calls 11872->11873 11875 41ad3a 11873->11875 11874->11867 11878 419eb4 11874->11878 11876 420f20 22 API calls 11875->11876 11877 41ad44 11876->11877 11879 420f20 22 API calls 11877->11879 11878->11870 11881 419ec8 11878->11881 11880 41ad4e 11879->11880 11882 420f20 22 API calls 11880->11882 11881->11872 11885 419efe 11881->11885 11883 41ad58 11882->11883 11884 420f20 22 API calls 11883->11884 11886 41ad62 11884->11886 11885->11875 11889 419f12 11885->11889 11887 420f20 22 API calls 11886->11887 11888 41ad6c 11887->11888 11890 420f20 22 API calls 11888->11890 11889->11877 11893 419f48 11889->11893 11891 41ad76 11890->11891 11892 420f20 22 API calls 11891->11892 11894 41ad80 11892->11894 11893->11880 11898 419f5c 11893->11898 11895 420f20 22 API calls 11894->11895 11896 41ad8a 11895->11896 11897 420f20 22 API calls 11896->11897 11899 41ad94 11897->11899 11898->11883 11901 419f92 11898->11901 11900 420f20 22 API calls 11899->11900 11902 41ad9e 11900->11902 11901->11886 11905 419fa6 11901->11905 11903 420f20 22 API calls 11902->11903 11904 41ada8 11903->11904 11906 420f20 22 API calls 11904->11906 11905->11888 11909 419fdc 11905->11909 11907 41adb2 11906->11907 11908 420f20 22 API calls 11907->11908 11910 41adbc 11908->11910 11909->11891 11913 419ff0 11909->11913 11911 420f20 22 API calls 11910->11911 11912 41adc6 11911->11912 11914 420f20 22 API calls 11912->11914 11913->11894 11918 41a026 11913->11918 11915 41add0 11914->11915 11916 420f20 22 API calls 11915->11916 11917 41adda 11916->11917 11919 420f20 22 API calls 11917->11919 11918->11896 11920 41a03a 11918->11920 11921 41a38f 11919->11921 11920->11899 11922 41a070 11920->11922 11923 40b472 ___vcrt_freefls@4 14 API calls 11921->11923 11922->11902 11926 41a084 11922->11926 11924 41adf2 11923->11924 11925 420f20 22 API calls 11924->11925 11927 41adff 11925->11927 11926->11904 11928 41a0ba 11926->11928 11928->11907 11929 41a0ce 11928->11929 11929->11910 11930 41a104 11929->11930 11930->11912 11931 41a118 11930->11931 11931->11915 11932 41a14e 11931->11932 11932->11917 11933 41a162 11932->11933 11934 41eae0 22 API calls 11933->11934 11935 41a18b 11934->11935 11936 41eae0 22 API calls 11935->11936 11937 41a197 11936->11937 11938 41eae0 22 API calls 11937->11938 11943 41a1a4 __wsopen_s 11938->11943 11939 41a1ad 11940 41eae0 22 API calls 11939->11940 11941 41a262 11940->11941 11942 41eae0 22 API calls 11941->11942 11944 41a26f 11942->11944 11943->11921 11943->11939 11946 40b472 ___vcrt_freefls@4 14 API calls 11943->11946 11945 41eae0 22 API calls 11944->11945 11948 41a27c __wsopen_s 11945->11948 11946->11939 11947 41eae0 22 API calls 11955 41a5fb 11947->11955 11948->11921 11950 40b472 ___vcrt_freefls@4 14 API calls 11948->11950 11957 41a34d __wsopen_s 11948->11957 11963 41a517 11948->11963 11949 41a6f8 12085 41ef60 11949->12085 11950->11957 11953 41a707 11954 41e700 22 API calls 11953->11954 11956 41a729 11954->11956 11955->11949 12059 41edc0 11955->12059 11959 41e700 22 API calls 11956->11959 11957->11921 11958 41a437 11957->11958 11961 40b472 ___vcrt_freefls@4 14 API calls 11957->11961 11958->11921 11958->11963 11966 41a563 __wsopen_s 11958->11966 11960 41a733 11959->11960 11962 41e700 22 API calls 11960->11962 11961->11958 11964 41a73d 11962->11964 11963->11947 11969 40b472 ___vcrt_freefls@4 14 API calls 11966->11969 11969->11963 12045 40472f __wsopen_s 12043->12045 12044 404737 12044->11841 12045->12044 12046 404772 12045->12046 12048 4047b8 12045->12048 12047 40dd9b __wsopen_s 39 API calls 12046->12047 12047->12044 12054 40d876 EnterCriticalSection 12048->12054 12050 4047be 12051 4047df 12050->12051 12052 404848 __wsopen_s 41 API calls 12050->12052 12055 404840 12051->12055 12052->12051 12054->12050 12058 40d92b LeaveCriticalSection 12055->12058 12057 404846 12057->12044 12058->12057 12060 41edd5 12059->12060 12061 41edfe 12059->12061 12062 41edf0 12060->12062 12063 41ede2 12060->12063 12064 41ee34 12061->12064 12065 41ee07 12061->12065 12121 41e3f0 12062->12121 12114 41e4f0 12063->12114 12066 41e700 22 API calls 12064->12066 12069 41ee25 12065->12069 12070 41ee16 12065->12070 12073 41ee40 12066->12073 12072 41e3f0 22 API calls 12069->12072 12071 41e4f0 22 API calls 12070->12071 12076 41ee1b 12071->12076 12077 41ee2a 12072->12077 12078 41e700 22 API calls 12073->12078 12074 41ede7 12074->11949 12075 41edf5 12075->11949 12076->11949 12077->11949 12079 41ee49 12078->12079 12080 41eec6 12079->12080 12081 41ee56 12079->12081 12082 41e700 22 API calls 12080->12082 12083 41e700 22 API calls 12081->12083 12084 41ee63 12082->12084 12083->12084 12084->11949 12086 41ef75 12085->12086 12087 41ef9e 12085->12087 12088 41ef90 12086->12088 12089 41ef82 12086->12089 12090 41efa7 12087->12090 12091 41efdb 12087->12091 12094 41e3f0 22 API calls 12088->12094 12093 41e4f0 22 API calls 12089->12093 12095 41efb6 12090->12095 12096 41efc8 12090->12096 12092 41e700 22 API calls 12091->12092 12098 41efe7 12092->12098 12099 41ef87 12093->12099 12100 41ef95 12094->12100 12101 41e4f0 22 API calls 12095->12101 12097 41e3f0 22 API calls 12096->12097 12102 41efcd 12097->12102 12103 41e700 22 API calls 12098->12103 12099->11953 12100->11953 12104 41efbb 12101->12104 12102->11953 12105 41eff0 12103->12105 12104->11953 12106 41f001 12105->12106 12107 41f09b 12105->12107 12108 41e700 22 API calls 12106->12108 12109 41e700 22 API calls 12107->12109 12110 41f008 12108->12110 12109->12110 12110->11953 12115 41e516 12114->12115 12116 41e588 12114->12116 12118 41e700 22 API calls 12115->12118 12117 41e700 22 API calls 12116->12117 12120 41e58f 12117->12120 12119 41e523 12118->12119 12119->12074 12120->12074 12122 41e416 12121->12122 12123 41e47f 12121->12123 12125 41e700 22 API calls 12122->12125 12124 41e700 22 API calls 12123->12124 12126 41e48c 12124->12126 12127 41e41d 12125->12127 12126->12075 12127->12075 12128 4217a0 12129 4217b0 GetModuleHandleW DialogBoxParamW 12128->12129 12129->12129 12130 4217d0 SHGetFolderPathA 12197 4010b0 12130->12197 12133 421821 12135 421c37 12133->12135 12136 421827 12133->12136 12134 421e63 12137 421c46 12135->12137 12138 421dbf 12135->12138 12139 421894 12136->12139 12140 42182c 12136->12140 12146 421d74 GlobalAlloc GlobalLock 12137->12146 12147 421c4c 12137->12147 12138->12134 12143 421dca GlobalAlloc GlobalLock 12138->12143 12141 4218a1 GetWindowLongW LoadBitmapW 12139->12141 12142 421aed 20 API calls 12139->12142 12140->12134 12148 421837 GetSystemMetrics GetSystemMetrics SetWindowPos SetTimer 12140->12148 12201 40b9f4 12141->12201 12149 421e06 GlobalUnlock OpenClipboard EmptyClipboard SetClipboardData CloseClipboard 12143->12149 12144 421e56 InvalidateRect 12144->12134 12145 421e34 12145->12134 12145->12144 12151 421e6d KillTimer SHGetFolderPathA 12145->12151 12146->12149 12152 421c55 12147->12152 12153 421d5c EndDialog 12147->12153 12155 4010b0 52 API calls 12151->12155 12152->12134 12156 421c60 MessageBoxW 12152->12156 12158 421ea7 12155->12158 12156->12134 12159 421c7f GetDlgItemTextA 12156->12159 12157 42190a 10 API calls 12161 4010b0 52 API calls 12157->12161 12229 40bb60 12158->12229 12163 421cb3 12159->12163 12165 421a37 DrawTextA SelectObject DeleteDC EndPaint 12161->12165 12163->12163 12167 421cc1 MessageBoxA 12163->12167 12168 421cdc 12163->12168 12170 40b9f4 42 API calls 12165->12170 12166 421eb7 12171 4010b0 52 API calls 12166->12171 12225 421f10 12168->12225 12174 421a8b 12170->12174 12175 421ed4 12171->12175 12174->12134 12179 4010b0 52 API calls 12174->12179 12176 40bb60 52 API calls 12175->12176 12180 421ee4 MessageBoxW 12176->12180 12178 40bb30 77 API calls 12182 421907 12178->12182 12183 421aaf 12179->12183 12184 40b7c8 21 API calls 12180->12184 12181 4010b0 52 API calls 12185 421d18 12181->12185 12182->12157 12189 40bf6c 74 API calls 12183->12189 12186 421f02 12184->12186 12187 40b9f4 42 API calls 12185->12187 12188 421d2d 12187->12188 12188->12134 12191 40bf6c 74 API calls 12188->12191 12190 421ada 12189->12190 12192 40bb30 77 API calls 12190->12192 12193 421d49 12191->12193 12194 421ae0 12192->12194 12195 40bb30 77 API calls 12193->12195 12196 421d4f 12195->12196 12198 4010c9 12197->12198 12242 40988b 12198->12242 12850 40b870 12201->12850 12204 40bc9c 12207 40bbca __wsopen_s 12204->12207 12205 40bbf6 12206 40e714 __dosmaperr 14 API calls 12205->12206 12208 40bbfb 12206->12208 12207->12205 12209 40bc16 12207->12209 12210 40de18 __wsopen_s 39 API calls 12208->12210 12211 40bc06 12209->12211 12872 404ac0 EnterCriticalSection 12209->12872 12210->12211 12219 40c244 12211->12219 12213 40bc27 12873 40941f 12213->12873 12215 40bc57 12888 40bc92 12215->12888 12218 40bc33 12218->12215 12881 41153a 12218->12881 12220 40c257 __wsopen_s 12219->12220 12892 40bfa6 12220->12892 12222 40c271 12223 4043cb __wsopen_s 39 API calls 12222->12223 12224 40c27e 12223->12224 12224->12178 12226 421f47 12225->12226 12960 401040 12226->12960 12230 40bb78 12229->12230 12231 40bb6e 12229->12231 13085 409bd3 12230->13085 12232 404ae8 16 API calls 12231->12232 12234 40bb75 12232->12234 12234->12166 12237 40bba6 12240 40bbc4 12237->12240 12241 40dbb9 __freea 14 API calls 12237->12241 12239 404ae8 16 API calls 12239->12237 12240->12166 12241->12240 12243 40989f __wsopen_s 12242->12243 12248 4055d9 12243->12248 12246 4043cb __wsopen_s 39 API calls 12247 4010d7 12246->12247 12247->12133 12247->12145 12249 405605 12248->12249 12250 405628 12248->12250 12251 40dd9b __wsopen_s 39 API calls 12249->12251 12250->12249 12255 405630 12250->12255 12252 40561d 12251->12252 12253 401c6c _ValidateLocalCookies 5 API calls 12252->12253 12254 40574b 12253->12254 12254->12246 12259 40780c 12255->12259 12277 4093ee 12259->12277 12262 407831 12263 40dd9b __wsopen_s 39 API calls 12262->12263 12264 4056b1 12263->12264 12274 4071e7 12264->12274 12269 407859 12269->12264 12270 407935 12269->12270 12281 409340 12269->12281 12288 40746a 12269->12288 12291 407e49 12269->12291 12325 40846e 12269->12325 12271 40dd9b __wsopen_s 39 API calls 12270->12271 12272 40794f 12271->12272 12273 40dd9b __wsopen_s 39 API calls 12272->12273 12273->12264 12275 40dbb9 __freea 14 API calls 12274->12275 12276 4071f7 12275->12276 12276->12252 12278 407826 12277->12278 12279 4093f9 12277->12279 12278->12262 12278->12264 12278->12269 12280 40dd9b __wsopen_s 39 API calls 12279->12280 12280->12278 12282 404501 __wsopen_s 39 API calls 12281->12282 12283 409350 12282->12283 12354 40f3bd 12283->12354 12557 405934 12288->12557 12290 4074a5 12290->12269 12292 407e50 12291->12292 12293 407e67 12291->12293 12294 4084f3 12292->12294 12295 408493 12292->12295 12301 407ea6 12292->12301 12296 40dd9b __wsopen_s 39 API calls 12293->12296 12293->12301 12297 4084f8 12294->12297 12298 40852c 12294->12298 12299 408519 12295->12299 12300 408499 12295->12300 12302 407e9b 12296->12302 12303 408525 12297->12303 12308 4084fa 12297->12308 12304 408549 12298->12304 12305 408531 12298->12305 12605 406453 12299->12605 12309 40849e 12300->12309 12313 4084ea 12300->12313 12301->12269 12302->12269 12612 40913f 12303->12612 12616 409179 12304->12616 12305->12299 12305->12313 12323 4084c4 12305->12323 12307 4084ad 12324 408552 12307->12324 12580 408c45 12307->12580 12308->12307 12316 408509 12308->12316 12309->12307 12314 4084d7 12309->12314 12309->12323 12313->12324 12594 406772 12313->12594 12314->12324 12590 408f7d 12314->12590 12316->12299 12318 40850d 12316->12318 12318->12324 12601 4090ba 12318->12601 12319 401c6c _ValidateLocalCookies 5 API calls 12321 4087cb 12319->12321 12321->12269 12323->12324 12619 40ffa5 12323->12619 12324->12319 12326 4084f3 12325->12326 12327 408493 12325->12327 12328 4084f8 12326->12328 12329 40852c 12326->12329 12330 408519 12327->12330 12331 408499 12327->12331 12332 408525 12328->12332 12334 4084fa 12328->12334 12333 408549 12329->12333 12335 408531 12329->12335 12338 406453 40 API calls 12330->12338 12337 40849e 12331->12337 12341 4084ea 12331->12341 12339 40913f 40 API calls 12332->12339 12336 409179 40 API calls 12333->12336 12342 408509 12334->12342 12344 4084ad 12334->12344 12335->12330 12335->12341 12352 4084c4 12335->12352 12336->12352 12343 4084d7 12337->12343 12337->12344 12337->12352 12338->12352 12339->12352 12340 408c45 51 API calls 12340->12352 12345 406772 40 API calls 12341->12345 12353 408552 12341->12353 12342->12330 12346 40850d 12342->12346 12347 408f7d 50 API calls 12343->12347 12343->12353 12344->12340 12344->12353 12345->12352 12349 4090ba 39 API calls 12346->12349 12346->12353 12347->12352 12348 401c6c _ValidateLocalCookies 5 API calls 12350 4087cb 12348->12350 12349->12352 12350->12269 12351 40ffa5 50 API calls 12351->12352 12352->12351 12352->12353 12353->12348 12355 40f3d4 12354->12355 12356 40936d 12354->12356 12355->12356 12362 413329 12355->12362 12358 40f41b 12356->12358 12359 40f432 12358->12359 12360 40937a 12358->12360 12359->12360 12458 4125d8 12359->12458 12360->12269 12363 413335 __wsopen_s 12362->12363 12364 40e19a __wsopen_s 39 API calls 12363->12364 12365 41333e 12364->12365 12372 413384 12365->12372 12375 4107f7 EnterCriticalSection 12365->12375 12367 41335c 12376 4133aa 12367->12376 12372->12356 12373 40d668 __wsopen_s 39 API calls 12374 4133a9 12373->12374 12375->12367 12377 4133b8 __dosmaperr 12376->12377 12379 41336d 12376->12379 12377->12379 12383 4130dd 12377->12383 12380 413389 12379->12380 12457 41083f LeaveCriticalSection 12380->12457 12382 413380 12382->12372 12382->12373 12384 41315d 12383->12384 12387 4130f3 12383->12387 12385 4131ab 12384->12385 12388 40dbb9 __freea 14 API calls 12384->12388 12451 41324e 12385->12451 12387->12384 12389 413126 12387->12389 12395 40dbb9 __freea 14 API calls 12387->12395 12390 41317f 12388->12390 12391 413148 12389->12391 12397 40dbb9 __freea 14 API calls 12389->12397 12392 40dbb9 __freea 14 API calls 12390->12392 12394 40dbb9 __freea 14 API calls 12391->12394 12396 413192 12392->12396 12393 4131b9 12400 413219 12393->12400 12407 40dbb9 14 API calls __freea 12393->12407 12399 413152 12394->12399 12401 41311b 12395->12401 12398 40dbb9 __freea 14 API calls 12396->12398 12402 41313d 12397->12402 12403 4131a0 12398->12403 12404 40dbb9 __freea 14 API calls 12399->12404 12405 40dbb9 __freea 14 API calls 12400->12405 12411 412ccf 12401->12411 12439 412dcd 12402->12439 12409 40dbb9 __freea 14 API calls 12403->12409 12404->12384 12410 41321f 12405->12410 12407->12393 12409->12385 12410->12379 12412 412ce0 12411->12412 12438 412dc9 12411->12438 12413 412cf1 12412->12413 12414 40dbb9 __freea 14 API calls 12412->12414 12415 412d03 12413->12415 12416 40dbb9 __freea 14 API calls 12413->12416 12414->12413 12417 40dbb9 __freea 14 API calls 12415->12417 12418 412d15 12415->12418 12416->12415 12417->12418 12419 412d27 12418->12419 12420 40dbb9 __freea 14 API calls 12418->12420 12421 412d39 12419->12421 12422 40dbb9 __freea 14 API calls 12419->12422 12420->12419 12423 412d4b 12421->12423 12424 40dbb9 __freea 14 API calls 12421->12424 12422->12421 12425 412d5d 12423->12425 12426 40dbb9 __freea 14 API calls 12423->12426 12424->12423 12427 412d6f 12425->12427 12428 40dbb9 __freea 14 API calls 12425->12428 12426->12425 12429 412d81 12427->12429 12430 40dbb9 __freea 14 API calls 12427->12430 12428->12427 12431 412d93 12429->12431 12432 40dbb9 __freea 14 API calls 12429->12432 12430->12429 12433 412da5 12431->12433 12434 40dbb9 __freea 14 API calls 12431->12434 12432->12431 12435 412db7 12433->12435 12436 40dbb9 __freea 14 API calls 12433->12436 12434->12433 12437 40dbb9 __freea 14 API calls 12435->12437 12435->12438 12436->12435 12437->12438 12438->12389 12440 412dda 12439->12440 12450 412e32 12439->12450 12441 412dea 12440->12441 12443 40dbb9 __freea 14 API calls 12440->12443 12442 412dfc 12441->12442 12444 40dbb9 __freea 14 API calls 12441->12444 12445 40dbb9 __freea 14 API calls 12442->12445 12447 412e0e 12442->12447 12443->12441 12444->12442 12445->12447 12446 412e20 12449 40dbb9 __freea 14 API calls 12446->12449 12446->12450 12447->12446 12448 40dbb9 __freea 14 API calls 12447->12448 12448->12446 12449->12450 12450->12391 12452 41325b 12451->12452 12456 41327a 12451->12456 12453 412e5b __dosmaperr 14 API calls 12452->12453 12452->12456 12454 413274 12453->12454 12455 40dbb9 __freea 14 API calls 12454->12455 12455->12456 12456->12393 12457->12382 12459 40e19a __wsopen_s 39 API calls 12458->12459 12460 4125dd 12459->12460 12463 4124f0 12460->12463 12462 4125e8 12462->12360 12464 4124fc __wsopen_s 12463->12464 12471 412516 12464->12471 12478 4107f7 EnterCriticalSection 12464->12478 12466 41251d 12466->12462 12467 40d668 __wsopen_s 39 API calls 12472 41258f 12467->12472 12468 412552 12479 41256f 12468->12479 12469 412526 12469->12468 12475 40dbb9 __freea 14 API calls 12469->12475 12471->12466 12471->12467 12473 4125cb 12472->12473 12482 40e255 12472->12482 12473->12462 12475->12468 12478->12469 12530 41083f LeaveCriticalSection 12479->12530 12481 412576 12481->12471 12483 40e260 12482->12483 12484 40e266 12482->12484 12485 40ea19 __dosmaperr 6 API calls 12483->12485 12486 40ea58 __dosmaperr 6 API calls 12484->12486 12504 40e26c 12484->12504 12485->12484 12487 40e280 12486->12487 12488 40db5c __dosmaperr 14 API calls 12487->12488 12487->12504 12491 40e290 12488->12491 12489 40d668 __wsopen_s 39 API calls 12492 40e2ea 12489->12492 12490 40e271 12507 41239b 12490->12507 12493 40e298 12491->12493 12494 40e2ad 12491->12494 12496 40ea58 __dosmaperr 6 API calls 12493->12496 12495 40ea58 __dosmaperr 6 API calls 12494->12495 12497 40e2b9 12495->12497 12498 40e2a4 12496->12498 12499 40e2cc 12497->12499 12500 40e2bd 12497->12500 12503 40dbb9 __freea 14 API calls 12498->12503 12502 40dfc8 __dosmaperr 14 API calls 12499->12502 12501 40ea58 __dosmaperr 6 API calls 12500->12501 12501->12498 12505 40e2d7 12502->12505 12503->12504 12504->12489 12504->12490 12506 40dbb9 __freea 14 API calls 12505->12506 12506->12490 12508 4124f0 __wsopen_s 49 API calls 12507->12508 12509 4123c5 12508->12509 12531 412122 12509->12531 12512 40efae __wsopen_s 15 API calls 12513 4123ef 12512->12513 12514 412405 12513->12514 12515 4123f7 12513->12515 12538 4125eb 12514->12538 12516 40dbb9 __freea 14 API calls 12515->12516 12518 4123de 12516->12518 12518->12473 12520 41243d 12521 40e714 __dosmaperr 14 API calls 12520->12521 12522 412442 12521->12522 12524 40dbb9 __freea 14 API calls 12522->12524 12523 412484 12526 4124cd 12523->12526 12549 412014 12523->12549 12524->12518 12525 412458 __wsopen_s 12525->12523 12528 40dbb9 __freea 14 API calls 12525->12528 12527 40dbb9 __freea 14 API calls 12526->12527 12527->12518 12528->12523 12530->12481 12532 409b51 __wsopen_s 47 API calls 12531->12532 12533 412134 12532->12533 12534 412143 GetOEMCP 12533->12534 12535 412155 12533->12535 12537 41216c 12534->12537 12536 41215a GetACP 12535->12536 12535->12537 12536->12537 12537->12512 12537->12518 12539 412122 __wsopen_s 47 API calls 12538->12539 12540 41260b 12539->12540 12541 412710 __wsopen_s 12540->12541 12543 412648 IsValidCodePage 12540->12543 12547 412663 __wsopen_s 12540->12547 12542 401c6c _ValidateLocalCookies 5 API calls 12541->12542 12544 412432 12542->12544 12543->12541 12545 41265a 12543->12545 12544->12520 12544->12525 12546 412683 GetCPInfo 12545->12546 12545->12547 12546->12541 12546->12547 12548 4121f6 __wsopen_s 47 API calls 12547->12548 12548->12541 12550 412020 __wsopen_s 12549->12550 12551 4107f7 __wsopen_s EnterCriticalSection 12550->12551 12552 41202a 12551->12552 12553 412061 __wsopen_s 39 API calls 12552->12553 12554 412037 12553->12554 12555 412055 __wsopen_s LeaveCriticalSection 12554->12555 12556 412043 12555->12556 12556->12526 12567 40939b 12557->12567 12559 405946 12560 40595b 12559->12560 12562 40598e 12559->12562 12566 405976 12559->12566 12561 40dd9b __wsopen_s 39 API calls 12560->12561 12561->12566 12563 405a25 12562->12563 12574 4092e0 12562->12574 12564 4092e0 39 API calls 12563->12564 12564->12566 12566->12290 12568 4093a0 12567->12568 12569 4093b3 12567->12569 12570 40e714 __dosmaperr 14 API calls 12568->12570 12569->12559 12571 4093a5 12570->12571 12572 40de18 __wsopen_s 39 API calls 12571->12572 12573 4093b0 12572->12573 12573->12559 12575 409305 12574->12575 12576 4092f1 12574->12576 12575->12563 12576->12575 12577 40e714 __dosmaperr 14 API calls 12576->12577 12578 4092fa 12577->12578 12579 40de18 __wsopen_s 39 API calls 12578->12579 12579->12575 12581 408c5f 12580->12581 12629 40577e 12581->12629 12583 408c9e 12640 40fe24 12583->12640 12586 408d55 12588 409340 __wsopen_s 49 API calls 12586->12588 12589 408d88 12586->12589 12587 409340 __wsopen_s 49 API calls 12587->12586 12588->12589 12589->12323 12591 408f98 12590->12591 12592 408fce 12591->12592 12593 40ffa5 50 API calls 12591->12593 12592->12323 12593->12592 12595 406787 12594->12595 12596 4067a9 12595->12596 12598 4067d0 12595->12598 12597 40dd9b __wsopen_s 39 API calls 12596->12597 12600 4067c6 12597->12600 12599 40577e 15 API calls 12598->12599 12598->12600 12599->12600 12600->12323 12604 4090d0 12601->12604 12602 40dd9b __wsopen_s 39 API calls 12603 4090f1 12602->12603 12603->12323 12604->12602 12604->12603 12606 406468 12605->12606 12607 40648a 12606->12607 12609 4064b1 12606->12609 12608 40dd9b __wsopen_s 39 API calls 12607->12608 12611 4064a7 12608->12611 12610 40577e 15 API calls 12609->12610 12609->12611 12610->12611 12611->12323 12613 40914b 12612->12613 12840 406134 12613->12840 12615 40915b 12615->12323 12617 406772 40 API calls 12616->12617 12618 40918e 12617->12618 12618->12323 12621 40ffba 12619->12621 12620 40fffb 12623 40ffbe __wsopen_s 12620->12623 12625 40ffe7 __wsopen_s 12620->12625 12847 4105a1 12620->12847 12621->12620 12622 409340 __wsopen_s 49 API calls 12621->12622 12621->12623 12621->12625 12622->12620 12623->12323 12624 40dd9b __wsopen_s 39 API calls 12624->12623 12625->12623 12625->12624 12627 4100b6 12627->12623 12628 4100cc GetLastError 12627->12628 12628->12623 12628->12625 12630 4057a5 12629->12630 12631 405793 12629->12631 12630->12631 12632 40efae __wsopen_s 15 API calls 12630->12632 12631->12583 12633 4057c9 12632->12633 12634 4057d1 12633->12634 12635 4057dc 12633->12635 12636 40dbb9 __freea 14 API calls 12634->12636 12659 404e17 12635->12659 12636->12631 12639 40dbb9 __freea 14 API calls 12639->12631 12641 40fe59 12640->12641 12643 40fe35 12640->12643 12641->12643 12644 40fe8c 12641->12644 12642 40dd9b __wsopen_s 39 API calls 12654 408d31 12642->12654 12643->12642 12645 40fef4 12644->12645 12646 40fec5 12644->12646 12647 40ff1d 12645->12647 12648 40ff22 12645->12648 12662 40fcc8 12646->12662 12651 40ff84 12647->12651 12652 40ff4a 12647->12652 12670 40f551 12648->12670 12697 40f87e 12651->12697 12655 40ff6a 12652->12655 12656 40ff4f 12652->12656 12654->12586 12654->12587 12690 40fa75 12655->12690 12680 40fbf9 12656->12680 12660 40dbb9 __freea 14 API calls 12659->12660 12661 404e26 12660->12661 12661->12639 12663 40fce9 12662->12663 12664 40fcde 12662->12664 12704 40d60e 12663->12704 12664->12654 12667 40fd4e 12667->12654 12668 40de28 __wsopen_s 11 API calls 12669 40fd5c 12668->12669 12671 40f564 12670->12671 12672 40f573 12671->12672 12673 40f595 12671->12673 12675 40dd9b __wsopen_s 39 API calls 12672->12675 12674 40f5aa 12673->12674 12677 40f5fd 12673->12677 12676 40f87e 51 API calls 12674->12676 12679 40f58b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __wsopen_s __allrem _strrchr 12675->12679 12676->12679 12678 409340 __wsopen_s 49 API calls 12677->12678 12677->12679 12678->12679 12679->12654 12713 41453b 12680->12713 12684 40fc67 12685 40fc6e 12684->12685 12686 40fca7 12684->12686 12687 40fc80 12684->12687 12685->12654 12779 40f922 12686->12779 12775 40fb0b 12687->12775 12691 41453b 41 API calls 12690->12691 12692 40faa4 12691->12692 12693 413f94 39 API calls 12692->12693 12694 40fae5 12693->12694 12695 40faec 12694->12695 12696 40fb0b 49 API calls 12694->12696 12695->12654 12696->12695 12698 41453b 41 API calls 12697->12698 12699 40f8a8 12698->12699 12700 413f94 39 API calls 12699->12700 12701 40f8f6 12700->12701 12702 40f8fd 12701->12702 12703 40f922 49 API calls 12701->12703 12702->12654 12703->12702 12705 40d61c 12704->12705 12706 40d62a 12704->12706 12705->12706 12711 40d642 12705->12711 12707 40e714 __dosmaperr 14 API calls 12706->12707 12708 40d632 12707->12708 12710 40de18 __wsopen_s 39 API calls 12708->12710 12709 40d63c 12709->12667 12709->12668 12710->12709 12711->12709 12712 40e714 __dosmaperr 14 API calls 12711->12712 12712->12708 12714 41456f 12713->12714 12791 40d573 12714->12791 12716 4145d8 12717 414696 12716->12717 12720 414671 12716->12720 12721 414631 12716->12721 12730 414604 12716->12730 12719 40d573 39 API calls 12717->12719 12718 40d60e 39 API calls 12722 414661 12718->12722 12723 4146c0 12719->12723 12725 40d60e 39 API calls 12720->12725 12721->12717 12721->12730 12724 415b16 12722->12724 12728 41466c 12722->12728 12726 40d573 39 API calls 12723->12726 12727 40de28 __wsopen_s 11 API calls 12724->12727 12725->12722 12729 4146d3 12726->12729 12731 415b22 12727->12731 12732 401c6c _ValidateLocalCookies 5 API calls 12728->12732 12797 416e60 12729->12797 12730->12718 12733 40fc29 12732->12733 12769 413f94 12733->12769 12735 41474d 12805 416f70 12735->12805 12737 414757 12738 4149b5 12737->12738 12742 4147f5 12737->12742 12747 414a52 12737->12747 12741 40c516 __wsopen_s 39 API calls 12738->12741 12738->12747 12739 414c6c 12740 40c516 __wsopen_s 39 API calls 12739->12740 12749 414bde __wsopen_s 12739->12749 12740->12749 12741->12747 12750 414892 12742->12750 12813 40c516 12742->12813 12743 414b97 12744 40c516 __wsopen_s 39 API calls 12743->12744 12743->12749 12744->12749 12745 40c516 __wsopen_s 39 API calls 12748 4149ad 12745->12748 12747->12739 12747->12743 12765 414d9c __wsopen_s 12748->12765 12768 4152b0 __wsopen_s 12748->12768 12749->12745 12751 40c516 __wsopen_s 39 API calls 12750->12751 12751->12748 12752 415813 12827 414090 12752->12827 12754 4151b5 12755 40c516 __wsopen_s 39 API calls 12754->12755 12756 41529e 12754->12756 12755->12756 12756->12752 12757 40c516 __wsopen_s 39 API calls 12756->12757 12757->12752 12758 415ac2 12762 40d573 39 API calls 12758->12762 12759 41585b 12760 40c516 __wsopen_s 39 API calls 12759->12760 12767 4158d6 12759->12767 12760->12767 12761 40c516 39 API calls __wsopen_s 12761->12765 12762->12728 12763 414090 39 API calls 12763->12767 12764 40c516 __wsopen_s 39 API calls 12764->12767 12765->12754 12765->12761 12766 40c516 39 API calls __wsopen_s 12766->12768 12767->12758 12767->12763 12767->12764 12768->12754 12768->12766 12770 413fa5 12769->12770 12773 413fc7 12769->12773 12771 40dd9b __wsopen_s 39 API calls 12770->12771 12774 413fbd __wsopen_s 12771->12774 12772 40dd9b __wsopen_s 39 API calls 12772->12774 12773->12772 12773->12774 12774->12684 12776 40fb28 12775->12776 12777 409340 __wsopen_s 49 API calls 12776->12777 12778 40fbac __wsopen_s 12776->12778 12777->12778 12778->12685 12780 40f934 12779->12780 12781 40f93e 12780->12781 12785 40f95f 12780->12785 12782 40dd9b __wsopen_s 39 API calls 12781->12782 12783 40f956 12782->12783 12783->12685 12784 40f9b4 12787 40d60e 39 API calls 12784->12787 12785->12784 12786 409340 __wsopen_s 49 API calls 12785->12786 12786->12784 12790 40f9ec __wsopen_s 12787->12790 12788 40de28 __wsopen_s 11 API calls 12789 40fa74 12788->12789 12790->12788 12792 40d591 12791->12792 12796 40d5b1 12791->12796 12793 40e714 __dosmaperr 14 API calls 12792->12793 12794 40d5a7 12793->12794 12795 40de18 __wsopen_s 39 API calls 12794->12795 12795->12796 12796->12716 12798 416e69 12797->12798 12799 416e9b 12797->12799 12798->12799 12800 416e96 12798->12800 12801 416eb8 20 API calls 12799->12801 12803 417ace 15 API calls 12800->12803 12802 416eab 12801->12802 12802->12735 12804 417ac6 12803->12804 12804->12735 12806 416f7d 12805->12806 12809 418587 __floor_pentium4 12805->12809 12807 416fae 12806->12807 12806->12809 12810 418393 __floor_pentium4 15 API calls 12807->12810 12811 416ff8 12807->12811 12808 4185f1 __floor_pentium4 12808->12737 12809->12808 12812 41896e __floor_pentium4 20 API calls 12809->12812 12810->12811 12811->12737 12812->12808 12814 40c527 12813->12814 12823 40c523 __wsopen_s 12813->12823 12815 40c52e 12814->12815 12818 40c541 __wsopen_s 12814->12818 12816 40e714 __dosmaperr 14 API calls 12815->12816 12817 40c533 12816->12817 12819 40de18 __wsopen_s 39 API calls 12817->12819 12820 40c578 12818->12820 12821 40c56f 12818->12821 12818->12823 12819->12823 12820->12823 12825 40e714 __dosmaperr 14 API calls 12820->12825 12822 40e714 __dosmaperr 14 API calls 12821->12822 12824 40c574 12822->12824 12823->12750 12826 40de18 __wsopen_s 39 API calls 12824->12826 12825->12824 12826->12823 12828 4140ae 12827->12828 12839 414209 __aulldiv __aullrem 12827->12839 12829 4140d3 12828->12829 12830 41410e 12828->12830 12828->12839 12831 40c516 __wsopen_s 39 API calls 12829->12831 12832 414112 12830->12832 12838 41415a __aulldiv __aullrem 12830->12838 12833 414100 12831->12833 12834 40c516 __wsopen_s 39 API calls 12832->12834 12833->12759 12836 414133 12834->12836 12835 40c516 __wsopen_s 39 API calls 12837 4141e3 12835->12837 12836->12759 12837->12759 12838->12835 12839->12759 12841 406149 12840->12841 12842 40616b 12841->12842 12844 406192 12841->12844 12843 40dd9b __wsopen_s 39 API calls 12842->12843 12845 406188 12843->12845 12844->12845 12846 40577e 15 API calls 12844->12846 12845->12615 12846->12845 12848 4105b4 __wsopen_s 12847->12848 12849 4105f2 WideCharToMultiByte 12848->12849 12849->12627 12852 40b87c __wsopen_s 12850->12852 12851 40b883 12853 40e714 __dosmaperr 14 API calls 12851->12853 12852->12851 12855 40b8a3 12852->12855 12854 40b888 12853->12854 12856 40de18 __wsopen_s 39 API calls 12854->12856 12857 40b8b5 12855->12857 12858 40b8a8 12855->12858 12859 40b893 12856->12859 12861 410cd3 17 API calls 12857->12861 12860 40e714 __dosmaperr 14 API calls 12858->12860 12859->12157 12859->12204 12860->12859 12862 40b8be 12861->12862 12863 40b8d2 12862->12863 12864 40b8c5 12862->12864 12867 40b910 12863->12867 12865 40e714 __dosmaperr 14 API calls 12864->12865 12865->12859 12868 40b914 12867->12868 12871 404ad4 LeaveCriticalSection 12868->12871 12870 40b925 12870->12859 12871->12870 12872->12213 12874 40949d 12873->12874 12875 409433 12873->12875 12874->12218 12876 410242 39 API calls 12875->12876 12877 40943a 12876->12877 12877->12874 12878 40e714 __dosmaperr 14 API calls 12877->12878 12879 409492 12878->12879 12880 40de18 __wsopen_s 39 API calls 12879->12880 12880->12874 12882 4114fe 12881->12882 12883 40e714 __dosmaperr 14 API calls 12882->12883 12886 41151f 12882->12886 12884 41150f 12883->12884 12885 40de18 __wsopen_s 39 API calls 12884->12885 12887 41151a 12885->12887 12886->12218 12887->12218 12891 404ad4 LeaveCriticalSection 12888->12891 12890 40bc9a 12890->12211 12891->12890 12893 40939b 39 API calls 12892->12893 12895 40bfb8 12893->12895 12894 40c000 12898 409340 __wsopen_s 49 API calls 12894->12898 12900 40c024 12894->12900 12895->12894 12896 40bfcd 12895->12896 12905 40bfe8 12895->12905 12897 40dd9b __wsopen_s 39 API calls 12896->12897 12897->12905 12898->12900 12901 40c048 12900->12901 12906 40c1ed 12900->12906 12902 40c0d0 12901->12902 12904 4092e0 39 API calls 12901->12904 12903 4092e0 39 API calls 12902->12903 12903->12905 12904->12902 12905->12222 12907 40c1f9 12906->12907 12911 40c20f 12906->12911 12913 411545 12907->12913 12909 40c21f 12909->12900 12910 40c204 12910->12900 12911->12909 12918 411569 12911->12918 12914 40e19a __wsopen_s 39 API calls 12913->12914 12915 411550 12914->12915 12925 40f390 12915->12925 12929 409b51 12918->12929 12922 401c6c _ValidateLocalCookies 5 API calls 12924 411632 12922->12924 12923 411596 12923->12922 12924->12909 12926 40f3a3 12925->12926 12927 40f3b8 12925->12927 12926->12927 12928 413329 __wsopen_s 39 API calls 12926->12928 12927->12910 12928->12927 12930 409b68 12929->12930 12931 409b6f 12929->12931 12930->12923 12937 412f3f 12930->12937 12931->12930 12932 40e19a __wsopen_s 39 API calls 12931->12932 12933 409b90 12932->12933 12934 40f390 __wsopen_s 39 API calls 12933->12934 12935 409ba6 12934->12935 12952 40f3ee 12935->12952 12938 409b51 __wsopen_s 48 API calls 12937->12938 12939 412f5f 12938->12939 12940 40f094 __wsopen_s MultiByteToWideChar 12939->12940 12944 412f8c 12940->12944 12941 41301b 12943 401c6c _ValidateLocalCookies 5 API calls 12941->12943 12942 413013 12956 413040 12942->12956 12946 41303e 12943->12946 12944->12941 12944->12942 12945 40efae __wsopen_s 15 API calls 12944->12945 12948 412fb1 __wsopen_s 12944->12948 12945->12948 12946->12923 12948->12942 12949 40f094 __wsopen_s MultiByteToWideChar 12948->12949 12950 412ffa 12949->12950 12950->12942 12951 413001 GetStringTypeW 12950->12951 12951->12942 12953 40f401 12952->12953 12954 40f416 12952->12954 12953->12954 12955 4125d8 __wsopen_s 49 API calls 12953->12955 12954->12930 12955->12954 12957 41304c 12956->12957 12958 41305d 12956->12958 12957->12958 12959 40dbb9 __freea 14 API calls 12957->12959 12958->12941 12959->12958 12961 401050 12960->12961 12964 401010 12961->12964 12965 401022 12964->12965 12968 409743 12965->12968 12969 409757 __wsopen_s 12968->12969 12970 409779 12969->12970 12972 4097a0 12969->12972 12971 40dd9b __wsopen_s 39 API calls 12970->12971 12973 409794 12971->12973 12977 40557e 12972->12977 12975 4043cb __wsopen_s 39 API calls 12973->12975 12976 40102c SHGetFolderPathA 12975->12976 12976->12181 12978 40558a __wsopen_s 12977->12978 12985 404ac0 EnterCriticalSection 12978->12985 12980 405598 12986 407201 12980->12986 12985->12980 12987 410428 40 API calls 12986->12987 12988 407228 12987->12988 13000 40755c 12988->13000 12991 4071e7 14 API calls 12992 40727c 12991->12992 12993 4104d3 72 API calls 12992->12993 12994 407289 12993->12994 12995 401c6c _ValidateLocalCookies 5 API calls 12994->12995 12996 4055a5 12995->12996 12997 4055cd 12996->12997 13084 404ad4 LeaveCriticalSection 12997->13084 12999 4055b6 12999->12973 13015 4093b6 13000->13015 13003 407582 13004 40dd9b __wsopen_s 39 API calls 13003->13004 13014 40726f 13004->13014 13007 409340 __wsopen_s 49 API calls 13009 4075aa 13007->13009 13008 40746a 39 API calls 13008->13009 13009->13007 13009->13008 13010 40779e 13009->13010 13009->13014 13021 407cf0 13009->13021 13055 40812c 13009->13055 13011 40dd9b __wsopen_s 39 API calls 13010->13011 13012 4077b8 13011->13012 13013 40dd9b __wsopen_s 39 API calls 13012->13013 13013->13014 13014->12991 13016 4093c1 13015->13016 13017 4093e3 13015->13017 13018 40dd9b __wsopen_s 39 API calls 13016->13018 13019 40941f 39 API calls 13017->13019 13020 407577 13018->13020 13019->13020 13020->13003 13020->13009 13020->13014 13022 407cf7 13021->13022 13023 407d0e 13021->13023 13025 407d4d 13022->13025 13026 408150 13022->13026 13027 4081bc 13022->13027 13024 40dd9b __wsopen_s 39 API calls 13023->13024 13023->13025 13030 407d42 13024->13030 13025->13009 13031 4081e4 13026->13031 13032 408156 13026->13032 13028 4081c1 13027->13028 13029 4081fb 13027->13029 13033 4081f2 13028->13033 13034 4081c3 13028->13034 13035 408200 13029->13035 13036 40821a 13029->13036 13030->13009 13039 406453 40 API calls 13031->13039 13041 4081b1 13032->13041 13042 40815b 13032->13042 13037 40913f 40 API calls 13033->13037 13045 4081d2 13034->13045 13047 40816a 13034->13047 13035->13031 13035->13041 13054 408183 13035->13054 13038 409179 40 API calls 13036->13038 13037->13054 13038->13054 13039->13054 13040 408c45 51 API calls 13040->13054 13044 406772 40 API calls 13041->13044 13053 408225 13041->13053 13043 408196 13042->13043 13042->13047 13042->13054 13046 408f7d 50 API calls 13043->13046 13043->13053 13044->13054 13045->13031 13049 4081d6 13045->13049 13046->13054 13047->13040 13047->13053 13048 401c6c _ValidateLocalCookies 5 API calls 13050 40846c 13048->13050 13051 4090ba 39 API calls 13049->13051 13049->13053 13050->13009 13051->13054 13052 40ffa5 50 API calls 13052->13054 13053->13048 13054->13052 13054->13053 13056 408150 13055->13056 13057 4081bc 13055->13057 13060 4081e4 13056->13060 13061 408156 13056->13061 13058 4081c1 13057->13058 13059 4081fb 13057->13059 13062 4081f2 13058->13062 13063 4081c3 13058->13063 13064 408200 13059->13064 13065 40821a 13059->13065 13069 406453 40 API calls 13060->13069 13071 4081b1 13061->13071 13072 40815b 13061->13072 13066 40913f 40 API calls 13062->13066 13067 40816a 13063->13067 13074 4081d2 13063->13074 13064->13060 13064->13071 13082 408183 13064->13082 13068 409179 40 API calls 13065->13068 13066->13082 13070 408c45 51 API calls 13067->13070 13083 408225 13067->13083 13068->13082 13069->13082 13070->13082 13073 406772 40 API calls 13071->13073 13071->13083 13072->13067 13075 408196 13072->13075 13072->13082 13073->13082 13074->13060 13076 4081d6 13074->13076 13077 408f7d 50 API calls 13075->13077 13075->13083 13080 4090ba 39 API calls 13076->13080 13076->13083 13077->13082 13078 401c6c _ValidateLocalCookies 5 API calls 13079 40846c 13078->13079 13079->13009 13080->13082 13081 40ffa5 50 API calls 13081->13082 13082->13081 13082->13083 13083->13078 13084->12999 13086 409b51 __wsopen_s 49 API calls 13085->13086 13087 409be5 13086->13087 13089 409bf7 13087->13089 13093 40e91f 13087->13093 13090 40997e 13089->13090 13099 4098cc 13090->13099 13096 40e727 13093->13096 13097 40e85a __dosmaperr 5 API calls 13096->13097 13098 40e73d 13097->13098 13098->13089 13100 4098f4 13099->13100 13101 4098da 13099->13101 13102 40991a 13100->13102 13103 4098fb 13100->13103 13117 409c12 13101->13117 13105 40f094 __wsopen_s MultiByteToWideChar 13102->13105 13107 4098e4 13103->13107 13121 409c2c 13103->13121 13109 409929 13105->13109 13107->12237 13107->12239 13108 409930 GetLastError 13111 40e6ba __dosmaperr 14 API calls 13108->13111 13109->13108 13110 409956 13109->13110 13112 409c2c 15 API calls 13109->13112 13110->13107 13113 40f094 __wsopen_s MultiByteToWideChar 13110->13113 13114 40993c 13111->13114 13112->13110 13115 40996d 13113->13115 13116 40e714 __dosmaperr 14 API calls 13114->13116 13115->13107 13115->13108 13116->13107 13118 409c25 13117->13118 13119 409c1d 13117->13119 13118->13107 13120 40dbb9 __freea 14 API calls 13119->13120 13120->13118 13122 409c12 14 API calls 13121->13122 13123 409c3a 13122->13123 13126 409c6b 13123->13126 13127 40efae __wsopen_s 15 API calls 13126->13127 13128 409c4b 13127->13128 13128->13107

      Executed Functions

      Function 004217D0 Relevance: 121.3, APIs: 59, Strings: 10, Instructions: 573windowtimeCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 4217d0-42181b SHGetFolderPathA call 4010b0 3 421821 0->3 4 421e34-421e39 0->4 7 421c37-421c40 3->7 8 421827-42182a 3->8 5 421e63-421e6a 4->5 6 421e3b-421e42 4->6 6->5 9 421e44-421e4b 6->9 10 421c46 7->10 11 421dbf-421dc4 7->11 12 421894-42189b 8->12 13 42182c-421831 8->13 17 421e56-421e5d InvalidateRect 9->17 18 421e4d-421e54 9->18 19 421d74-421dbd GlobalAlloc GlobalLock 10->19 20 421c4c-421c4f 10->20 11->5 16 421dca-421e03 GlobalAlloc GlobalLock 11->16 14 4218a1-4218d7 GetWindowLongW LoadBitmapW call 40b9f4 12->14 15 421aed-421c34 GetDlgItem ShowWindow GetDlgItem ShowWindow GetWindowLongW LoadBitmapW BeginPaint CreateCompatibleDC SelectObject GetObjectW BitBlt SetTextColor SetBkMode SetRect CreateFontA SelectObject DrawTextA SelectObject DeleteDC EndPaint 12->15 13->5 21 421837-421891 GetSystemMetrics * 2 SetWindowPos SetTimer 13->21 30 42190a-421a92 BeginPaint CreateCompatibleDC SelectObject GetObjectW BitBlt SetTextColor SetBkMode SetRect CreateFontA SelectObject call 4010b0 DrawTextA SelectObject DeleteDC EndPaint call 40b9f4 14->30 31 4218d9-421902 call 40bc9c call 40c244 call 40bb30 14->31 22 421e06-421e31 GlobalUnlock OpenClipboard EmptyClipboard SetClipboardData CloseClipboard 16->22 17->5 18->17 24 421e6d-421f02 KillTimer SHGetFolderPathA call 4010b0 call 40bb60 call 4010b0 call 40bb60 MessageBoxW call 40b7c8 18->24 19->22 25 421c55-421c5a 20->25 26 421d5c-421d71 EndDialog 20->26 25->5 29 421c60-421c79 MessageBoxW 25->29 29->5 33 421c7f-421cb0 GetDlgItemTextA 29->33 30->5 54 421a98-421abc call 4010b0 30->54 58 421907 31->58 37 421cb3-421cb8 33->37 37->37 38 421cba-421cbf 37->38 42 421cc1-421cd9 MessageBoxA 38->42 43 421cdc-421d34 call 421f10 SHGetFolderPathA call 4010b0 call 40b9f4 38->43 43->5 68 421d3a-421d59 call 40bf6c call 40bb30 43->68 62 421ac0-421ac5 54->62 58->30 62->62 65 421ac7-421adb call 40bf6c call 40bb30 62->65 73 421ae0-421aea 65->73
      APIs
      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 004217F4
      • GetSystemMetrics.USER32(00000000), ref: 0042183F
      • GetSystemMetrics.USER32(00000001), ref: 00421845
      • SetWindowPos.USER32(?,00000000,-000001E0,-0000014A,000003B5,00000294,00000014), ref: 00421871
      • SetTimer.USER32(?,00000D80,000003E8,00000000), ref: 00421884
      • GetWindowLongW.USER32(?,000000FA), ref: 004218A8
      • LoadBitmapW.USER32(00000000), ref: 004218AF
      • BeginPaint.USER32(?,?), ref: 00421917
      • CreateCompatibleDC.GDI32(00000000), ref: 00421924
      • SelectObject.GDI32(00000000,?), ref: 00421939
      • GetObjectW.GDI32(?,00000004,?), ref: 0042194A
      • BitBlt.GDI32(00000000,00000000,00000000,000003C0,00000292,?,00000000,00000000,00CC0020), ref: 0042196C
      • SetTextColor.GDI32(00000000,000000FF), ref: 00421978
      • SetBkMode.GDI32(00000000,00000001), ref: 00421981
      • SetRect.USER32(?,000001AE,0000032F,00000276,00000050), ref: 0042199D
      • CreateFontA.GDI32(00000032,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000020,Arial), ref: 004219C5
      • SelectObject.GDI32(00000000,00000000), ref: 004219CD
      • MessageBoxW.USER32(?,Are you sure this is right decription key? If not, you can loose all files...,Start Decryption,00000024), ref: 00421C70
      • GetDlgItemTextA.USER32(?,000003E9,?), ref: 00421CA6
      • MessageBoxA.USER32(00000000,Decryption Key is not correct!,00000000,00000000), ref: 00421CCC
      • InvalidateRect.USER32(?,00000000,00000000), ref: 00421E5D
      • KillTimer.USER32(?,00000D80), ref: 00421E75
      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00421E8B
      • MessageBoxW.USER32(00000000,Decryption Completed!Bye!See you later!,Decrypt Completed!,00000000), ref: 00421EF5
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: MessageObject$CreateFolderMetricsPathRectSelectSystemTextTimerWindow$BeginBitmapColorCompatibleFontInvalidateItemKillLoadLongModePaint
      • String ID: %02d:%02d:%02d$%s\dec_key.dat$%s\time.dat$Are you sure this is right decription key? If not, you can loose all files...$Arial$Decrypt Completed!$Decrypting...$Decryption Completed!Bye!See you later!$Decryption Key is not correct!$Start Decryption
      • API String ID: 1672296494-2570948240
      • Opcode ID: 811c0624ff765f54ba6f610265341ddbfcb73271d3b8bff3918e4e9504716e15
      • Instruction ID: dd55b208c73d7af40378f28d57004c38e611ef00b61417d0bd15b6a4241db361
      • Opcode Fuzzy Hash: 811c0624ff765f54ba6f610265341ddbfcb73271d3b8bff3918e4e9504716e15
      • Instruction Fuzzy Hash: F7022A31744354BBE7309F60EC0AFAB77A8EF48701F40052AFA44E61E1D7B89605879E
      Function 00422120 Relevance: 30.1, APIs: 10, Strings: 7, Instructions: 336filesleepCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 76 422120-42213b call 419570 79 42214a-422174 call 4023d0 76->79 80 42213d-422144 76->80 84 422177-422180 79->84 80->79 81 422599-42259f 80->81 84->84 85 422182-42218c 84->85 85->81 86 422192-4221e6 GetSystemDirectoryW 85->86 87 422279 86->87 88 4221ec-422229 wsprintfW 86->88 89 42227c-4222aa wsprintfW FindFirstFileW 87->89 90 422230-422239 88->90 89->81 91 4222b0-4222b9 89->91 90->90 92 42223b-422252 call 40c597 90->92 94 4222c0-4222c9 91->94 97 422254-42225c call 422120 92->97 98 422268-422271 GetFileAttributesW 92->98 94->94 96 4222cb-4222d5 94->96 99 4222db-4222e4 96->99 100 4224b9-4224c9 FindNextFileW 96->100 105 422261-422267 97->105 98->81 103 422277 98->103 99->100 104 4222ea-4222ef 99->104 100->91 102 4224cf-422508 call 4054b4 * 2 100->102 121 422570-422574 102->121 122 42250a-422522 call 40b9dd 102->122 103->89 104->100 107 4222f5-4222f7 104->107 109 4223d9-422428 call 4054b4 * 2 call 401d9c 107->109 110 4222fd-422300 107->110 109->100 143 42242e-422432 109->143 111 422306-42230c 110->111 114 42230e-422311 111->114 115 42232c-42232e 111->115 118 422313-42231b 114->118 119 422328-42232a 114->119 120 422331-422333 115->120 118->115 124 42231d-422326 118->124 119->120 120->100 127 422339-42233c 120->127 125 422592-422593 FindClose 121->125 126 422576-42258f DeleteFileW call 404ae8 121->126 122->125 137 422524-422526 122->137 124->111 124->119 125->81 126->125 131 422342-422348 127->131 135 42234a-42234d 131->135 136 422368-42236a 131->136 139 422364-422366 135->139 140 42234f-422357 135->140 142 42236d-42236f 136->142 141 422530-42253d 137->141 139->142 140->136 146 422359-422362 140->146 147 422556-42256f call 40bb30 FindClose 141->147 148 42253f-422545 call 40bf6c 141->148 142->100 149 422375-4223cf call 4054b4 * 3 call 422120 142->149 144 422471-422475 143->144 145 422434-42244a call 401d9c 143->145 153 4224b1-4224b3 Sleep 144->153 154 422477-42248d call 401d9c 144->154 145->153 162 42244c-422467 call 41b570 call 401070 145->162 146->131 146->139 160 42254a-422554 148->160 177 4223d4 149->177 153->100 154->153 166 42248f-4224ae call 41b050 call 401070 154->166 160->141 160->147 174 42246c-42246f 162->174 166->153 174->153 177->153
      APIs
      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0042219E
      • wsprintfW.USER32 ref: 0042221B
      • GetFileAttributesW.KERNELBASE(?), ref: 00422269
      • wsprintfW.USER32 ref: 00422289
      • FindFirstFileW.KERNELBASE(?,?), ref: 0042229C
      • Sleep.KERNELBASE(0000000A), ref: 004224B3
      • FindNextFileW.KERNELBASE(00000000,?), ref: 004224C1
      • FindClose.KERNELBASE(?), ref: 00422563
      • DeleteFileW.KERNEL32(?), ref: 0042257D
      • FindClose.KERNEL32(00000000), ref: 00422593
        • Part of subcall function 0041B570: __wsopen_s.LIBCMT ref: 0041B606
        • Part of subcall function 0041B570: __wsopen_s.LIBCMT ref: 0041B69E
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: FileFind$Close__wsopen_swsprintf$AttributesDeleteDirectoryFirstNextSleepSystem
      • String ID: %c:\%s\$%s*.*$CyberVolk$CyberVolk_ReadMe.txt$Decrypting File : %s$Encrypting File : %s$Users
      • API String ID: 2973641759-4147821354
      • Opcode ID: 0f6d49c5a4ec3518712f11fc26af789d837dfcf422f3ea09189e28d5e4601c5b
      • Instruction ID: b033234eca7aa505831a10926abab59911846830a1f99c6d2ec287cb4344414c
      • Opcode Fuzzy Hash: 0f6d49c5a4ec3518712f11fc26af789d837dfcf422f3ea09189e28d5e4601c5b
      • Instruction Fuzzy Hash: FAB1CA75F01124A6DB20EB60AD45BFA73B8AF15304F8401ABF909E3241E77D5B85CBA9
      Function 0041F230 Relevance: 1.7, Strings: 1, Instructions: 473COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID: mpAlloc: Unable to allocate memory.
      • API String ID: 0-845280520
      • Opcode ID: 029de81fe93267a38a20546da257c8cd7e1ffbb5619fd7e28268e5fb2a344ca6
      • Instruction ID: f665b4a57d4f11c809f21e939fb4aa43f1daa8998dc34324b82732385ee79fd3
      • Opcode Fuzzy Hash: 029de81fe93267a38a20546da257c8cd7e1ffbb5619fd7e28268e5fb2a344ca6
      • Instruction Fuzzy Hash: 97F18F71E002199BCF10CE98D580AEFB7B5EF89314F14417AED05AB355DB3A9D86CB88
      Function 0040A227 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 178 40a227-40a257 call 409f75 181 40a272-40a27e call 40d94e 178->181 182 40a259-40a264 call 40e701 178->182 187 40a280-40a295 call 40e701 call 40e714 181->187 188 40a297-40a2e0 call 409ee0 181->188 189 40a266-40a26d call 40e714 182->189 187->189 198 40a2e2-40a2eb 188->198 199 40a34d-40a356 GetFileType 188->199 196 40a54c-40a550 189->196 203 40a322-40a348 GetLastError call 40e6ba 198->203 204 40a2ed-40a2f1 198->204 200 40a358-40a389 GetLastError call 40e6ba CloseHandle 199->200 201 40a39f-40a3a2 199->201 200->189 215 40a38f-40a39a call 40e714 200->215 207 40a3a4-40a3a9 201->207 208 40a3ab-40a3b1 201->208 203->189 204->203 209 40a2f3-40a320 call 409ee0 204->209 212 40a3b5-40a403 call 40d899 207->212 208->212 213 40a3b3 208->213 209->199 209->203 220 40a422-40a44a call 409c8a 212->220 221 40a405-40a411 call 40a0ef 212->221 213->212 215->189 228 40a44c-40a44d 220->228 229 40a44f-40a490 220->229 221->220 227 40a413 221->227 230 40a415-40a41d call 40a6d5 227->230 228->230 231 40a4b1-40a4bf 229->231 232 40a492-40a496 229->232 230->196 233 40a4c5-40a4c9 231->233 234 40a54a 231->234 232->231 236 40a498-40a4ac 232->236 233->234 237 40a4cb-40a4fe CloseHandle call 409ee0 233->237 234->196 236->231 241 40a500-40a52c GetLastError call 40e6ba call 40da61 237->241 242 40a532-40a546 237->242 241->242 242->234
      APIs
        • Part of subcall function 00409EE0: CreateFileW.KERNELBASE(?,00000000,?,0040A2D0,?,?,00000000,?,0040A2D0,?,0000000C), ref: 00409EFD
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A33B
      • __dosmaperr.LIBCMT ref: 0040A342
      • GetFileType.KERNELBASE(00000000), ref: 0040A34E
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A358
      • __dosmaperr.LIBCMT ref: 0040A361
      • CloseHandle.KERNEL32(00000000), ref: 0040A381
      • CloseHandle.KERNEL32(00000000), ref: 0040A4CE
      • GetLastError.KERNEL32 ref: 0040A500
      • __dosmaperr.LIBCMT ref: 0040A507
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
      • String ID:
      • API String ID: 4237864984-0
      • Opcode ID: 84b5fc6ff9e779cda36edc251a4e67e13e50493fa361d34b249f3fa85d214795
      • Instruction ID: 99d847ddd401b531412e4621058274ec7057878802bb550f2c8b9a25e315a28b
      • Opcode Fuzzy Hash: 84b5fc6ff9e779cda36edc251a4e67e13e50493fa361d34b249f3fa85d214795
      • Instruction Fuzzy Hash: 64A13932A142149FCF29DF68DC51BAE3BA1AB46314F14016EF811AF3D1C7398D22CB5A
      Function 0041B570 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 307fileCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __wsopen_s.LIBCMT ref: 0041B606
      • __wsopen_s.LIBCMT ref: 0041B69E
      • GetFileAttributesW.KERNELBASE(?), ref: 0041B912
      • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0041B91D
      • DeleteFileW.KERNELBASE(?), ref: 0041B924
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: File$Attributes__wsopen_s$Delete
      • String ID: ---*8+8*---$CyberVolk
      • API String ID: 2837687686-1444072946
      • Opcode ID: 0451e636157b565d608338e98a355a6a320915be494fc8fb147e724f8826f5d5
      • Instruction ID: 5c8dba3fcfc784cd9e07ed697ce17a3025e5123d8b50328cfd2b424a21b774bf
      • Opcode Fuzzy Hash: 0451e636157b565d608338e98a355a6a320915be494fc8fb147e724f8826f5d5
      • Instruction Fuzzy Hash: 47B1D7B2D00218ABDF10EB95DC42BDEB7B8FF44704F04417AF904B7281EB7959458BA9
      Function 00405129 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 340 405129-405139 341 405153-405155 340->341 342 40513b-40514e call 40e701 call 40e714 340->342 343 405495-4054a2 call 40e701 call 40e714 341->343 344 40515b-405161 341->344 356 4054ad 342->356 361 4054a8 call 40de18 343->361 344->343 346 405167-405190 344->346 346->343 349 405196-40519f 346->349 353 4051a1-4051b4 call 40e701 call 40e714 349->353 354 4051b9-4051bb 349->354 353->361 359 405491-405493 354->359 360 4051c1-4051c5 354->360 362 4054b0-4054b3 356->362 359->362 360->359 364 4051cb-4051cf 360->364 361->356 364->353 367 4051d1-4051e8 364->367 369 4051ea-4051ed 367->369 370 40521d-405223 367->370 373 405213-40521b 369->373 374 4051ef-4051f5 369->374 371 405225-40522c 370->371 372 4051f7-40520e call 40e701 call 40e714 call 40de18 370->372 377 405230-40524e call 40efae call 40dbb9 * 2 371->377 378 40522e 371->378 404 4053c8 372->404 376 405290-4052af 373->376 374->372 374->373 380 4052b5-4052c1 376->380 381 40536b-405374 call 40ef58 376->381 408 405250-405266 call 40e714 call 40e701 377->408 409 40526b-40528e call 40490b 377->409 378->377 380->381 385 4052c7-4052c9 380->385 392 4053e5 381->392 393 405376-405388 381->393 385->381 389 4052cf-4052f0 385->389 389->381 394 4052f2-405308 389->394 396 4053e9-4053ff ReadFile 392->396 393->392 398 40538a-405399 GetConsoleMode 393->398 394->381 399 40530a-40530c 394->399 402 405401-405407 396->402 403 40545d-405468 GetLastError 396->403 398->392 405 40539b-40539f 398->405 399->381 406 40530e-405331 399->406 402->403 412 405409 402->412 410 405481-405484 403->410 411 40546a-40547c call 40e714 call 40e701 403->411 414 4053cb-4053d5 call 40dbb9 404->414 405->396 413 4053a1-4053b9 ReadConsoleW 405->413 406->381 407 405333-405349 406->407 407->381 416 40534b-40534d 407->416 408->404 409->376 423 4053c1-4053c7 call 40e6ba 410->423 424 40548a-40548c 410->424 411->404 420 40540c-40541e 412->420 421 4053da-4053e3 413->421 422 4053bb GetLastError 413->422 414->362 416->381 426 40534f-405366 416->426 420->414 430 405420-405424 420->430 421->420 422->423 423->404 424->414 426->381 434 405426-405436 call 404e3b 430->434 435 40543d-40544a 430->435 447 405439-40543b 434->447 440 405456-40545b call 404c5d 435->440 441 40544c call 404f92 435->441 445 405451-405454 440->445 441->445 445->447 447->414
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7e4ce0697935ae634dc38d0581faf21c037fac7ba5cf4317c3212b623c74e94d
      • Instruction ID: 7ba87baac9fe0e6c32a6768f8974635cf36fab09f2cc826fcfc223d89f99d59d
      • Opcode Fuzzy Hash: 7e4ce0697935ae634dc38d0581faf21c037fac7ba5cf4317c3212b623c74e94d
      • Instruction Fuzzy Hash: 1BB1D270A046059FDB11DFA9C881BAF7BB1EF45304F5441BAE901AB3D2C7789942CF69
      Function 004225C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19sleepwindowCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 448 4225c0-4225cf 449 4225d5-4225e0 FindWindowA 448->449 450 4225e2-4225e9 PostMessageW 449->450 451 4225eb-4225f2 Sleep 449->451 450->451 451->449
      APIs
      • FindWindowA.USER32(TaskManagerWindow,00000000), ref: 004225DC
      • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 004225E9
      • Sleep.KERNELBASE(000003E8), ref: 004225F0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: FindMessagePostSleepWindow
      • String ID: TaskManagerWindow
      • API String ID: 529655941-548990918
      • Opcode ID: 18520621e4a74e494050106154db41198b2dbbba7d800ac0757979eeac646ca1
      • Instruction ID: cdf7344d8b5ea54c798bebc52d31b4080fb5e663c48d23ddd9809f7655891b59
      • Opcode Fuzzy Hash: 18520621e4a74e494050106154db41198b2dbbba7d800ac0757979eeac646ca1
      • Instruction Fuzzy Hash: EED05E31780321B7E5305B956D53F1AA26C7B8CB01FA500127300AB1D08EE8B941867D
      Function 0040B08F Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 523 40b08f-40b0b1 524 40b2a4 523->524 525 40b0b7-40b0b9 523->525 528 40b2a6-40b2aa 524->528 526 40b0e5-40b108 525->526 527 40b0bb-40b0da call 40dd9b 525->527 530 40b10a-40b10c 526->530 531 40b10e-40b114 526->531 534 40b0dd-40b0e0 527->534 530->531 533 40b116-40b127 530->533 531->527 531->533 535 40b129-40b137 call 40494b 533->535 536 40b13a-40b14a call 40abd4 533->536 534->528 535->536 541 40b193-40b1a5 536->541 542 40b14c-40b152 536->542 545 40b1a7-40b1ad 541->545 546 40b1fc-40b21c WriteFile 541->546 543 40b154-40b157 542->543 544 40b17b-40b191 call 40a7a5 542->544 547 40b162-40b171 call 40ab6c 543->547 548 40b159-40b15c 543->548 564 40b174-40b176 544->564 552 40b1e8-40b1f5 call 40ac51 545->552 553 40b1af-40b1b2 545->553 550 40b227 546->550 551 40b21e-40b224 GetLastError 546->551 547->564 548->547 554 40b23c-40b23f 548->554 558 40b22a-40b235 550->558 551->550 563 40b1fa 552->563 559 40b1d4-40b1e6 call 40ae15 553->559 560 40b1b4-40b1b7 553->560 567 40b242-40b244 554->567 565 40b237-40b23a 558->565 566 40b29f-40b2a2 558->566 570 40b1cf-40b1d2 559->570 560->567 568 40b1bd-40b1ca call 40ad2c 560->568 563->570 564->558 565->554 566->528 571 40b272-40b27e 567->571 572 40b246-40b24b 567->572 568->570 570->564 574 40b280-40b286 571->574 575 40b288-40b29a 571->575 576 40b264-40b26d call 40e6dd 572->576 577 40b24d-40b25f 572->577 574->524 574->575 575->534 576->534 577->534
      APIs
        • Part of subcall function 0040A7A5: GetConsoleOutputCP.KERNEL32(D90DAE75,00000000,00000000,?), ref: 0040A808
      • WriteFile.KERNELBASE(?,?,?,00404606,00000000,?,00000000,00000000,?,00404606,00000000,00000000,00404543,?,00000000,?), ref: 0040B214
      • GetLastError.KERNEL32(?,00404606,00000000,00000000,00404543,?,00000000,?,?,?,?,?), ref: 0040B21E
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ConsoleErrorFileLastOutputWrite
      • String ID:
      • API String ID: 2915228174-0
      • Opcode ID: 7ce598fac76164d7a54c5251f0cffa3c8ba1f8794ac10e64b66eb1dbb88414ec
      • Instruction ID: b5ede2cc8c0ded895fa99e22f28d9bf08a7ae0109b9d5c165957d26c8c1dc046
      • Opcode Fuzzy Hash: 7ce598fac76164d7a54c5251f0cffa3c8ba1f8794ac10e64b66eb1dbb88414ec
      • Instruction Fuzzy Hash: 0061A571904119AFDF11DFA8C884EAFBBB5EF49304F1401AAE900BB295D339D911CB9D
      Function 00404555 Relevance: 3.2, APIs: 2, Instructions: 151fileCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 580 404555-40457e call 40437e 583 4046c4-4046c8 580->583 584 404584-40458d 580->584 585 4046ca-4046cd 583->585 586 4046cf-4046d1 583->586 584->583 587 404593-4045a1 584->587 588 4046d2-4046eb call 40490b 585->588 586->588 589 4045a7 587->589 590 404679-40468f call 40490b 587->590 591 4045b1-4045c3 call 40db5c 589->591 592 4045a9-4045ab 589->592 599 404691-404695 590->599 600 404699-4046a9 call 40daf2 SetEndOfFile 590->600 607 4045d4-4045e7 call 40ce30 591->607 608 4045c5-4045cf 591->608 592->591 595 40466f-404671 592->595 601 404673 595->601 602 40463b-40463d 595->602 599->602 604 404697 599->604 600->602 613 4046ab-4046c2 GetLastError 600->613 601->590 606 404675-404677 601->606 602->588 604->585 606->590 606->602 615 4045ea-4045ec 607->615 610 404666-40466d call 40dbb9 608->610 610->588 613->588 617 4045fd-40460c call 40b08f 615->617 618 4045ee 615->618 623 404642-404646 617->623 624 40460e-404621 617->624 619 4045f0-4045f6 618->619 620 4045f8 618->620 619->617 619->620 620->617 625 404648-40464c 623->625 626 404659-40465d 623->626 624->620 627 404623 624->627 625->626 628 40464e-404652 625->628 629 404664 626->629 630 40465f-404662 626->630 631 404625-404627 627->631 632 404629-404638 call 40ce30 call 40dbb9 627->632 628->626 629->610 630->610 631->615 631->632 632->602
      APIs
      • SetEndOfFile.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00404543,?,?,?,?,00000000,?), ref: 004046A1
      • GetLastError.KERNEL32(?,?,?,?,00404543,?,?,?,?,00000000,?), ref: 004046AB
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ErrorFileLast
      • String ID:
      • API String ID: 734332943-0
      • Opcode ID: 229cbc7243337ebfb25097b472a21b49f8584942f4c03b832eb9fc9579087471
      • Instruction ID: a3c3d70232fc153e87aca68bfa4fdfe1926ced65522b67d3c55163f9fa4e937f
      • Opcode Fuzzy Hash: 229cbc7243337ebfb25097b472a21b49f8584942f4c03b832eb9fc9579087471
      • Instruction Fuzzy Hash: B15136F1900205ABDB149FA9CC51BAA7B70AF85314F14063BE710B22D1E77EA9948B98
      Function 0040AC51 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 637 40ac51-40aca6 call 419570 640 40aca8 637->640 641 40ad1b-40ad2b call 401c6c 637->641 642 40acae 640->642 644 40acb4-40acb6 642->644 646 40acd0-40acf5 WriteFile 644->646 647 40acb8-40acbd 644->647 650 40ad13-40ad19 GetLastError 646->650 651 40acf7-40ad02 646->651 648 40acc6-40acce 647->648 649 40acbf-40acc5 647->649 648->644 648->646 649->648 650->641 651->641 652 40ad04-40ad0f 651->652 652->642 653 40ad11 652->653 653->641
      APIs
      • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,0040B1FA,?,?,?,?,?,00000000), ref: 0040ACED
      • GetLastError.KERNEL32(?,0040B1FA,?,?,?,?,?,00000000,00000000,?,00404606,00000000,00000000,00404543,?,00000000), ref: 0040AD13
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ErrorFileLastWrite
      • String ID:
      • API String ID: 442123175-0
      • Opcode ID: b960fd61ec2fa46675afc9b54e6f81c4519606d1bb2c4305beefcfb4b0879e6a
      • Instruction ID: a3326c27e2b64734375ebf19eceb7b96d42afe44da8d6987db1f2f4e2d9bf7e0
      • Opcode Fuzzy Hash: b960fd61ec2fa46675afc9b54e6f81c4519606d1bb2c4305beefcfb4b0879e6a
      • Instruction Fuzzy Hash: 9921D830A002189BDF19CF29CD809D9B7B6EF49305F2040BAE906E7251D734DE42CBA9
      Function 00404848 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 654 404848-404860 call 40daf2 657 404862-404869 654->657 658 404876-40488c SetFilePointerEx 654->658 659 404870-404874 657->659 660 4048a1-4048ab 658->660 661 40488e-40489f GetLastError call 40e6dd 658->661 662 4048c7-4048ca 659->662 660->659 664 4048ad-4048c2 660->664 661->659 664->662
      APIs
      • SetFilePointerEx.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00404934,?,?,?,?,?), ref: 00404884
      • GetLastError.KERNEL32(?,?,?,?,00404934,?,?,?,?,?,00000000,?,?,?,00000000), ref: 00404891
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ErrorFileLastPointer
      • String ID:
      • API String ID: 2976181284-0
      • Opcode ID: c7a75ea659b7db70125876e354016121db21a1adac30f4af9fad8b2de5dfa2a5
      • Instruction ID: 00895847e711cce2e1d1c616558fc60fec95f9d55e61807d820823924837a3a7
      • Opcode Fuzzy Hash: c7a75ea659b7db70125876e354016121db21a1adac30f4af9fad8b2de5dfa2a5
      • Instruction Fuzzy Hash: F4016633B00144AFCB049F5ADC45DAE3B29EB81360B244229F910AB2E0E775ED528BD4
      Function 004220A0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 31sleepCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 666 4220a0-4220cd 667 4220fe-422118 call 422120 666->667 668 4220cf-4220d5 666->668 669 4220e0-4220fc call 422120 Sleep 668->669 669->667
      APIs
        • Part of subcall function 00422120: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0042219E
        • Part of subcall function 00422120: wsprintfW.USER32 ref: 0042221B
      • Sleep.KERNELBASE(000003E8), ref: 004220F3
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: DirectorySleepSystemwsprintf
      • String ID: :
      • API String ID: 649109447-336475711
      • Opcode ID: 834a7a34fe1537f5e1b55570d5327c334425180d875ae3738c56f63ff5f7e0c5
      • Instruction ID: a4349fc0aea8f0cd0cb912263fb528a8b1d7382390b48c31a9ba401943c7b077
      • Opcode Fuzzy Hash: 834a7a34fe1537f5e1b55570d5327c334425180d875ae3738c56f63ff5f7e0c5
      • Instruction Fuzzy Hash: 55F0F6206143546EC310EB64D840B5677E5EF49304F80866AF948472A1EB759695C3CE
      Function 0040DBB9 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 674 40dbb9-40dbc2 675 40dbf1-40dbf2 674->675 676 40dbc4-40dbd7 RtlFreeHeap 674->676 676->675 677 40dbd9-40dbf0 GetLastError call 40e677 call 40e714 676->677 677->675
      APIs
      • RtlFreeHeap.NTDLL(00000000,00000000,?,00412E4F,?,00000000,?,?,00412E74,?,00000007,?,?,00413274,?,?), ref: 0040DBCF
      • GetLastError.KERNEL32(?,?,00412E4F,?,00000000,?,?,00412E74,?,00000007,?,?,00413274,?,?), ref: 0040DBDA
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ErrorFreeHeapLast
      • String ID:
      • API String ID: 485612231-0
      • Opcode ID: 311d3bd6e41114e11797529518d3619411553e5bb0725c7109a26b79b0536d2d
      • Instruction ID: 125e0dedb952b19c69316c1ae0e1cecd299d830c84604f35052e05e5694d3c7c
      • Opcode Fuzzy Hash: 311d3bd6e41114e11797529518d3619411553e5bb0725c7109a26b79b0536d2d
      • Instruction Fuzzy Hash: 34E08631600304A7CF212FA5FC0AF953B689B40396F554476F508A71A0DA39D951D79C
      Function 004217A0 Relevance: 3.0, APIs: 2, Instructions: 14COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 682 4217a0-4217ae 683 4217b0-4217c2 GetModuleHandleW DialogBoxParamW 682->683 683->683
      APIs
      • GetModuleHandleW.KERNEL32(00000000,00000065,00000000,004217D0,00000000), ref: 004217BD
      • DialogBoxParamW.USER32(00000000), ref: 004217C0
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: DialogHandleModuleParam
      • String ID:
      • API String ID: 3900296288-0
      • Opcode ID: 20d163d04deb68ee9fb7c61ac6930edc05650b8fc73c09a03f5e564eb6ffb77b
      • Instruction ID: 54c917d5f2e1e8f9936187a642ff1c4918dd028c912d701bf8349580e909bc44
      • Opcode Fuzzy Hash: 20d163d04deb68ee9fb7c61ac6930edc05650b8fc73c09a03f5e564eb6ffb77b
      • Instruction Fuzzy Hash: 28C012317803287AE1301A512C0AF122669ABE6B92FA50012B208BB1E092E835024AAC
      Function 0040A705 Relevance: 2.6, APIs: 2, Instructions: 63COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,0040A5BC,00000000,CF830579,00429E00,0000000C,0040A6A8,0040BB05,?), ref: 0040A75B
      • GetLastError.KERNEL32(?,0040A5BC,00000000,CF830579,00429E00,0000000C,0040A6A8,0040BB05,?), ref: 0040A765
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: CloseErrorHandleLast
      • String ID:
      • API String ID: 918212764-0
      • Opcode ID: a6919cf8e2aeb9ad13bfa66974edfeb1dd09d25697d2d1e204f1d76ad7661be2
      • Instruction ID: f5de8b9b6c16d480d24cde734f0a0de3f8b3e36fc649fdd8f4eb809378448b7e
      • Opcode Fuzzy Hash: a6919cf8e2aeb9ad13bfa66974edfeb1dd09d25697d2d1e204f1d76ad7661be2
      • Instruction Fuzzy Hash: D2112C33B0432016D6246779984576E27654BC1734F25C17FF904AB2D2DE7CCC52555E
      Function 0040DB5C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0040E338,00000001,00000364,00000000,00000005,000000FF,?,?,0040E719,004054DB,?,00000000), ref: 0040DB9D
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: 5710141d5ca78981eb45ff72e6db169292a46bc152f70106b9ad2d66f8860e5e
      • Instruction ID: 1f76f0bfda9c4dd3ebd0103981148e3126d6f41e3ea8e477e5042d43c669f5a3
      • Opcode Fuzzy Hash: 5710141d5ca78981eb45ff72e6db169292a46bc152f70106b9ad2d66f8860e5e
      • Instruction Fuzzy Hash: E9F0BB35E001216BDF316AA69C05E5B77649F41770B564037AC04B72D4CA3CFC0A85ED
      Function 0040EFAE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • RtlAllocateHeap.NTDLL(00000000,004123EF,?,?,004123EF,00000220), ref: 0040EFE0
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: 789a898d7620f06fec26d34a11210efa9d20f04317888af3ac89c3658935c332
      • Instruction ID: 062c959a320b300f6199eaeec431a38b74f997bcca5b58af8d2b457837026a57
      • Opcode Fuzzy Hash: 789a898d7620f06fec26d34a11210efa9d20f04317888af3ac89c3658935c332
      • Instruction Fuzzy Hash: 5BE0A03160522276D73036679C00F6B7A889F413A0F150833FC04B62D1CB3CDC2281AE
      Function 00409EE0 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • CreateFileW.KERNELBASE(?,00000000,?,0040A2D0,?,?,00000000,?,0040A2D0,?,0000000C), ref: 00409EFD
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: 201a5b9a27e9921ab18936582ab9adea995e3d56b43cbb4aa91ee185d53fc32d
      • Instruction ID: b12041c3212dae0ef7992070ea6fd0072dcb3cf981766238861525c1aa87979b
      • Opcode Fuzzy Hash: 201a5b9a27e9921ab18936582ab9adea995e3d56b43cbb4aa91ee185d53fc32d
      • Instruction Fuzzy Hash: 1FD06C3210010DBFDF128F84ED06EDA3FAAFB48714F014010BE1856120C736E922AB94

      Non-executed Functions

      Function 0041453B Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: __floor_pentium4
      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
      • API String ID: 4168288129-2761157908
      • Opcode ID: 0e023c10cef105a068c2937e9dce541c888dd772b5193b6b1589276ae5a2b2da
      • Instruction ID: 4cd5d7f124f02012c0457ab2f035cc0a6fd488af70776ea1ed40647ae4e782e1
      • Opcode Fuzzy Hash: 0e023c10cef105a068c2937e9dce541c888dd772b5193b6b1589276ae5a2b2da
      • Instruction Fuzzy Hash: 0CD22871E08629CFDB65CE28DD447EAB7B5EB84305F1441EAD80DA7240EB78AEC18F45
      Function 00414090 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8ee022ebcd3b794e9c6918f11ef370322e5b5fb6b505caf49368c43b9470f291
      • Instruction ID: f1b269501245e7b72ff317757f6eec5574ba1e152e2fdd39685b106182e8e7c2
      • Opcode Fuzzy Hash: 8ee022ebcd3b794e9c6918f11ef370322e5b5fb6b505caf49368c43b9470f291
      • Instruction Fuzzy Hash: 84023E71E002199BDF14CFA9D9806EEB7F1FF88314F24826AE919E7340D735A981CB94
      Function 0040DC1C Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • IsDebuggerPresent.KERNEL32 ref: 0040DD14
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040DD1E
      • UnhandledExceptionFilter.KERNEL32(?), ref: 0040DD2B
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$DebuggerPresent
      • String ID:
      • API String ID: 3906539128-0
      • Opcode ID: 3278b85b4341945d49c1b5a9e3c500082c3a70f2605c9bf3fbce0f319fb45f68
      • Instruction ID: f8e90bc7f64416181669f383d8f767d880397e5980e439b95b51f3db9de2096c
      • Opcode Fuzzy Hash: 3278b85b4341945d49c1b5a9e3c500082c3a70f2605c9bf3fbce0f319fb45f68
      • Instruction Fuzzy Hash: DB31E574D4121C9BCB21DF64D98978DBBB8BF08310F5041EAE41CA7291E7749F858F48
      Function 0040846E Relevance: 2.8, Strings: 2, Instructions: 333COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID: 0ez@$ez@
      • API String ID: 0-158038262
      • Opcode ID: 4dde3aec2035edc19fd42e8d32a7740e0a096c25f0ac18bddd8a79cd9eb5cddd
      • Instruction ID: 4143748f76e305f900fe5258a8d458bcbf382464c44a0fea487cfad5a2ae80ef
      • Opcode Fuzzy Hash: 4dde3aec2035edc19fd42e8d32a7740e0a096c25f0ac18bddd8a79cd9eb5cddd
      • Instruction Fuzzy Hash: A6C1CC305006069FCB24CF68CA8466BBBB1AB45314F244A3FE4D2B77D2DB39AD05CB59
      Function 0040812C Relevance: 2.8, Strings: 2, Instructions: 318COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID: 0$Sw@
      • API String ID: 0-806046138
      • Opcode ID: 27b04a5c93238349ab016a17fd46debf514cb908b8a88ebc1f6a54b9f5604826
      • Instruction ID: 442b64585527de52dd556eed803af300e727b5db524a6f69b0b249c655b641cb
      • Opcode Fuzzy Hash: 27b04a5c93238349ab016a17fd46debf514cb908b8a88ebc1f6a54b9f5604826
      • Instruction Fuzzy Hash: EDB1C130900A0A9BCB24CF688A55ABFB7B1AF45704F14067FD5D2B77C1DE39A9028B59
      Function 00418CDF Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00418CDA,?,?,00000008,?,?,004188DD,00000000), ref: 00418F0C
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ExceptionRaise
      • String ID:
      • API String ID: 3997070919-0
      • Opcode ID: ca079592e913cef8b622a5ba12169945fafaea3225ad13a30810cf341b60d359
      • Instruction ID: 4a5862e0bf2af13422a38c514b9038d21c96d1d5ec586a4b75fe7d39c87bf9b2
      • Opcode Fuzzy Hash: ca079592e913cef8b622a5ba12169945fafaea3225ad13a30810cf341b60d359
      • Instruction Fuzzy Hash: CDB14C316106089FD715CF28C486BA57BE1FF45364F29865EE899CF2E1CB39E982CB44
      Function 004087CD Relevance: 1.6, Strings: 1, Instructions: 328COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID: 0
      • API String ID: 0-4108050209
      • Opcode ID: 2ad98bba61f6c2ee7dca4753edf4576ec53e625507d7fd8700589e0b3c99bd25
      • Instruction ID: cf3e49e72a9b5d38282a160b8d57d891802e7f1fe5074d7850fd44a772c93cec
      • Opcode Fuzzy Hash: 2ad98bba61f6c2ee7dca4753edf4576ec53e625507d7fd8700589e0b3c99bd25
      • Instruction Fuzzy Hash: 82B1D271A006068ACB24EF69CA445BFB7B1AF44300F44853FD4D6B77C0DA38AD06CB59
      Function 0041CBA0 Relevance: .6, Instructions: 569COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a090bb674a78e59e294422153f96ddf4d58d902e8434e30e959ffda20c01287c
      • Instruction ID: 490258aeb492b3a0c0269d93dea3ee72441efff719feaecaf895748587695bbb
      • Opcode Fuzzy Hash: a090bb674a78e59e294422153f96ddf4d58d902e8434e30e959ffda20c01287c
      • Instruction Fuzzy Hash: 02428E74E101648FDB48CF6AD89056AF7F1FB89300F9582BEDA55A7352C334AA11CFA4
      Function 0041FD70 Relevance: .2, Instructions: 195COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 0db3bad4e8f4f5f55dfbd45287799f0088ea6aa7a74d2e89eb1679e3a6a02169
      • Instruction ID: e47d215557369023547f4bb82a8ad14dd535f0b78830cde31bb66f667e964ca7
      • Opcode Fuzzy Hash: 0db3bad4e8f4f5f55dfbd45287799f0088ea6aa7a74d2e89eb1679e3a6a02169
      • Instruction Fuzzy Hash: 05519F71F001298BDB0CCE6DC9911BDF7A6EBC8310B54867ED816EB399DA709E45C784
      Function 0041B9D0 Relevance: .2, Instructions: 172COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ba02edc7283300824187a5b3d375996215993370f305d51b92b982a2a56373f3
      • Instruction ID: b8677d3f7f890a8ff1a7039b4bfd12704bf4c18131f9fa01f08e4ed45786d22e
      • Opcode Fuzzy Hash: ba02edc7283300824187a5b3d375996215993370f305d51b92b982a2a56373f3
      • Instruction Fuzzy Hash: F6517671A041354BEB088E2A88A03F67BE2DF96304F5542BBDCC9C7383C67C454A9BA4
      Function 00402040 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
      Download Yara Rule
      APIs
      • _ValidateLocalCookies.LIBCMT ref: 00402077
      • ___except_validate_context_record.LIBVCRUNTIME ref: 0040207F
      • _ValidateLocalCookies.LIBCMT ref: 00402108
      • __IsNonwritableInCurrentImage.LIBCMT ref: 00402133
      • _ValidateLocalCookies.LIBCMT ref: 00402188
      • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 0040219E
      • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 004021B3
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
      • String ID: csm
      • API String ID: 1385549066-1018135373
      • Opcode ID: d6f55394be560c9e350e487ec57c734f7e3971aceb843f1ddba4611a15cc044e
      • Instruction ID: 806a93b8c28938231cfe0bb25bcf973efd1b943194b9eb50d0967fca24de38a1
      • Opcode Fuzzy Hash: d6f55394be560c9e350e487ec57c734f7e3971aceb843f1ddba4611a15cc044e
      • Instruction Fuzzy Hash: AF410B34A002149BCF10DF25C989A9E7BB1AF45318F1481B7ED147B3D2C7B99906CB99
      Function 0040E78F Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • FreeLibrary.KERNEL32(00000000,?,0040EA74,00000022,FlsSetValue,00424C10,XLB,00000000,?,0040E323,00000005,000000FF,?,?,0040E719,004054DB), ref: 0040E850
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: FreeLibrary
      • String ID: api-ms-$ext-ms-$$B
      • API String ID: 3664257935-1840134057
      • Opcode ID: 08361d81830b6d13b8c1b39b89b9df7aa78405a968ec65283b5cc508f25afa02
      • Instruction ID: 9723e9da7d0564a7be829d23a98b6ec5a4cbb5325d445d9a8953b05dbcab363b
      • Opcode Fuzzy Hash: 08361d81830b6d13b8c1b39b89b9df7aa78405a968ec65283b5cc508f25afa02
      • Instruction Fuzzy Hash: 6521D832B01110E7C731AF62DC41A6B7768DB81760F648976E911B73D1D638ED22C6D8
      Function 0040F551 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: _strrchr
      • String ID:
      • API String ID: 3213747228-0
      • Opcode ID: b12888903f62ca3e38aeb72c7148cdd13d4d443db4019bcf65d691d936c656ae
      • Instruction ID: 955f21a1a4fefd935075aa35b8bba05b483717b1b7eef36990175b7b94f13dbe
      • Opcode Fuzzy Hash: b12888903f62ca3e38aeb72c7148cdd13d4d443db4019bcf65d691d936c656ae
      • Instruction Fuzzy Hash: CEB13532900255AFDB219E24C881BEA7BA5EF55310F14817BE904BB7C2D378D94AC7A9
      Function 0040B6DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,D90DAE75,?,?,00000000,00422714,000000FF,?,0040B6B9,?,?,0040B68D,00000016), ref: 0040B712
      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040B724
      • FreeLibrary.KERNEL32(00000000,?,00000000,00422714,000000FF,?,0040B6B9,?,?,0040B68D,00000016), ref: 0040B746
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: AddressFreeHandleLibraryModuleProc
      • String ID: CorExitProcess$mscoree.dll
      • API String ID: 4061214504-1276376045
      • Opcode ID: f3651774b478426827fa0fab7595c18c9d0cdf20c686b77babf527a74b2e8abc
      • Instruction ID: 59734b8f04e1560c28b926e4bab0eb2989af1e968af4d4fc46376537d219de98
      • Opcode Fuzzy Hash: f3651774b478426827fa0fab7595c18c9d0cdf20c686b77babf527a74b2e8abc
      • Instruction Fuzzy Hash: 03016731B44665ABDB218F54DC05FBFBBB8FB44B12F500536E811B22D0DB7D9900CA98
      Function 0040A7A5 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetConsoleOutputCP.KERNEL32(D90DAE75,00000000,00000000,?), ref: 0040A808
        • Part of subcall function 004105A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004169BF,?,00000000,-00000008), ref: 00410602
      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040AA5A
      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0040AAA0
      • GetLastError.KERNEL32 ref: 0040AB43
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
      • String ID:
      • API String ID: 2112829910-0
      • Opcode ID: d3462d8774652a80d1803ef709e5791e219efd14d35c4cb4e8a1869be772bfb1
      • Instruction ID: 5385bd44e4d51291c3c753f603148eec65c719a136e200b5d79736122cde0e4a
      • Opcode Fuzzy Hash: d3462d8774652a80d1803ef709e5791e219efd14d35c4cb4e8a1869be772bfb1
      • Instruction Fuzzy Hash: 44D19BB1E002489FCF14CFA8C9809EDBBB5EF09304F28416AE656FB391D634A952CF55
      Function 00415DE6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,004107A2,00000000,00000001,00000000,?,?,0040AB97,?,00000000,00000000), ref: 00415DFD
      • GetLastError.KERNEL32(?,004107A2,00000000,00000001,00000000,?,?,0040AB97,?,00000000,00000000,?,?,?,0040B171,?), ref: 00415E09
        • Part of subcall function 00415DCF: CloseHandle.KERNEL32(FFFFFFFE,00415E19,?,004107A2,00000000,00000001,00000000,?,?,0040AB97,?,00000000,00000000,?,?), ref: 00415DDF
      • ___initconout.LIBCMT ref: 00415E19
        • Part of subcall function 00415D91: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00415DC0,0041078F,?,?,0040AB97,?,00000000,00000000,?), ref: 00415DA4
      • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,004107A2,00000000,00000001,00000000,?,?,0040AB97,?,00000000,00000000,?), ref: 00415E2E
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
      • String ID:
      • API String ID: 2744216297-0
      • Opcode ID: 63e67da40fef5996b41fabc2c4f3f526ef184d2940aea294f3f9b85c4cf6801d
      • Instruction ID: 3b14cdfc99fa5212e22f6a7603f5e9e1e3e794d07f6a66640eef50d74b5e1516
      • Opcode Fuzzy Hash: 63e67da40fef5996b41fabc2c4f3f526ef184d2940aea294f3f9b85c4cf6801d
      • Instruction Fuzzy Hash: 43F01C36600614FBCF322FE5EC089DA3F6AEB493A1B508025FB1C95124C7368961EF98
      Function 0041B050 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 399COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: __wsopen_s
      • String ID: ---*8+8*---
      • API String ID: 3347428461-2055049666
      • Opcode ID: 35f315968e376b94d83773ef2943bfef4089f629e0f8ba7c5291995cfed714f1
      • Instruction ID: 09c662c0504b5f171cbf8336eea62a388d12119c98d866216ddec0e2295bcb22
      • Opcode Fuzzy Hash: 35f315968e376b94d83773ef2943bfef4089f629e0f8ba7c5291995cfed714f1
      • Instruction Fuzzy Hash: 0AE193B1D002089BDF10DFA9DD45BEEB7B5FF44304F14816AE808B7291EB799984CB99
      Function 00420F20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26windowCOMMON
      Download Yara Rule
      APIs
      • MessageBoxW.USER32(00000000,bdNew: Failed to calloc memory.,BigDigits Error,00000010), ref: 00420F2A
      Strings
      • BigDigits Error, xrefs: 00420F22
      • bdNew: Failed to calloc memory., xrefs: 00420F27
      Memory Dump Source
      • Source File: 00000000.00000002.4536003848.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.4535981329.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536036019.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536058650.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.4536079420.0000000000431000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_JpQFDOA7Uk.jbxd
      Similarity
      • API ID: Message
      • String ID: BigDigits Error$bdNew: Failed to calloc memory.
      • API String ID: 2030045667-3641427483
      • Opcode ID: ab9820f3fb2aef60738ea1e7d6ba51206ead017c576fa9f0e8cd8d63c7fe0e80
      • Instruction ID: 006e671d0cc663ac8d93f1e1f8fcd0b3430f2c7622c483b719a048e8a350d380
      • Opcode Fuzzy Hash: ab9820f3fb2aef60738ea1e7d6ba51206ead017c576fa9f0e8cd8d63c7fe0e80
      • Instruction Fuzzy Hash: 90D0A7307802256AF73427159E0A7233892AFE0B02F58C47EBA18581C3EBFA9841451C