General Info

File name

Gandcrab_5.0.4.exe

Full analysis
https://app.any.run/tasks/232c5459-252b-47c6-ac4d-25d0e67993eb
Verdict
Malicious activity
Threats:

GandCrab is probably one of the most famous Ransomware. A Ransomware is a malware that asks the victim to pay money in order to restore access to encrypted files. If the user does not cooperate the files are forever lost.

Analysis date
10/11/2018, 16:23:31
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

opendir

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

335859768d9a489eab3e3cbd157fb98f

SHA1

18c379b521788fc610623129ec3960de0f15f19d

SHA256

9b5b364a32c759ada38bdc4cbfaad3ed8dc333f87796e27eef52a96d43c821a2

SSDEEP

6144:Q8HMR1aMIM00M2Kkv3FQvI3e28tCdN9BFQvI3e28tCdN9:QH16M00Mw3FjNkMN9BFjNkMN9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
GandCrab keys found
  • Gandcrab_5.0.4.exe (PID: 2044)
Actions looks like stealing of personal data
  • Gandcrab_5.0.4.exe (PID: 2044)
Deletes shadow copies
  • Gandcrab_5.0.4.exe (PID: 2044)
Dropped file may contain instructions of ransomware
  • Gandcrab_5.0.4.exe (PID: 2044)
Renames files like Ransomware
  • Gandcrab_5.0.4.exe (PID: 2044)
Writes file to Word startup folder
  • Gandcrab_5.0.4.exe (PID: 2044)
Reads Internet Cache Settings
  • Gandcrab_5.0.4.exe (PID: 2044)
Creates files like Ransomware instruction
  • Gandcrab_5.0.4.exe (PID: 2044)
Creates files in the user directory
  • Gandcrab_5.0.4.exe (PID: 2044)
Dropped object may contain TOR URL's
  • Gandcrab_5.0.4.exe (PID: 2044)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:09:30 00:01:53+02:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
81408
InitializedDataSize:
97280
UninitializedDataSize:
null
EntryPoint:
0x62f8
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
29-Sep-2018 22:01:53
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
7
Time date stamp:
29-Sep-2018 22:01:53
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00013CC4 0x00013E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.57495
.rdata 0x00015000 0x00006B84 0x00006C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.60593
.data 0x0001C000 0x0000F894 0x0000DC00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.48966
.rsrc 0x0002C000 0x000001E0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.71768
.reloc 0x0002D000 0x000013C0 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.69088
.GAND 0x0002F000 0x0004BAF0 0x0004BC00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.73491
.CRAB 0x0007B000 0x00000200 0x00000200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.88315
Resources
1

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    SHELL32.dll

    ole32.dll

    MPR.dll

    WININET.dll

    RPCRT4.dll

    kernel32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #GANDCRAB gandcrab_5.0.4.exe wmic.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2044
CMD
"C:\Users\admin\AppData\Local\Temp\Gandcrab_5.0.4.exe"
Path
C:\Users\admin\AppData\Local\Temp\Gandcrab_5.0.4.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\gandcrab_5.0.4.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

PID
3880
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
No indicators
Parent process
Gandcrab_5.0.4.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147749908
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

Registry activity

Total events
122
Read events
91
Write events
31
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASAPI32
EnableFileTracing
0
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASAPI32
EnableConsoleTracing
0
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASAPI32
FileTracingMask
4294901760
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASAPI32
ConsoleTracingMask
4294901760
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASAPI32
MaxFileSize
1048576
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASAPI32
FileDirectory
%windir%\tracing
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASMANCS
EnableFileTracing
0
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASMANCS
EnableConsoleTracing
0
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASMANCS
FileTracingMask
4294901760
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASMANCS
ConsoleTracingMask
4294901760
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASMANCS
MaxFileSize
1048576
2044
Gandcrab_5.0.4.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Gandcrab_5_RASMANCS
FileDirectory
%windir%\tracing
2044
Gandcrab_5.0.4.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2044
Gandcrab_5.0.4.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2044
Gandcrab_5.0.4.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2044
Gandcrab_5.0.4.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2044
Gandcrab_5.0.4.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2044
Gandcrab_5.0.4.exe
write
HKEY_CURRENT_USER\Software\ex_data\data
ext
2E006A0070007200750075000000
2044
Gandcrab_5.0.4.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
public
0602000000A40000525341310008000001000100690EC6B9C716106315582A239D234994FACD8907C899BA2660C403A52C39B3453127B4FB38D2831D17B810FE6CEAC1B27AC36D5A206F989431D94697337399258CF0BA75F89DB7D89EB29EFBD8456AC56906C233B6210220F48AFC76E3EC8AB7C4C4D90368E2BE24748C2F9C0784353FB8A2EC1C49E5D761EBF2A789534B15187D96FA3151B6E85E436A44BCCB716BF29F18FC6528FCE62CB22318EC365371DF5C2F46A5C3AB4D221259FDCAE5747D2DC64C3657999716AF845D197D5CF7FE28D414BFD3EF5108F90A016C96235348F3018D0AEA9F64B00E7197399CE3EA08E03E6B696E0CBD4B9C7E02819559D94471B726880CDAFBFFB7088FB82DD86D30A6
2044
Gandcrab_5.0.4.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
private
94040000E87D6050176F02CD1CDC1F5768D2D3DCB7021E028D74C3BBE2AB7284065F456F87D4BFFCDDF41284E4812E01305C4CEF38DA66CC47BA1B8158F670A4DD953C0F1C3EA824023311D965AFBC0824035DDAAD39DE93980C9FAE56C14AEBF8174F2C4A482FE94EDA199E59DB0BAC088DFF80CAE4E6088B2FCEC401465D26AB0B80C97FD71EEA95934DBBC1B08688B82BF77DF8B531F0938BA6C6AB3588E1AA5B427D8876FCC831B09054D010012B9C83A20100A24CBA3522E2B159ECEBBE130BF18D884306842A54ADCAD0064D7FD0012E3364E7E2F5CB5AE2456A882524957DACE7100CD2646FFE44F53920C7D966FF1D79E6737DF3D8A7CD311B54579311F3843AB02DE1315FAB7568E8EBC5270F3256AFEE8F311869C00D472CB74C859B7959E8A8BF0468D56B66C23A4CFF71F985D62682734A3F553A2D1827CA2613BC7333E0A966CC6CD202951FB17D9C1C08B6F66A2C1F46073FC6B0695B99FE28A18A3E48AB460E89C0616481C7FFD3C344DE22C93CD52C0C28D89F0473A9179B8E8C79675707C6DC133D361CFB05C47355AFC7D283992955F431CD2C77E46C4E19AF987CAD9F96EC0395FC6E6AF1751C52EAC376578B0709231558441F68FA1E425CB112BDFAAD1B338756F4B1608A43A831706232A9BFC1C4098F15FD5DCDF2F40312DA794AAA5CDAAFF6272E13154801A4927524FDAF81ED205BBAA78C833B3BEDA1A664486A3FBB1E9282C658F557290C1C08C885268441171CF9BA4E390A1A57D9B70918B7D20876A93DDD4C3C4C487A8E603132EF27B956A90E9E9E4D882C2A8E309D470FFBDD538329C68849C41A01B41BFAF6171E2E8BE5FAFD762AF264510380614D26391CA172FA5199DCA953A2D9C22A736569F3341B2B020435DF3463A76A8F1FC58E73EDE62FAC081C59B0E539F44A93432B39A0DED47A6D429D29A32B761621302BA26CA7844F2AEB594B791D21C2FD6EDEF229E2785EE3A3844A4F6A62664D772EE5B7C3D3B89115A0B455F9712C25D3DFF0218C51C8957151BD8A5E2FA9F511234EE6299BF44DDB9F0743D04BB58DD617C2BDFE07040EC0ADE2C2870E07D890F0ED5A1AF094DEC02BA00413448BE82A1B18FF2EA20D186BBFECDCF8C992391C844969390A25606B2695D656177F5A21278C5564F2F647D6E2F8704CB27CFAF6F2343FAF855C001F5F2E8F8732B36C2293D92A9062E6842DF01070451B0D995BC600688F560DCCFC6D0EA1834C29B72F91A9BBF88CED85EC067C0644A6E207BBCD39BACCA366FD9E880610A651B901B00908B2912D7C04192BAD340D57A5A0A1EC6CC8B2345C88E1B4D68757BB2FFF7A95425974D5D65156F5181949115ACD9BDF302A8A515FAE17FD4834C7E05346C586401C990961DAF9AAD9672351A4426E822C4DC42DE85132932D9CDEFDF89953EDCFEF62D29C4DC1C49A27124A2DAAD50B0CB59F037F902EF86675A3717B9783E0DFCDC5B8EEA66676A5D9407717BB6D42C66D82E7DD424DE85EA4A1935BBA9E5FE7D0C77AAB8AA43EB9DC8DB09DB473D1714D859E4D397A123504580A3B2B0D816D224A16B3928C92FC015220A900FCEFCC2CFDE1F0C86C695544F0EE7B16B6287919A775335E1F9EB50883E56BA2118871571D6E1284CC2BC06A7A26C53173B18D7A8764C26B68E444E357B11AE95499F3B5F08DEE600B15AABC94163E8392F2954BC4829880880EFCDB72764FAE480DE2403576CFAEDDB3E1419BA71DDD900E9AE66BCF6A376037DA9C94BECD5685BD97697BA8D1C72523C252A82D10709EAE3EF2B545AC4CAB761BF98FF6823606D7BE3823039F66296B289FAC1636F87E99E638C86EA46A267E2DF1A66313BBC1C54EC2B0CFE99316802307F75FE087BA25A95507E5E8176914AE12126901365FBCD221961ED4CE8B9DEEDE702E616C1600C1C13853FDA4B6829CE15B9F958B7DF0CEBB34AC3F47FAFF5AC0C01071BA35836F76A583F82075A9338CF1863379523BD69BBB54EB66A0C08D5D1AB39DAC63704FD46870A03BB32646C7ACF8D5707A194E58EB617B2D57AAB199EDFDFB9EEED83102F3E43FF519678256B8B5B9611CE6478B337CF42D312B14E3741DD35CAC4FF4D0FCA44C148A10F84A1C831C919A03B025E7199C6ECFE792BA0354FBB7DE22A2E55FFECB08FD89C55E9BD216DB5B219846A3FFC7CDE46A009899FD0852D47102E0F283F9138BD504C46EF6BC9AC309A7D9F4A755018423215B8F4BBF127994B6EA2A7DA848EFA446541F98F9E3122C3C5A592965DF55500719B272A1E269C529FD87D86BB98B75C1A4A23B346B7F3C54C4A7A37216A3FA8ECE9BD697A8BFF5042BA59421866330E6F589D065AC8E1599B6D3A75DA39CC822DE069BB241A6FA

Files activity

Executable files
0
Suspicious files
284
Text files
207
Unknown types
4

Dropped files

PID
Process
Filename
Type
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 5a0ba3f929eb47bcda3af2bf12f4c80a
SHA256: 4911ff3ae6eab5befa4973e71f03961eacbd44c195f000e6a9b7fadfe61a2dbe
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: fa6ff5af14b099c051d1fb7830a3f0b6
SHA256: 6c46fbd960aa0087ef5b2dd435c797b95e1d157244d166a89150a251d25d6004
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: e5a3d8ec989ae3ae7525486c51845e4f
SHA256: 6e11afe906cf997837f670bf767b7093fd2059558f3a3fa681be90290abb908c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 54e559cef8146fe9aa8b5ba30ca4f6aa
SHA256: 9c086d962c942cff645dbd48b700191e96e3371b3d006e4eb3c7ac3c842057c9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Local\Temp\Cab4CE2.tmp
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Local\Temp\Tar4CE3.tmp
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Local\Temp\Tar4C64.tmp
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Local\Temp\Cab4C63.tmp
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Local\Temp\Cab4C51.tmp
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Local\Temp\Tar4C52.tmp
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 9b0798ef5fbacbb35e81871e1bd93211
SHA256: a623e695681c00feaebd48717e322773313a2a046c2e2b8e07e01e164ca86819
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 0b855a5b63be0dc822b1ee8e6dc67497
SHA256: 57ba099c6bb690c5413feb190946e69af2c1a03770e35e5c1291117d22d971ce
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Local\Temp\pidor.bmp
image
MD5: 50b366601f7efd883b08ca716744c00c
SHA256: 6fab71c415fd6f6248ed2e1c793355ff459b6129c774d9aecd9c053e9777d9f0
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Videos\Sample Videos\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Recorded TV\Sample Media\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.jpruu
binary
MD5: b274056a3352cc2b562965b9c271a216
SHA256: 35eb0f1d269876513a3eb9d9f951c2425be9273203fd4c0f24838883b61fbbe6
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Recorded TV\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.jpruu
binary
MD5: 5e558b4aa77307e90db88fbc79628af8
SHA256: 20f30eba40ea7ef9eb2fd0e1974ba63eae7cbce43555165a82b6606577025656
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.jpruu
binary
MD5: bd8229b308452a51adb31ed7108dfac0
SHA256: 12d35d82c0a242e03dde7ec16729348fd814215f5d6b545990d53d6a6fe1a17d
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.jpruu
binary
MD5: 70b73e234bb6ccb5ccbee1d0930d7737
SHA256: 2047a040254403f35ed527e951058f040e49ff4a2603b9ce38a3e73bac5190cb
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.jpruu
binary
MD5: e6f2cd63994a246776f5894e9161f7fe
SHA256: 3e92b9fd5cb7596de7a507d9560501ccc924903e4c88b48eefe861cf32d3650c
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.jpruu
binary
MD5: 59a8b66949c662115250fb65bc20bd89
SHA256: 50c29049a5b0afb4457ef51e210877b5ecfddf04fc5c3977885106e8ab619ada
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.jpruu
binary
MD5: 181b668ff44edeab56a74e2101da8926
SHA256: 24d7f134e2efc01293fa187492482e2a7f90114a412022d9522f290fe1f0a803
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.jpruu
binary
MD5: 070e44468546e75417ce9ce4c1f57a51
SHA256: 0f8899f57bd47b0359339b054f15f21fb5b1a8078979466fb45ae34c5fe90f43
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\Sample Pictures\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.jpruu
binary
MD5: 08478dcf9faff6c60764330a6e464515
SHA256: 1186870b11ee96f2ee96d310fc59caaa7763bb305f891d5645a370d35560b7ed
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\Sample Music\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Videos\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Downloads\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Favorites\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.jpruu
binary
MD5: e9f8ad3322926374b9efbb03c48e5c2b
SHA256: 3360d8394337370c00a2d63384b9ad058c374a97f63520e29de559248acd1fbd
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Libraries\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\Public\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Music\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Pictures\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\Public\Documents\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.jpruu
binary
MD5: e00c2ae6187f5a1697a49ef14511a112
SHA256: ba838d92843b7f1a01edd0d1426e85b4a7bd033453c66979a78c05b094f2fb40
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Searches\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.jpruu
binary
MD5: 3f96cf052a4421072be471d67e24ace8
SHA256: 79f95ca5d2b195b4559a51595ac1ff24776f323e7b659687fa2e1d2f12954840
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\noticemenu.jpg.jpruu
binary
MD5: c297206652baa902cfb360747c9236ea
SHA256: dba9781acbd0c97b9b65a301a8e279aa3b26a6a29da0801ee198418d04c0e635
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Saved Games\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\teachercategory.jpg.jpruu
binary
MD5: 2bede7b4c45d4e2562f8e3e783c71036
SHA256: b8954116635bbcd078377a1489611f9aafd36f97ced60c126c88980f85bbab2b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\issuesbeach.png.jpruu
binary
MD5: 4f2cb3198e8b9f999a5e23d1c04e4fa6
SHA256: 125a78f54a6e0c2127b2c54ab6f0086448b2752b4f81406c498b8ca2db8ecb00
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\mentree.png.jpruu
binary
MD5: cdd2fa228b83a54d75c245e5b0ac7f08
SHA256: 5b0aa425c65a837f00a3ed5f87188c43d37bc2bf7bf3a95cfbbf65e37dc58822
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\teachercategory.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\mentree.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\noticemenu.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\allowedmarch.jpg.jpruu
binary
MD5: b0fe2513bb404f623520f8ab7132e145
SHA256: 7e223b0241b53dcd18a62fa4249e55f6bf6ffce4f5bb86931c4d72e1f820d24f
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\examplelisten.png.jpruu
binary
MD5: c8abfb353574ec5684172a57ee4fb31d
SHA256: a86baccf38c09a9887827e113ebcce226c0a3495e677c7eead3590d69a04667c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\ntuser.ini.jpruu
binary
MD5: c3910f6507dd3a011ffc962c6bea7eb0
SHA256: bb445e7bed8072f702c48612f41921d07fc1c996709585ec2dd662a6145763a5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\commentssee.jpg.jpruu
binary
MD5: d880f86b3f924021641b21b54971f71f
SHA256: 47f58ed9b3eada74f338ed8295eb18940c0f5d73e626d7e2e5632fdc77ac6aaa
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\allowedmarch.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\issuesbeach.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\commentssee.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\examplelisten.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.jpruu
binary
MD5: 2a5e66607098621a202cd0e68abb9549
SHA256: 549a433240273067a4088b13251077a83563b9b2e965183b1ffd974a8bd9e850
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.jpruu
binary
MD5: 99d970fb471569ab3bf60c1b60337cb7
SHA256: 28d148eaf28f491b08e7962e827ff8376aab577d8e015f02177ebb36efc62287
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Links\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.jpruu
binary
MD5: b37d7f3d3ec6dff1242d4a972f903787
SHA256: 1bff37f1396edced526c05bb984d5a6c4d6c5d42e41298e1093187f9f79799d8
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.jpruu
binary
MD5: 9499568494f8b7a6b19c1f9ac3af6f19
SHA256: 08daf6d7d3d9bdb1a433361a88d7a3033815e338b7ac98c1b64d90aa269ea69b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.jpruu
binary
MD5: 7fe4cc8b6bb6fb6a7d5c3a8506022f0d
SHA256: fd3a8780f922e8f7d0a2eec8573b2a4bd9ccebbd864b030fc33127e8b850a866
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.jpruu
binary
MD5: d1befb428032e2e01b7cc38a3ff2e950
SHA256: 736e067a5da2d0f10e8b238436c62fe197977e90936f02a4c09ee1560dd77fd5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.jpruu
binary
MD5: 1a4b50b4d3983b7ee59408a05fc65e95
SHA256: 4ed6e91e8a1d01e8d976c7a2b56f3b98bd6b32abe4edabf9cd4132f6286ca3ac
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.jpruu
binary
MD5: 98b88b24764161e512525273430e2bf4
SHA256: e529c047b134a8e07c9e2a8dda375b6465a48ab2b4e8f1bc64da219d6d13cbdd
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.jpruu
binary
MD5: eb2fd7477f6ab18cef7006067d622729
SHA256: bcf1491bee1ea2b34dd9f61c6bf94553064363d6ee9c8f25034ac2b58b159e0a
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.jpruu
binary
MD5: 1fe8dfa42ef1201924308af4a5d6e822
SHA256: 23eca8a8d657e5e7d0655d50ea7bbf3ccd1cb9ca6c3ec9bc2ea4aae15abfa122
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.jpruu
binary
MD5: f15698ae5968f9cb114bf8d90cf14b62
SHA256: b3d2c8d206e7f9f36d5cf70ebad1dd846b5f5009877905e00611779e5745ec57
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\MSN Websites\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.jpruu
binary
MD5: c3060cda0cb7725e5a815b190a750eca
SHA256: d7cf35d0cb1bb25f48cc87ada29c4a00e5eb937b74cf07052e4b215cd687e581
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.jpruu
binary
MD5: c45d6ae4195ca053acb42ffcd13c4358
SHA256: ca76d064c0271b22cfb348d9b9e66b68650639f815f0f395fc18ee3b8250c2d0
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.jpruu
binary
MD5: 511f2e79d253f62a7b239326aa9367a5
SHA256: 201016fb41e777b87de2658955d1c4d028c838365fc1181b7ed3368d60136837
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.jpruu
binary
MD5: 02ab82522f6703eeb0320cd85c31dddb
SHA256: 010ad85a65961533f14a35cf27db26694fcbf7fbd79962d0cb8e5fbf9007dc03
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.jpruu
binary
MD5: 094fafab9535002c0ab099dd505f43f3
SHA256: d857c86a7b87ff5cb48e17ed0032f39e7b9486820ba734b02d6aa4048999241b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.jpruu
binary
MD5: 657c40dcab620518349aff77d32eaaf9
SHA256: 81bbac7de7895104fc43ba54e541f6e5bc7c6694be562c686c605ecd04ade3c9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.jpruu
binary
MD5: 099f2b5eb6fb3512d8cf87d60965257f
SHA256: 7e119e8ebfbdcee80e1569e15ee19a32e23a768d6527850f3992802f11646da5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links for United States\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.jpruu
binary
MD5: f342f755c9ad7ee76f4d126b61f126d9
SHA256: cd0791cd87a107cd88033830bd7899eb1322ca38d38930510627e89a338fa042
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Favorites\Links\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\windowseither.png.jpruu
binary
MD5: b51b57f5b78dcaa3fbf8fdf1614a452d
SHA256: 45002b9bfeba4cb93099c632170b49a6068b9336ab910ff020b653aeb124a99b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\windowseither.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\phenterminespanish.png.jpruu
binary
MD5: 614edb8c9ecd0c557b0bd9993ae9b19d
SHA256: e6743a2c7cd8207b683d9eac2369b3f96749e03ae42a5cc1057ec57bd29b8dc5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\phenterminespanish.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\movingxml.jpg.jpruu
binary
MD5: 91ab8b2951d110c429ddb97626b0c707
SHA256: 268b445cbe5ec7bad3635b6bb971b9855438471ebd253de7b485afceb3108605
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\movingxml.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\maxspace.png.jpruu
binary
MD5: f662e9dd3e06765c2d552c2eb43cedec
SHA256: 61333526f52d63f948032f86d349c8e1c294c49ebae9e8ef9312e068d03bd6c6
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\maxspace.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\coolcheap.png.jpruu
binary
MD5: 7cf2d12fca756c6486ed66cf4091e8f9
SHA256: 91a38cd7a9b3e40c0a6c3b833ae5fac34e273bd7eb9cdd516e0a89d24c547bfe
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\coolcheap.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\agreementprivate.jpg.jpruu
binary
MD5: 5c417fd8dae831f3350075c51c0b9ae3
SHA256: a93b20ad78f15f062d8d6dabd2ad271318bc26d137c9e7f15664622877e198d0
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\agreementprivate.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\uponapr.rtf.jpruu
binary
MD5: d433de20b0c8dba8f93cfa6ff6e01799
SHA256: c51fa18d84addf0ccc5665ad4c3adcd16a766cb214fe0e3aaf028547727c805d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.jpruu
binary
MD5: 9eae2d1711584d4e3d0ff3b4674bfa35
SHA256: 1e9be843d04da469cc4bcdb35525fdc2b0fad2b8e44b211fa255230b3d772c90
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Downloads\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\uponapr.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.jpruu
bs
MD5: fbf31c9cafec7ed6a1028ca623388d18
SHA256: bb4e4c71fde68c9f45d8ad073d9d6318768f9603c791ad92e01272a5b2a5e735
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.jpruu
binary
MD5: 7f91f1ec1a46b8a24ac35e9152c9b648
SHA256: fd7a42a799a7cd2da19ca778525e85b95888d08fb1aacceaeb55917dffdf8645
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: ac4a4bac495611c59a4cb0f231d622f7
SHA256: f1c16561a677ac737cfd8220414fda6b12633e957d115bbb31ffe33a828958fb
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.jpruu
binary
MD5: 8f9e3b038472c941c05d1cd8bcd2a95b
SHA256: 49576495019bb1202f3e80531ed90123d3f68ee76d04ecb8f567ceb770341130
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\Outlook Files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.jpruu
binary
MD5: 0c20bff9dbe4c2a237f0eba080bd61ac
SHA256: 4193c41ba388ed7e5c61341a023b65a147cf4337fd04f22bdd674ebfa4a0adfd
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.jpruu
binary
MD5: c706653a2f2e4889960caaea178a6553
SHA256: e069f2b3d367d75b9854107a0e3565748db25d8468d081d5a935f4a3727ef606
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\OneNote Notebooks\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Pictures\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Videos\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Music\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\minibin.rtf.jpruu
binary
MD5: 5246208a39616af79831ac668fe71018
SHA256: 763ab032d9aa42be0975c2c9269c37eb765e7cfccd54853d53c715d7e7cb65cc
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\minibin.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\includedwomen.rtf.jpruu
binary
MD5: 8bc08f23b5f7a0e8ab0670664dfa6934
SHA256: ce6b1aa8e62de536b53cc3a37d1e15b5d0bf69df2fc55a7d882e5cb45305e732
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\includedwomen.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\hotjack.rtf.jpruu
binary
MD5: 17018b55b3c6e11ca3f7486b46f37058
SHA256: 678abb202ee4166bcf6d5c93fa83282330b7681fd992e0e4538735b4a635730d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\hotjack.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\everythingindependent.rtf.jpruu
binary
MD5: cefd17efcc99c5cb54cbb19591f88eea
SHA256: 55d95570957ad3a14c46b08cf4df452273d89eee45ec1034938a527eb814ced9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\friendssolution.rtf.jpruu
binary
MD5: 03d60ed9cc0db82ac08b3a992a895e03
SHA256: 9afe1bfce31e8326959ff96c8114ba645348a7881de71e270077e45be7e5930c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\friendssolution.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\everythingindependent.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\alwayswed.rtf.jpruu
binary
MD5: 29173eb12199991b08b75b9fcbeb9925
SHA256: 2fed82b1d2c016a29880b068227a8994a903398f5dd80c881eaa8f862551f3ae
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\alwayswed.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\techartist.png.jpruu
binary
MD5: d6ba2b433f505b34c360de0de9e27c62
SHA256: bced0a404ba9ca16ccfacd217c016512b1f55928ccd82e69a1806df8793ddfa6
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Documents\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\techartist.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\standardpark.rtf.jpruu
binary
MD5: 59e86940f1a7d74d913cdd3c245e42ec
SHA256: e892e4ad0eaae7a832543e89dbcb883d66589da9e704e092ec181c27a9898c3d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\standardpark.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\poweredpc.rtf.jpruu
binary
MD5: 5b2e9222980df6112d2db68243bd6050
SHA256: 91ac1846435bef5fafdf464e8b0cc14b13456e110d53a1a9e558bfe94d5e6dde
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\poweredpc.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\ohiostay.jpg.jpruu
binary
MD5: 84499dad2391132bbe78ed0b1212dd2d
SHA256: 24166816fd7ea918b26817b5afb18a8600258a743e1d539d6ae5aa30fcae9d32
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\ohiostay.jpg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\nothingdevice.rtf.jpruu
binary
MD5: 13cb5a5e246165be93484f5f0f72548a
SHA256: 1b75576a6e785add13dc1ca4ae84e57dd44a632d5b113a5ef93c4da40a6ef35b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\nothingdevice.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\normalhistorical.png.jpruu
binary
MD5: 54682cf749eb1ac7b384046e96ff120c
SHA256: ff368cc3b90298043a8cf3c6d80d72735d6529b33c1a42807a58f91a3061f2e2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\normalhistorical.png
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\mastertuesday.rtf.jpruu
binary
MD5: b73834830bfc8c8f0fd1a8d14adcee6d
SHA256: f4ab2a6adbf5b4274251399fab6d062d2888595c9a820dadfcce1fb09fbeab25
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\mastertuesday.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\certainlowest.rtf.jpruu
binary
MD5: 7d91b26e73618dec7689c6296639313f
SHA256: a1a45e56d828b405bd56a32531071fa97ede43cac8216ce40151d63d1cb2f600
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\certainlowest.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\batterybasis.rtf.jpruu
binary
MD5: b486932887e8a0bed3f120979382c1d3
SHA256: 4090ec2df477a78fdbfe2004ebc9788c883cc65e9705469768645027cd970cd6
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\batterybasis.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\africasets.rtf.jpruu
binary
MD5: 57557c3ca347f7efd0dd3e490a66842d
SHA256: a46cca9af8ca74fbb36bda2dab1bf446a2d8d78c986b1387c6e02391c12dac86
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\africasets.rtf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Desktop\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Contacts\admin.contact.jpruu
binary
MD5: e6d97368f878b38f2a2e6a0540803e7f
SHA256: 9ee6d65762a1f0be88b55c1d0f35bde8a4dcb780c6260966be99c0c077c0dda5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.jpruu
binary
MD5: 279af690dfab05ac8ba77deb9d407138
SHA256: 63bd0f0d0ca5fc94118d5f6f582144850182c6d5ce144802c0953f11371148b9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\Contacts\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.jpruu
binary
MD5: 30d3ca2a8fb2dcc70bd35c0c24496ac6
SHA256: 81b3a0c9d70e79b5e6347965081b46a8d1a9f2e7836c23c3782d4aa5fa858c3c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Sun\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Sun\Java\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\WinRAR\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.jpruu
binary
MD5: 1ffeb413d1af73fd210a7fcd50023c47
SHA256: dda03a08e6ba40601b02bbf758e3435407468ce3d50427997958495e070ba0e4
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.jpruu
binary
MD5: 15dc034214b49d45c69de3d2256b9cbe
SHA256: 761722c01fc8889d1e772120ace255b919ae5da79ca614ddac54450dbac34d13
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.jpruu
binary
MD5: f599b242debffb7f1b9265a337aa3234
SHA256: 24df22dd5064747190492fe107d9541c97e1d5075a793f855fe9e4ba8a4cd0f8
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.jpruu
binary
MD5: 626efc8ad490820cabccc64a07e9ac8b
SHA256: a9809764557dcacb91438f0467baddd3bc3a36b22386a33c4670d26e31292580
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.jpruu
binary
MD5: 15f8fa505ee1bf23d31efcb614942dfb
SHA256: 4efc26560c2caf590a61c08fb07cb1ed9a059be70b117a08e6481d291952cb7b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.jpruu
binary
MD5: dce99a2b6cdf96aef1fccebce1e9c132
SHA256: 50da8b7b6c53ab296af7fbd697a17502e63da1ba6efe94381720156b0de79d02
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\logs\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.jpruu
binary
MD5: 0de4d693c4dc03efd526cc3fa80986b2
SHA256: 0a6c150dd1ede916f74533a88b82dd4ba526dded1f10777b25d7d99cffa63fd2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.jpruu
binary
MD5: aa680a1e5071478bb72d9e3d85a2a799
SHA256: 15bd0b07d00c35857b6a6cd3be1f054fd5d4d006b5e11e0738d73e3014d43a32
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Skype\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.jpruu
binary
MD5: 0b22ea6377ba7bf37b07986f752dc8d9
SHA256: bf42025078b90e5509deb9957845cea4960598255ad5c8bb50d242ae7e3aaab8
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat.jpruu
binary
MD5: 6597fa96a635405fa4cd0dba7f0e20d3
SHA256: ba0f5186a2b8b0f00a25d58bc341fa06eae27ec47f53009ac8e7f6a970f9a884
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml.jpruu
binary
MD5: 42bffcbd313a5338aaec9accdb8b9008
SHA256: 1aa76cc452d1c8e909a95f6e2be92c5620996cbca4e37d1e0bafa1a1e52af3bc
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.jpruu
binary
MD5: d85ac48706960d68f3791c0d412a8abd
SHA256: ccb4021c1a53ad0a909f8c834068ef92875bf818a260c48010c33070180f52de
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.jpruu
binary
MD5: 802a041dffb57725ea27b6a3d14fafc6
SHA256: 8415b9ec13386a6b846fac9b9dab75eb81bf736c417533d38b5ad82cab35a391
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.jpruu
binary
MD5: edc99fa8e0d2f5bd5f92e41bf33b9c6d
SHA256: f125db3cca23868e1797512c7aae46fb80d7d46c28d92646b7618ffcc57a1c5e
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.jpruu
binary
MD5: f252c10bcfb87ab13bd8c71d0d022a22
SHA256: 95d62ecedc83946261991610a2d5847a779d62663c9f37e641fd0ce76737fd23
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.jpruu
binary
MD5: 1d75e68f6712a9b6605a94984e9224b2
SHA256: 0976a732bc9274fe08e57c9a15bb792c189d2a1a491ed205dd5a1f4988d20c95
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.jpruu
binary
MD5: 2f67756916f41cbc7070e5c7a021ab7e
SHA256: 003d41b6666e82f6305fae9f76e6385f17e10ca19e45d6ac046d84b647bbf6f1
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.jpruu
binary
MD5: 76a6562db75679d0e4c58e22b15f51df
SHA256: 138281cd886eba26ce171529aa00fee8cf4c52ad1c65899e5ca1222998661338
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.jpruu
binary
MD5: 43a97b0abacd710e9749162923698921
SHA256: 9239b1babf2a9d6decddcdd1eebb1a73763614255d10e69e7e6164907f8bfb9b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.jpruu
binary
MD5: fda6fcd4021ce809387297745843abcc
SHA256: 78127bc84c65c0c4bd9357bfd8af36446185fb5014a311f01a029eada17a37eb
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.jpruu
binary
MD5: ab5509fd1d5f73896772ce8c7b0280be
SHA256: 44d3820fa5f6b02c483fee68dff249ec5abe6614c2a93a4481578c7ee7f3cb43
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.jpruu
binary
MD5: 1254da5077b0ad51bb1034b1c849aae5
SHA256: 567ed01f9c2c6288bc7f71d1a7f8f61739c680bd166006218d46eb0786d4c8e7
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.jpruu
binary
MD5: b974ebcf69119357fe11c5ed1fe93ab6
SHA256: d166bd4b02521fafdd222c300c649b9d700cc29bde8f8b5802cedd94752c7fd9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.jpruu
binary
MD5: 16dc9015595901359ec37e9f8cfa9734
SHA256: 435d8f81ceecefb2127673838d81451a30947bbee0a4188b9c5a99a78188fd10
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.jpruu
binary
MD5: aa2700d5aa7653d563e01ccad2cf3e6d
SHA256: 7f3938b29de5dc36759c75c89c47503459cc53e9d24325b1b6fb75729025f7f5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.jpruu
binary
MD5: 196cc225e84efb03c443b3dcd1f3c6f0
SHA256: a5d28872e7327afb5db7efb4431ef985498cb204f2f459803fc3aaedaa4207ff
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.jpruu
binary
MD5: a6e3f9a34d4359a32485a4574c4fdc7b
SHA256: 839bca93c165b9c31372086a30a811eab892d525eac190d86e0a20a0e64997b5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.jpruu
binary
MD5: 0c343b534eb9785933311bc41e4b45f5
SHA256: 5dcc7f0a598623da5b2b476fa7da031641cd143fdeff2ff4891b42718633f8ee
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.jpruu
binary
MD5: ae82d18f330184a45e0e53504fa109c1
SHA256: 79ed06e7fc4f01c19d3a95943983e418fc7457be4b0bddb1525e69324a62789c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.jpruu
binary
MD5: 32f6604ca48b2ef03d7e9e292be2a6d7
SHA256: 076412a51bab79f7de3d6df9408bff3c3741d2415c970b5d1f133f6ddfc78d6d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.jpruu
binary
MD5: d7ab2004456004829633a6e8264710dc
SHA256: 57f27c19f053267d6f9a3f45ba6c85d3cd05403aed36891579ebebd8fe1c8b16
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.jpruu
binary
MD5: 03849d9249c5f57addf80c11ae675184
SHA256: dda991ff9394a59bb69c70f553a19e85bd53a794693091029f4da306641177fb
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.jpruu
binary
MD5: 947f79f0e370f42c03bd58dd3e470595
SHA256: 3fcae62b82e7fc7ca680a7bb8a28c56a50a2621a6f7d6a1681c59e46ea934d6e
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.jpruu
binary
MD5: dccb04e9f307737dd67c346415c9bc55
SHA256: 05584fc68591f750bcb2aaeeb0b7c67796bd518128f59305553f268a7fd0cc84
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.jpruu
binary
MD5: 6d73eea8ddc7c218a8d4633c7f146329
SHA256: cc2d16b8396a86133a7058b4c10fce6fc6e05503a7211e435776150e2409953c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.jpruu
binary
MD5: ee8add7282e3bed37baf9dd85114013c
SHA256: 406e74caf66869cab22aeb3318b0b46c7be34daf7202a5cef311a6dac63894d1
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.jpruu
binary
MD5: 19cae17a1fad4b0edf9471250a3aac78
SHA256: 7a8929dac070e2ee2a28ca2d33bef7244bae280f9c1782de6b3307a5dfcac24a
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.jpruu
binary
MD5: 1cb14e4d34419a72e19c0f004ec8d7a1
SHA256: 29aa871bdb04672bcb50708435d750a51d58b750528bd2fa3dcbaa08875f6d55
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.jpruu
binary
MD5: a9e4f2bb82618d20bcadab2a2f58d28b
SHA256: add4d82a4a094a8d26e70b129da870edbbeb4641c8c93cb8aaf0cd0bfd735e94
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.jpruu
binary
MD5: 10b2b29cbe7e3ec79074a3b54eef1b7f
SHA256: a8e9436f199834e6615e164715539dfbae3d5104fc6fec93e4ab867e3efbee49
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.jpruu
binary
MD5: 9ec7433e6b7fa1fbdcfc1b3822e89df4
SHA256: 2ed92a7776284bbdff90b04343ba0164da458bd254f0222710995810928c7260
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.jpruu
binary
MD5: 0b2ee7f358f8cc3414283cce6d047eef
SHA256: 315122330b3e9938e90bfdbd628ff866350ffb3ff5e6d54b13710d282df5b5ea
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat.jpruu
binary
MD5: 5ce275a7d9e0d48f91d0f16eaecfdeb6
SHA256: ccfdef86c2b72a15c5ec7712906ef6388a843d0d5778d17121e77f2c45469af5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat.jpruu
binary
MD5: 6c6a44579846ddd531d7b883f52c866f
SHA256: e64316f60c28b6eb9e4b4801d08fecee05fda18ee5d416533b625eb97f512457
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.jpruu
binary
MD5: d64e50f156a0c83ce9e2b006507db2d2
SHA256: 00e5e3da9a581f2dfe657e7c8b68d78756782dbf4944d7cf84b223dd3ad74e84
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.jpruu
binary
MD5: ac48db9cb5a1370ed02de699e2dba75b
SHA256: 10069e9c7da904256f031b8586369c21960e101526cc734fd442ea922d29586d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.jpruu
binary
MD5: feda58692102f6d351ee9b5795941f15
SHA256: 0367d724eea291dd596b9abab62b7c3e8cf8f1878d59c69ddea404bbb18c35ac
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.jpruu
binary
MD5: fab83f658d234e9ed13f3dcbeb80a2e6
SHA256: 5f0a60577649f35709ea21aa3ed502c385c940541895b0aebbcea98e306930ab
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.jpruu
binary
MD5: fc080b2418f2006712d388ef018fe608
SHA256: 556be8326e65c64ee3e77fab32580b99c7daa635e15059a0e40116c761506fd1
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.jpruu
binary
MD5: 31aad7bc8c42d691827a86841c92252d
SHA256: 5ec97e1bb6381ebb7798617247f5ea0c0c55e8641f2882ba4b4ef6ce2f91f076
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.jpruu
binary
MD5: ef0a70972ed17cb50c6660b92713da30
SHA256: 28e4988dfbaaaa1241b85044c4930969364b95da1c4b1ff0c038c33797a82ad2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.jpruu
binary
MD5: 740a6ff7ce62d62a2a629d22419346b0
SHA256: 967fbdb9fb46d2e2f2aa26ad51f4502a0c5acc953fc5119190ce185a79a8114b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.jpruu
binary
MD5: d343e317918a8463c20d36a68305dfcc
SHA256: ce4fe6adc9a6e5e75b9f01ff2420a394bc12c32cb6bf976bdd89fce2916b80dc
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.jpruu
binary
MD5: 61b8a29571c289b8af3bfd9cb6ce04c2
SHA256: 2d5203d2c1e5a77f5d36c6a915c5ae638df7a1df479d0bf096eb652dbd654d60
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.jpruu
binary
MD5: ea4ece076a15700a73d31b700e5e9b3b
SHA256: c6c7396c975ea34c1f9b9b0b6b40e8086dc64840836420e699d26a02c93886ef
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.jpruu
binary
MD5: 562ff20603f7811c7fde79fda2cc2436
SHA256: bc332096028a11606e6acc57c94905af8bde9249f53fd44b00f35fb94d3c522b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.jpruu
binary
MD5: 0725a8e15ef5004c9267b7648ec85071
SHA256: 8ed7ac494e005e6c25a69351bdb14470666de164f0acc19543bf7acaf247e568
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.jpruu
binary
MD5: 03294014b1e6ccc1679954453be91e25
SHA256: 7aef3bca02c4750e8249f2b1429b8cb1538779d741a6bec92f109551d5bf1e9b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.jpruu
binary
MD5: eecb0010e2b3821404204ff1bda9de9b
SHA256: b7ded564b28193afab4351061a4a757c8adbb097dfca5e4ae672f1984f8dc72f
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.jpruu
binary
MD5: ef25dd7b47fa6896a9f5eaf658c591a4
SHA256: 5e67cbbd16f1206bfade4e79d3190b6f6bf68c5ac8e1814c5b649d4514036734
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.jpruu
binary
MD5: 53ddf8a9d57a87e7d4eb2801bf4bb844
SHA256: ac3c902887e50a3bbed98417e2446db996a3d55069ed9fb346414953e7424fe3
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.jpruu
binary
MD5: 5367117d326920b70fe1dd5efccb1379
SHA256: 8c774a40a53b915e82af426a193d32aff817e5d0e7abc93f905d1b9519f26d74
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.jpruu
binary
MD5: 72c0ad2e4a06a307659ea2ea91a140d8
SHA256: c7a21c36e9a69ae28a02d0bb83c4e1f4a43846e4f11fe27a43d9f447da571a5c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.jpruu
binary
MD5: 402998dd381a81fb01c58c4757783e1a
SHA256: 1a68954a5ac39cba596b99a70372834f7d6a248c9ef6f2c691d6a06dfa9d7917
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.jpruu
binary
MD5: 6d1506b2606b299e34f3a4deb9618a39
SHA256: 6317a024218779f9ff8d521cb900680c16670b5f245d11f1e71cee273f183a46
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.jpruu
binary
MD5: e7ab48c28049123da07d9006c8937c31
SHA256: 20342702f84c2e26e508312e79cdeb897b07a01492761c0211afcda4166992ca
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.jpruu
binary
MD5: eb65920498906b546973363835d2a3c5
SHA256: 05ae97b72ca6c7c1ab57f50728957dd444640cf9ffa27225a1ce2befa8a95506
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.jpruu
binary
MD5: 177f3d3ebc38664c9f7375f367a540fb
SHA256: 7e7aecc5a38f6dce4960958c77d04a73b42144c2f83cc50b6f747fe90b33ba77
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.jpruu
binary
MD5: f609cf5947c4ffb75ff00f08b8717f39
SHA256: 4b642da1fcf656631738b2c6ba21d85fc4d806f176e55b785b3a95c9deaebd13
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.jpruu
binary
MD5: 6a5c699c5e3dc4f0e40e47459cdbc0e4
SHA256: 114b92f91f0b2bb5568cf4457ef782fa869da12a464d1059f0926095ecafe020
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.jpruu
binary
MD5: 81c4f189af09f5a1d8bbddeaef26a2f6
SHA256: 6c18639295c5411992d7c9b30f8f30858342fff6625a872b52f56da3002a7e73
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.jpruu
binary
MD5: c309f51aad45d9294fcf832326712199
SHA256: 6435fd6140c981d5a9882a0c75110e3d68cb1d921c477b51fb361edc99c1bf3e
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.jpruu
binary
MD5: 4be524ad02931c46f9b07e3de4360473
SHA256: 4168c183d4d31f474ca12c4a3e4b3a53fd6a8da942865d128c53d8487de92019
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.jpruu
binary
MD5: 14f7af03ae77249a7853954ddba6d9ad
SHA256: 69788953cc5a5c2ce2e57c6f26b0d93b1c87a943baa2b6dc3c2949a97ec23d2d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.jpruu
bs
MD5: d67a015a15c7df7fdb453cb537d240fb
SHA256: c792fbd3c7e5135aa9d61ef3be99df2d4d30f6554de1c389cb1ae13afdb013de
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.jpruu
binary
MD5: 757e2ee4f14c81ea6ed3c6b4b5c252f1
SHA256: 3d5892b26b39e240d80aef0143b269ea42f9bd72064b47210b8312ab73d7f390
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.jpruu
binary
MD5: fd0b9107a983a0a2ade72bf70cc8ccb4
SHA256: d3830cca805fc89ac85160b95f0d5f632afe81d2ee997e675ebce02970f37d81
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.jpruu
binary
MD5: baacc46bb797cd1f3eaef25e8711837c
SHA256: 4ed9c1d82d3634c8f4de25eee0917aedaf63eb4d497124fc74c0eacc5587bb0a
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.jpruu
binary
MD5: f6b64884457b6997840f42879518ca83
SHA256: 45cb1a9dae7a0a495c0b1bd06ad74476b5b49bad3745eb634dae13adcab16f9d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.jpruu
binary
MD5: 2592c62233fa7ddd097b2d4eb67e0398
SHA256: 9f435107bcb19dabe96934703031249c4aa0beba24515c9d7086bb5f72216445
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.jpruu
binary
MD5: fa70b1ffa3391b99fff391867c97b4de
SHA256: a03382bc48c85bda3ae09309b5d2651ec2b2f219b959aaf50812b8a16f299677
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.jpruu
binary
MD5: aba0d94b788b526f7dba66a76e0bd5f4
SHA256: d63df73bb7a255eb4681b953078368f5f0a667ddf112c126fa1b4153cd0155ea
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 15789154e49979880dc988dcf34302cb
SHA256: 1a8d67a61dcb459ded7d41f5c9c479258003214ebb179087fcba9f958d0f31fa
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.jpruu
binary
MD5: ca5e5eac6f3b28356ea6ccd97572ec39
SHA256: e76a514ac5f12bb3dddb67b6125a4b2ec12e66beb4142c54e1f0428058b0e913
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.jpruu
binary
MD5: 8b51bc14b87ee3cf0ef342a66edfad03
SHA256: 51e8b986a8ec5bdf3fe8b01107451bedf2432baacef901c5d4c41f216dcfb7ae
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.jpruu
binary
MD5: fa08a655bffb3819f62ba5f5ddc4dca0
SHA256: 6e5364be2d9dfbe0e516da3443b470d9491d4d94129b8fbcb3f8afa20c68b676
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.jpruu
binary
MD5: 8fff27f773979df0be654d1101411499
SHA256: 79448d5669a3cb419f922b0f57a9517a6477b83089cea459bd5fa0e0488eeae2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.jpruu
binary
MD5: 45be319e3cffae511ad3abb05036c59a
SHA256: e7f05932271e6c404e9a63d628d492f2044afb1f3ef9d2f73b80fb088af91b13
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.jpruu
binary
MD5: 3d0db498802701791f2a2d062dd937b0
SHA256: 67a276eb1887e459a8266f94890d86969312448b827a3d6e55f53f142b290923
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.jpruu
binary
MD5: f35a5b961f3bf433b3d01707413ab593
SHA256: 38b4017a228c3d3a1834231204ffc02ab10ebe2b82d12eadf400ed7bf1f93a09
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.jpruu
binary
MD5: a48950cf2b63f34637db6b7d4ccf5be1
SHA256: a13c2bb18c818b2d7d71d805359e950afb2f4fe6a6ec59308fb5a5774761cd56
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.jpruu
binary
MD5: cb927949e166e05a9a5b4d27cfacdd0a
SHA256: 0f08fa2bacb78cf849c16ae40fbc55c3ddcf8ee486be5c9b5663b56ee455f151
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.jpruu
binary
MD5: 97ed8fa15167668f34c4b9ba20b037e7
SHA256: 5102652d5f7fe65369d80ad11d173b20af8d1f3034966323457a23a58cfce925
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.jpruu
binary
MD5: 487cad72ac18791a801490799d2a5187
SHA256: cfe71413bea3f29c53c4941bbd56b252cd6c7c8edc2dfc888d9b9369035e47ad
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.jpruu
binary
MD5: 84f9ce14fc0c9f37bf311c2e3337952c
SHA256: 4fc2e7f43d6a742ad1eb518399affecef50da3eb7ca9ffb5bfb207b01cf61b45
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.jpruu
binary
MD5: 207bf9d90ac89cda85239313931d1f76
SHA256: d5861380da200d53e6dddcc2188df27ec944d85d92b72b326957f77b4655616c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.jpruu
binary
MD5: 8c53b2c65a1ecc313509318d05a4b4c9
SHA256: dcdf884fe482a5bd84524355dc29797f7792c34c492e3197c90c966eab1402de
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.jpruu
binary
MD5: 7fd442a364435ed913a4fecf95dd919e
SHA256: 6f181e9429f1abf1d216d90e6c1b2df5715e925acd62001946fb86cc48c365b2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.jpruu
binary
MD5: 124a55ccee957eeda7229cc281412fc6
SHA256: e919c5f1d768f735f75832e7e05ae2f6f083511324d85b9fbf38889215dd85f0
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.jpruu
binary
MD5: f63b13068fce4b965c98e0aebff88f37
SHA256: 1962fab7c11f38c0ebec0e49d8146ffa603ebb11ef61d81cc13e380f075c2cae
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.jpruu
binary
MD5: e0038e2772681a234a2903aa99f7a62d
SHA256: 2f7dd9b4679fff4e6b3a27cfa97f4ab07b7b596720a6d4c434f9577d36bd387e
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.jpruu
binary
MD5: 76095e55fddae3f25076395036674622
SHA256: ef206c170e98e2a6d985105e4f2a6f2e38739224a622d3895c4c55eb2ac032cb
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.jpruu
binary
MD5: e6a07080d13c9c22e991b8328b371838
SHA256: da78ec45d786e82d1c15bf1d167fa4e1245d40d4ca9ad3a4be0625dfc07512ce
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.jpruu
binary
MD5: d247434a7f4cd68ed2ec008bd4922b98
SHA256: dc09b3c015c285865edc919473582879a807fc07d301fb5668ed14ad3b3215f9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.jpruu
binary
MD5: 1debe8d98940c6c66354fdc5fcd03d55
SHA256: 2bcc1bf568d2da90b52cbc4811ad70e8638b8768627a793bcd5dae284f6bcaf4
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.jpruu
binary
MD5: 415f254d2043970cf89feb4ec1028041
SHA256: 6dfa82013b2232d0e0dbfef1a8bab06031b02143de90a877ddc6d7d0a63f5e45
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.jpruu
binary
MD5: 9c08cb6137b3ae42270199d94a4c0511
SHA256: c1ebdd6b91423e7b3349f501d2bf442655d241ef7f79f1ac97e58c2f0831d6d5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.jpruu
binary
MD5: a22ad366450e69753b313be6643c4248
SHA256: eafe33144427dea0bb9395d17685ad00f1eee579f1de0057f7fffff10e887a5f
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.jpruu
binary
MD5: 5bba730154507b9c8ca5edd56113131a
SHA256: a6d608955d750e3e4b564b71487fa65f2700b2efa91853953bab6dc89bdc79f8
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.jpruu
binary
MD5: d6a57678b7e7f458f89207af7a46c6a0
SHA256: 21e6086904c93c0aa6fdd69f67ed67e418aac9ebea11630f492564ef5e0f04c2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.jpruu
binary
MD5: 577a8dbac19723b24a90b5bd14217fe2
SHA256: bf1a929d719ac961dc0ef371e1e9b6b8532605645c58c609233f2f1281de83d7
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.jpruu
binary
MD5: 880ec4b9b97a30f05febd92a7f731b54
SHA256: 4c47d3f6e4895944a2664f192f90132b61f72f3556cd45afbf8d2bb8e5bcb6ba
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4.jpruu
binary
MD5: 09c5daea71faeadecd9c6183495340c7
SHA256: 6138a9cd8cadc54c020b2c1e83ddba1eea5fda067e3588fd9b263fa9b158bc10
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.jpruu
binary
MD5: 155b47386cfbaccc01c0cbab7416154b
SHA256: 875dc18bb9bcfe656fd9cc9ed0c3f9a1deb28fc50818a70231784987e394f8fa
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.jpruu
binary
MD5: 9bd9d99de69640bce43221d23b96f871
SHA256: 8d5659ef3931294c567befe5abdcc157f7bc6ad1cfa123e8e25808402c235a86
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4.jpruu
binary
MD5: 4af115b8eb10de1f89057455120a747f
SHA256: eed4dd00d0861ec8199025d7a1a7c0aa2731f5af160bcd15a763adadf5d7f463
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.jpruu
binary
MD5: a6276b231a2c0a6d73effdb7324edd01
SHA256: f87d3e797c84b876896a713942eb2953a7c777ec13022052fe57d711ec9983f6
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4.jpruu
prg
MD5: 1d0461bbdb55735fd590d86236d42231
SHA256: 542fd5e7a15187d138624a82c35dd6efe704c436f01fcc74b4f431e531bae69f
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4.jpruu
binary
MD5: 5ed2aaba480cd2583635e9fd1e2e6bac
SHA256: a95d5e2db26b6142603a86b47bf0fed15ebff5896c114a3caee1371a3585c6a3
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4.jpruu
mp3
MD5: c9a15218bc4c7fd56886fc5b7bc7bbef
SHA256: 61cacab5aa3d25a7b13bf70bff62215314f0a892efc2eaaffa0b801599cf74b9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4.jpruu
binary
MD5: 75ce29163390eed5bd5860c3be07b4a3
SHA256: dc653c919303604e2d100952264a7bf9075ea127b10d9a4612978e0dbfc7d6c1
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4.jpruu
binary
MD5: 2be9c0c3d3205a07dd3794df23b24bb6
SHA256: 7297dd553c2ed6a3b501f501e1461d69bfd51be8c991aedba3c3fa069b706ef1
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.jpruu
binary
MD5: 97fc9a6a0d72d672c92f3f7aaa23b8cf
SHA256: 98347222e05f18105fb3cc510b98c477703228b13fdfb65d7c18b659e11343f6
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4.jpruu
binary
MD5: 5fd764bfb1c3b9313a7b6affb79efc3b
SHA256: 8c736de4b081439b0d9a7490fa065cbe7e5db2667d65f82f43eed83e299873cf
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.jpruu
binary
MD5: 06b5b32d31b160fb8c13eb78058a5d4e
SHA256: f7008c76afb398702664a848bf7a225a0d0c4d9d5be74e2932be0789f34a6a70
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.jpruu
binary
MD5: c0bde583899af918850797fbdfed71e0
SHA256: fd46da9104fbc479279cf706f606633fa5e83a9fad89b444bff361a6021acc66
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.jpruu
binary
MD5: e1d772c127557c3a86e590286cb3627f
SHA256: e67f1a9f0571b7d9a151cba203366a25e0c611f42bdf5b0bc708e8b0cf343e3c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.jpruu
binary
MD5: 06c6a20d1fe9e97a1ef0a9b3c71f2c32
SHA256: c5037a7239c7d728b0ec1e21b70b141bfd94f6f11043a2e7accad4046fb337c4
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json.jpruu
binary
MD5: f99f9e38df72d6e62828bfa743f2f71c
SHA256: 399aa8782f5c30c20933dcb3a0d3b81bb9df0671f872e594d995f16da06edebd
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.jpruu
binary
MD5: f9f14273101d1e8cfff9c87621bc0a14
SHA256: 6b108b7e39c08518555626784d138589d4e8fdcf5f4a5c369432aabf10224b91
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.jpruu
binary
MD5: 35f0472e014086c04f282d85ebf7deb0
SHA256: df22d819bcc82173f280a9febe7a8de9de28a27b50c2828f504f1be5b77caf27
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json.jpruu
binary
MD5: 45b00fc9308908378505d41059e84c0c
SHA256: 8aa4b4daf81a13d4f28be44b14cb91ad4de0a5a6aea55fa83d5b09a8f41e2117
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.jpruu
binary
MD5: 5dfc8bb05b29ccee26c0644b944dc753
SHA256: f4b0a33e74f98f3aed892fc12b9d50e084fe1805f164bd606802e052f85a3ee3
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.jpruu
binary
MD5: 42815c07cd7268c4271714eceeca4cd7
SHA256: eaebbcc04987e4a83665f43be7221ae5459bbf064b27aa19fedb07f4747b1449
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.jpruu
binary
MD5: 26e9920cc5530ad81c0d85fd235ea1ec
SHA256: f0a780914e95a5a317ea6a4fa3fa19cae47d7e11577af65a96ff8290af5d1120
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.jpruu
binary
MD5: 5ecd8b19399cc06c855c18a79a2651df
SHA256: 16999f4187b753a605a18c3f1539150fbbf7ff58b565e3d8ba546ca4a9091fdc
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.jpruu
binary
MD5: 2977508dcedea75b03cf0647f8f95d9f
SHA256: 61ebf379827615c24d8c2314914f09701c06e5e823aa7efda42239d2d103e07d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.jpruu
binary
MD5: 0a7094aba2800aac912c3bb753b4e5e6
SHA256: 9630299e4e3efccea9a029541c8cb4cbee8a941151a1cdd67a530e7f730c2d64
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.jpruu
binary
MD5: 33e8f8d8c946bfc47f0b67ef80e4749d
SHA256: a529abb44dfebc506507d24c997f4f4b3fe9ef405c7f57e61ee8aa3ecb6965c1
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.jpruu
binary
MD5: ba3a6078aa2930bd19d84135a2f6084f
SHA256: c65c5186fca93e4e0464436e709c68ada2d1702b062c2cf490773ac2f701c773
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.jpruu
binary
MD5: 5ad2ef3e33758416f5045e39496c6b3e
SHA256: 7274ddf28351bb544054dc7103a9c4bd2c3c9bb7317337c3e1bc8fa21126ebb4
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.jpruu
binary
MD5: e1fcbceb8ab5d10b35bb2c0d4859bc92
SHA256: c28f37e5efcef73935414e3225f607d461ed8b9f8dfb6c0e79bd07eaecff98c3
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.jpruu
binary
MD5: eb79f81d4b6e9b89e9ebd2e530a5da9e
SHA256: 716a67ed2cd79ba58f24cef18f70fa351956a4c1f12fdc58bcc8694aba964756
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.jpruu
binary
MD5: 91b468bbd8e67a9f23a0b091893498d5
SHA256: 779f1eff65779b0ebfd30173a0632ce9b3809a3b6af4d977782710096045e876
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.jpruu
binary
MD5: 6b1427fe6bd11225fc38e71e33a3bbd2
SHA256: 2ed780b57754a6aef6a1cfcbe88cfdb7c930b63d1c5ec284704f369367c43389
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.jpruu
binary
MD5: c11d17cafabc73057c74559d04e573da
SHA256: 70d706e73de4a97e443adb62f1f4e721a471ffa2bcce20a7de82fec4cb71b478
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.jpruu
binary
MD5: 9df30443c10e386d38057b570795ba0f
SHA256: 6d593e6ecd723c7c59970e29c1749adf4686957db3960e07e4886d79ec291d8b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.jpruu
binary
MD5: 7a45824bb7f0aca0b0c92c27f7e0f715
SHA256: 7a2a96bb9b7d215fbae380eb1282fc2e8c93804649ff66becd673fc486bf46c9
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.jpruu
binary
MD5: 95a5a1869ae8e7f0fa978478f8ee7252
SHA256: 5e40d0ba9ce64f3d3014c44a6823428e0cbd940caede3faeb2eb97c3da3d5eae
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.jpruu
binary
MD5: d3155a4459cb37d1c043785bd190baea
SHA256: 09a6b5d3d55dcf289cc1a2d4e31d445dc25761a7c2d2a2ee62ec0758dd5ced69
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.jpruu
binary
MD5: f306a54231b76775476adee66eda44d7
SHA256: 6d71907d251317994d8b0eba3db9bc5cfffab3b95812252846dd606a5afaf0d3
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.jpruu
binary
MD5: aae9b526c863c614317432b0a535dd9f
SHA256: 5f985df51e2e5f952b95eb70fa25c1b98dc947dc8d1aad40de3153bc7bad3bfb
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.jpruu
binary
MD5: a91f75712bd3059be4454f4bd62fbf56
SHA256: c19d95cbe6e78ecd2e662c267c0d9b4540f5c92e49317c53a8175de87b287aad
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.jpruu
binary
MD5: ee90ba1a34ec4e50710b4070776e8961
SHA256: 50173e8ebd510b0b237ec6bdbbac844026835d004a391c722e9836eededff434
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.jpruu
binary
MD5: 33520332752a1aa7e3ebc195211cfd4f
SHA256: 1fd5d2df1550e2692e1876a8399bee0c43b166efbdf5fe247da370d652b9b838
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.jpruu
binary
MD5: 4b1a16db57e47d8a051ab894e8cb22f3
SHA256: ad78e905bd4b44010ba16e56d82926a260a43254d5f6a8834bf445206cb71b7d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.jpruu
binary
MD5: e8e16a93733e2c26be254b361fd2f437
SHA256: 4183104644da87b050e3a2bc65de4576081097c52dbe5f2f045b54ff69565a47
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.jpruu
binary
MD5: b163b74591958c78b93ec6e620e2f432
SHA256: 5dfba6d9dcdf21facbd2d5918df29a442bb5793ad0ee454b4ccbb73fd8bda449
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.jpruu
binary
MD5: fc64c56f7be51df54ddb51026b0743f8
SHA256: 36884ea4ef806215a0a7c8fea3b797b1674b269214e8d32bc222a1896ea98f46
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.jpruu
binary
MD5: 77c44c03a9fa46ff21fd50389c3fd76d
SHA256: d6306c8acdb3c11c64b92c9ff5ae129a159c177b25f61629b0b9e1331fed7059
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.jpruu
binary
MD5: 7d26a87adf0acce5b25975d74e8788d1
SHA256: 4d4a30d4dff65db14549e68bdbbb3a6507ba373b7ae79d080c1c01075c8b4526
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.jpruu
binary
MD5: 44adcfaccf3cf5bba2d6117bfec930ee
SHA256: bbf0ab18e55e9db909a2658245c501a7756c463a1f4bad175d91c6fe66a61c6b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.jpruu
binary
MD5: f643fd76a3f519f9161718a8bc27d907
SHA256: baeb65e5d94b8d17008a5ce1a681269ca8c81086d1a4ef8a847280372b13113b
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.jpruu
binary
MD5: b100941a5410601c90689316b2b88929
SHA256: 1ded296960b6e1440db8b38e526b311b24a4504f09c5750d37b02060d179e0b6
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.jpruu
binary
MD5: 023dcff461366f4d4d6f2cf0a1f150ac
SHA256: 85c80d7841029f158c5bb6d55df0f9ae5e93edc618c3fa1c1de86b4360a879e4
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.jpruu
binary
MD5: ae0377060542b0559e29c3bb571d0e2a
SHA256: 48c6709988a6e438f0f5ea52c23b8a546ee320446a0276f48530ec8c68806bbe
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.jpruu
binary
MD5: 7ae2ebce923584f366d50db7ba7b6d42
SHA256: 4f3b6d4e599112303f79e724627989b49007e2df2824ba7b2f68f513b943cd02
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.jpruu
binary
MD5: c01ace283baf1505f7240fe1f2b13d93
SHA256: 18203b8060034260f4a5f64d32cc9b9c235f6378f2097b672eae436c9f7d7a89
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.jpruu
binary
MD5: c4c88cf721829b300a41f03c5863b577
SHA256: 71f036e8498e9a8d1cea3fd437c89ae6dfd164668ebb4cee480127d74af795b2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.jpruu
binary
MD5: 10ea39cb2467bcbdb8c71e4bfd7bf236
SHA256: 2a5029e836b3b6524434f58e15ce7343171c1eddad9af12576f736630f1a23cc
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.jpruu
binary
MD5: 0cb34735981fe04e328ad9e3de9fe740
SHA256: ab713b3d0bee4d2d518c898dd8ced9fc32c7f983b8033f8d2787ea5645fd8202
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.jpruu
binary
MD5: d52bdff9788f6c8cb93ad087186b49e9
SHA256: 588d05ebbebc761d0f5a379ab01d6ecdadc52bf1cc24e776d34f1907e0702444
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.jpruu
binary
MD5: 26db5e5d24156dee75f9f86e880b555f
SHA256: 14841ccf3611be765918120db7506010bc0c3d24023ed034cbddd5b37f26ec78
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.jpruu
binary
MD5: 5dabd34537c95a9ea180a7296242e30d
SHA256: b79a839763a53cf229b653b7b3a0528402c894460fec3b9161389d377058ec54
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.jpruu
binary
MD5: c208e54d67427dc44f7d689b857e880e
SHA256: 908a49fa2831f16e17c3bf07348e7e3149538edb94c1c4f5ffe99c51d80a3d75
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.jpruu
binary
MD5: ac16ae6e61604205ac43749dc9d9eec0
SHA256: 8abea4f64da6d94b17dba7fd844d5f0d24ec1a81ecedcea9186dd2badf132349
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.jpruu
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.jpruu
binary
MD5: 0a2961324710d6ec7ae2be8e6b7137f2
SHA256: 4c963f436332616f2b55516c3a38cd57d8a5aad01a0d59117061685a1eae1f80
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.jpruu
binary
MD5: a9bfff5355d76d61ef66c5278edc07a6
SHA256: 2a3072e1421d40e4c7f59175250d3b689433605500a0e473829b42cd0c7b8acc
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.jpruu
binary
MD5: a4d0d5eea038df92c34bc58c5acd91de
SHA256: 8143079be6213d331db8d0fa4913823eabc1984ee5b872a7c67ed114b387881d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.jpruu
binary
MD5: da3aef576982a130e447082a0c4861e2
SHA256: ad9d366f8c614a61c4304c225fd2f23ee5137cba2d882d0c60c3441a7bc00eb7
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.jpruu
binary
MD5: 9b049065c723e370b8d024b0ddc6a009
SHA256: e11ae18d4bcc4d3765b92e061331ee97f1c774fde9db5ded043214ffbc59d954
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.jpruu
binary
MD5: bb1ee35a3c92a07ed0751166cd8cc610
SHA256: 193a9039895ddbdd8ca9bf081e8ac0cd636bbd32d451de816ee3f2580655e6d7
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.jpruu
binary
MD5: 84a48c4da3ed1167c1906f384d702104
SHA256: 467f0082649c06cc642e3271b9ea3416f81cfff6444db50890f182e56beda39f
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.jpruu
binary
MD5: a1bc388575b05ebbf264a8d6a6ddaf53
SHA256: e3c9c9c7b1a26c82196d72ca3c8b52b6c41cefd958a679c791a9d5e9c9457c75
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.jpruu
binary
MD5: 6cc71bf33b41793dde938a34d31c1278
SHA256: 7c519388f5e2eac10a24d9625c34fd41d1b2a898aadd381f2aab8292e0e561da
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.jpruu
binary
MD5: bad315882360318cdddc8064cfe1aa0f
SHA256: fd7435255873055f8c081a29bbcd2be991e10c41e130a8b8db56e4641e15e4ee
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.jpruu
binary
MD5: ae95fe8e8e92191175df9c4fbb8fbd07
SHA256: 44a28ea854723e741c9f3782f1efff8fda2c55febd56503d9108021e33a3d10d
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.jpruu
binary
MD5: 253d65efe8c70fe5e6d5983876afda5d
SHA256: c1848c9de4de32592cdd80f898884402dbd51003bb09bae37f7ded28593ba7d7
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.jpruu
binary
MD5: e2f2a1b6de2330c4d26e62d6186c04f5
SHA256: b2efea9e41031a341cac7f43befe431e39fe1352be4b9798a30825cd2d1befbe
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.jpruu
binary
MD5: 235aee4defedee56c1689fbe2d5fb492
SHA256: ad054efe99251a5759bd46bb9d12e93bbeff90990479955db53fda4a0ddc3246
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.jpruu
binary
MD5: 6233379fb679d9a2947e987f011ebef3
SHA256: 645d2c1272c30748195276ae35976bb79a3c569ea81e1299ab6a1dc499c2cf38
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.jpruu
binary
MD5: 81ffa21ca1f0a2b2f11238695e588a87
SHA256: 082c837b9a92f39f1b3f7edd3e4e2feccbc97259f752f7706d2ab909147f2921
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.jpruu
binary
MD5: 768377560d5500842ce4f0f05a31e0e4
SHA256: 04cabaf6040aa59d7f203b90aab120c6d499c76f6fcebcfbbfb43d1474f6c036
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.jpruu
binary
MD5: 58537753ed1ba466610c6d0bebfee761
SHA256: 5f6f3f6740614ceca476508c855e40b306cc5382c14b8b0db4a373e9f7f33033
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.jpruu
binary
MD5: cd4f86914b641d74a092149244515e69
SHA256: 7b73dce1649efd259a5abbd3de6daddec10fd375d652e1ebd2c9786f8c596e49
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.jpruu
binary
MD5: 711f35b176a35b5766a7999ceade4919
SHA256: 23ef59fc59bb49132df9009cab9e6b28e6a0fbc110bdb023abcc3ec5413c5a22
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.jpruu
binary
MD5: 62adcc7a948b4bb619ad1e0970e868d5
SHA256: 0a1ff780d59cb3a12b72f0cf7627450eceb36dee1de3f4d25375b2bc28f503e5
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.jpruu
binary
MD5: acb1cd67d52c22bbb297e118dda50f64
SHA256: 7e6077d9c6367b405b660894c1edb2ed168fe6a321fe8017d617b71723710f95
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Identities\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.jpruu
binary
MD5: 23a4aa08b4c9bfe2f8bcbf9c339247db
SHA256: 590d96b01e2f4a53127426579a5823677e7de3eb0559064ad81ff5abd75d05ea
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.jpruu
binary
MD5: b0342eb36fb8da8017075db04a1d6c63
SHA256: 17c09e92b254fbaa7ed034aff24c346c4537fa9f9328dc3fcda6d09ed7d720c2
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.jpruu
binary
MD5: 1f1e0651dacbe9eaf63242df34a2aa67
SHA256: ab11838639965ec2e67960c4f5740ced70e2b1ad13e5959e12fcf8a60849bc58
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.jpruu
binary
MD5: 187452fece1dcb5d57378fd777b4f626
SHA256: a77a1279124d752297de0eed3682c9883a8bfdd7e1ddd0d05640f4921671b7ae
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\FileZilla\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.jpruu
binary
MD5: 543b81008256f3aaa29ce171eb4afcde
SHA256: 144297dbab5660b67a0b0cc59d6f603bde4509ba4360c5e9764c6a56de7412ee
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.jpruu
binary
MD5: 59da2488ec46990a5aeeb289bde6bfac
SHA256: 1cd12b6622198e7d941423991df4fb8ba932d04667a1031ba47179af122c03dd
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.jpruu
binary
MD5: a3e4ac5b8a85c280e6a91dd59b196127
SHA256: 37d226c23ba116ddd31b62e5b0a6c8a182e99d6afec20b2cf2e39373228b0565
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.jpruu
binary
MD5: 1c9d989ea4be2b82f3cd2cb3a1e631bd
SHA256: 94c404d9847ac03c5a1159729ba814288f8f137182b019b83d2ba4d062eb2b7e
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.jpruu
binary
MD5: 50a0bd857f8bbed0be68cd5e7af9aae5
SHA256: 5ab6967193940e43585fd5b26f1d5afcabde56b2ab78efe24aecd928f62d5fdb
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.jpruu
binary
MD5: 814c62ae335ee3bdd48ea215fd6a85a9
SHA256: 90741444361567ed547d15a0a5b67bbf9f2853010a02044314b3f4de6e8a6dd0
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.jpruu
binary
MD5: 3f93e701198adb64bd8bbc8b27683618
SHA256: 8962a6e2b992db9d9b9bd349d47662733ab23a032e0a4b6bbf2c9b4f9e95b4c3
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.jpruu
binary
MD5: 1546dabb745ccfd3ff627e8763a98a8a
SHA256: b7af6fa216ff81b8c508a8d75a13eb4046c56d4c3a6b7e5fcfdc98f4f73323eb
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.jpruu
binary
MD5: ffee45e36fecace43e13be0a96dcc783
SHA256: 0a7d213b98bb5db03522d7a5a5c1fcb619facfc9b086f03c796088eed2b7c944
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.jpruu
binary
MD5: 206585bd14eaccbdea2f4bbc4dc33002
SHA256: e63c456a016f1cebbbd0afc2543c5a7b250c7dac9d5437dcc844e0ffe7bc300c
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\.oracle_jre_usage\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.jpruu
binary
MD5: b8366caa9821801cc731c8887eba579c
SHA256: c1b43ac9b698360882b5ab59b7571b8e70edffbcb4ab1dee0d97aa34b7fb46ac
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\Adobe\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\AppData\Roaming\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
2044
Gandcrab_5.0.4.exe
C:\Users\admin\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302
2044
Gandcrab_5.0.4.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\JPRUU-DECRYPT.txt
text
MD5: d383157fb6cbbbb1df251e9eea67a225
SHA256: 04d2c9eafca52c4a074614db10eb818fae9c26163c8925bc2798572815d6d302

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
53
TCP/UDP connections
63
DNS requests
35
Threats
11

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2044 Gandcrab_5.0.4.exe GET 302 217.160.0.234:80 http://www.billerimpex.com/ DE
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 52.29.192.136:80 http://www.macartegrise.eu/ DE
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 52.29.192.136:80 http://www.macartegrise.eu/includes/images/daruke.bmp DE
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET 500 178.33.233.202:80 http://www.poketeg.com/ FR
html
malicious
2044 Gandcrab_5.0.4.exe POST 500 178.33.233.202:80 http://www.poketeg.com/content/pictures/hekafuam.gif FR
text
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 92.53.96.201:80 http://perovaphoto.ru/ RU
––
––
malicious
2044 Gandcrab_5.0.4.exe POST 404 92.53.96.201:80 http://perovaphoto.ru/data/images/soes.bmp RU
text
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 87.236.16.31:80 http://asl-company.ru/ RU
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 87.236.16.31:80 http://asl-company.ru/data/pics/kedathzu.gif RU
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET 403 77.104.171.238:80 http://www.fabbfoundation.gm/ US
html
malicious
2044 Gandcrab_5.0.4.exe POST 403 77.104.171.238:80 http://www.fabbfoundation.gm/news/assets/momofumo.bmp US
text
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 146.66.72.87:80 http://www.perfectfunnelblueprint.com/ US
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 146.66.72.87:80 http://www.perfectfunnelblueprint.com/uploads/images/mokeam.gif US
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET –– 69.73.180.151:80 http://www.wash-wear.com/ US
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 69.73.180.151:80 http://www.wash-wear.com/content/graphic/medadaeshe.gif US
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET –– 87.236.16.60:80 http://pp-panda74.ru/ RU
––
––
malicious
2044 Gandcrab_5.0.4.exe POST 404 87.236.16.60:80 http://pp-panda74.ru/includes/pics/amammoka.gif RU
text
html
malicious
2044 Gandcrab_5.0.4.exe GET 200 173.247.242.133:80 http://cevent.net/ US
html
malicious
2044 Gandcrab_5.0.4.exe POST 404 173.247.242.133:80 http://cevent.net/static/images/amkaim.jpg US
text
text
malicious
2044 Gandcrab_5.0.4.exe GET 500 188.165.53.185:80 http://alem.be/ FR
html
malicious
2044 Gandcrab_5.0.4.exe POST 500 188.165.53.185:80 http://alem.be/uploads/imgs/ruso.png FR
text
html
malicious
2044 Gandcrab_5.0.4.exe GET 302 107.178.113.162:80 http://boatshowradio.com/ US
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 188.64.184.90:80 http://dna-cp.com/ GB
––
––
whitelisted
2044 Gandcrab_5.0.4.exe GET 403 213.186.33.3:80 http://acbt.fr/ FR
html
malicious
2044 Gandcrab_5.0.4.exe POST 403 213.186.33.3:80 http://acbt.fr/news/images/ruru.png FR
text
html
malicious
2044 Gandcrab_5.0.4.exe GET 200 50.87.58.165:80 http://wpakademi.com/ US
html
malicious
2044 Gandcrab_5.0.4.exe POST 404 50.87.58.165:80 http://wpakademi.com/includes/pictures/soamda.png US
text
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 80.77.123.23:80 http://www.cakav.hu/ HU
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 80.77.123.23:80 http://www.cakav.hu/uploads/pics/kesoam.gif HU
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET –– 178.238.37.162:80 http://www.mimid.cz/ CZ
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 178.238.37.162:80 http://www.mimid.cz/wp-content/images/kefuimfufu.jpg CZ
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET 302 223.26.62.72:80 http://6chen.cn/ HK
––
––
malicious
2044 Gandcrab_5.0.4.exe GET 200 205.185.216.10:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2044 Gandcrab_5.0.4.exe GET 423 77.104.144.25:80 http://oceanlinen.com/ US
html
malicious
2044 Gandcrab_5.0.4.exe POST 423 77.104.144.25:80 http://oceanlinen.com/wp-content/graphic/hehezu.png US
text
html
malicious
2044 Gandcrab_5.0.4.exe GET 200 191.252.51.37:80 http://tommarmores.com.br/ BR
––
––
whitelisted
2044 Gandcrab_5.0.4.exe POST 302 191.252.51.37:80 http://tommarmores.com.br/data/tmp/imkake.bmp BR
text
html
whitelisted
2044 Gandcrab_5.0.4.exe GET 200 104.28.30.160:80 http://nesten.dk/ US
html
malicious
2044 Gandcrab_5.0.4.exe POST 404 104.28.30.160:80 http://nesten.dk/data/imgs/heim.gif US
text
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 202.43.45.181:80 http://www.n2plus.co.th/ TH
––
––
malicious
2044 Gandcrab_5.0.4.exe POST 404 202.43.45.181:80 http://www.n2plus.co.th/static/assets/seesfuam.png TH
text
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 87.236.16.41:80 http://koloritplus.ru/ RU
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 87.236.16.41:80 http://koloritplus.ru/includes/assets/rueszusehe.gif RU
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET –– 103.27.238.31:80 http://h5s.vn/ VN
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 103.27.238.31:80 http://h5s.vn/data/pics/thka.png VN
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET 302 89.252.187.72:80 http://marketisleri.com/ TR
––
––
malicious
2044 Gandcrab_5.0.4.exe GET 200 179.188.11.34:80 http://www.toflyaviacao.com.br/ BR
text
malicious
2044 Gandcrab_5.0.4.exe POST 404 179.188.11.34:80 http://www.toflyaviacao.com.br/includes/tmp/ththhe.png BR
text
xml
malicious
2044 Gandcrab_5.0.4.exe GET –– 64.90.42.166:80 http://www.rment.in/ US
––
––
malicious
2044 Gandcrab_5.0.4.exe POST –– 64.90.42.166:80 http://www.rment.in/includes/assets/fusokeke.jpg US
text
––
––
malicious
2044 Gandcrab_5.0.4.exe GET 404 213.186.33.19:80 http://www.lagouttedelixir.com/ FR
html
malicious
2044 Gandcrab_5.0.4.exe POST 404 213.186.33.19:80 http://www.lagouttedelixir.com/content/image/thmefude.bmp FR
text
html
malicious
2044 Gandcrab_5.0.4.exe GET –– 50.63.202.69:80 http://www.krishnagrp.com/ US
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2044 Gandcrab_5.0.4.exe 217.160.0.234:80 1&1 Internet SE DE malicious
2044 Gandcrab_5.0.4.exe 217.160.0.234:443 1&1 Internet SE DE malicious
2044 Gandcrab_5.0.4.exe 52.29.192.136:80 Amazon.com, Inc. DE whitelisted
2044 Gandcrab_5.0.4.exe 178.33.233.202:80 OVH SAS FR suspicious
2044 Gandcrab_5.0.4.exe 92.53.96.201:80 TimeWeb Ltd. RU malicious
2044 Gandcrab_5.0.4.exe 87.236.16.31:80 Beget Ltd RU malicious
2044 Gandcrab_5.0.4.exe 77.104.171.238:80 SoftLayer Technologies Inc. US malicious
2044 Gandcrab_5.0.4.exe 146.66.72.87:80 US malicious
2044 Gandcrab_5.0.4.exe 69.73.180.151:80 Global Net Access, LLC US malicious
2044 Gandcrab_5.0.4.exe 87.236.16.60:80 Beget Ltd RU malicious
2044 Gandcrab_5.0.4.exe 173.247.242.133:80 InMotion Hosting, Inc. US suspicious
2044 Gandcrab_5.0.4.exe 188.165.53.185:80 OVH SAS FR malicious
2044 Gandcrab_5.0.4.exe 107.178.113.162:80 Input Output Flood LLC US suspicious
2044 Gandcrab_5.0.4.exe 107.178.113.162:443 Input Output Flood LLC US suspicious
2044 Gandcrab_5.0.4.exe 188.64.184.90:80 Paul David Hughes trading as Hosting Systems GB malicious
2044 Gandcrab_5.0.4.exe 188.64.184.90:443 Paul David Hughes trading as Hosting Systems GB malicious
2044 Gandcrab_5.0.4.exe 213.186.33.3:80 OVH SAS FR malicious
2044 Gandcrab_5.0.4.exe 50.87.58.165:80 Unified Layer US malicious
2044 Gandcrab_5.0.4.exe 80.77.123.23:80 DoclerWeb Kft. HU suspicious
2044 Gandcrab_5.0.4.exe 178.238.37.162:80 Master Internet s.r.o. CZ malicious
2044 Gandcrab_5.0.4.exe 223.26.62.72:80 Sun Network (Hong Kong) Limited - HongKong Backbone HK suspicious
2044 Gandcrab_5.0.4.exe 223.26.62.72:443 Sun Network (Hong Kong) Limited - HongKong Backbone HK suspicious
2044 Gandcrab_5.0.4.exe 205.185.216.10:80 Highwinds Network Group, Inc. US whitelisted
2044 Gandcrab_5.0.4.exe 77.104.144.25:80 SingleHop, Inc. US suspicious
2044 Gandcrab_5.0.4.exe 191.252.51.37:80 Locaweb Serviços de Internet S/A BR suspicious
2044 Gandcrab_5.0.4.exe 104.28.30.160:80 Cloudflare Inc US shared
2044 Gandcrab_5.0.4.exe 202.43.45.181:80 Internet Solution & Service Provider Co., Ltd TH malicious
2044 Gandcrab_5.0.4.exe 87.236.16.41:80 Beget Ltd RU suspicious
2044 Gandcrab_5.0.4.exe 103.27.238.31:80 Long Van System Solution JSC VN suspicious
2044 Gandcrab_5.0.4.exe 89.252.187.72:80 Radore Veri Merkezi Hizmetleri A.S. TR malicious
2044 Gandcrab_5.0.4.exe 89.252.187.72:443 Radore Veri Merkezi Hizmetleri A.S. TR malicious
2044 Gandcrab_5.0.4.exe 179.188.11.34:80 Locaweb Serviços de Internet S/A BR malicious
2044 Gandcrab_5.0.4.exe 64.90.42.166:80 New Dream Network, LLC US malicious
2044 Gandcrab_5.0.4.exe 213.186.33.19:80 OVH SAS FR malicious
2044 Gandcrab_5.0.4.exe 50.63.202.69:80 GoDaddy.com, LLC US malicious
2044 Gandcrab_5.0.4.exe 50.63.202.69:443 GoDaddy.com, LLC US malicious

DNS requests

Domain IP Reputation
www.billerimpex.com 217.160.0.234
malicious
www.macartegrise.eu 52.29.192.136
malicious
www.poketeg.com 178.33.233.202
malicious
perovaphoto.ru 92.53.96.201
malicious
asl-company.ru 87.236.16.31
malicious
www.fabbfoundation.gm 77.104.171.238
malicious
www.perfectfunnelblueprint.com 146.66.72.87
malicious
www.wash-wear.com 69.73.180.151
malicious
pp-panda74.ru 87.236.16.60
malicious
cevent.net 173.247.242.133
malicious
alem.be 188.165.53.185
malicious
bellytobabyphotographyseattle.com No response unknown
boatshowradio.com 107.178.113.162
malicious
dna-cp.com 188.64.184.90
whitelisted
acbt.fr 213.186.33.3
malicious
wpakademi.com 50.87.58.165
malicious
www.cakav.hu 80.77.123.23
malicious
www.mimid.cz 178.238.37.162
malicious
6chen.cn 223.26.62.72
malicious
www.download.windowsupdate.com 205.185.216.10
205.185.216.10
205.185.216.42
205.185.216.10
whitelisted
goodapd.website No response unknown
oceanlinen.com 77.104.144.25
malicious
tommarmores.com.br 191.252.51.37
whitelisted
topstockexpert.su No response suspicious
nesten.dk 104.28.30.160
104.28.31.160
malicious
zaeba.co.uk No response unknown
www.n2plus.co.th 202.43.45.181
malicious
koloritplus.ru 87.236.16.41
malicious
h5s.vn 103.27.238.31
malicious
marketisleri.com 89.252.187.72
malicious
www.toflyaviacao.com.br 179.188.11.34
malicious
www.rment.in 64.90.42.166
malicious
www.lagouttedelixir.com 213.186.33.19
malicious
www.krishnagrp.com 50.63.202.69
malicious

Threats

PID Process Class Message
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
2044 Gandcrab_5.0.4.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)

Debug output strings

No debug info.