General Info

File name

gandcrab 4.1.2

Full analysis
https://app.any.run/tasks/6e2d8339-83c7-4b62-b339-2a80eac9b6ed
Verdict
Malicious activity
Analysis date
5/15/2019, 18:17:20
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

0301296543c91492d49847ae636857a4

SHA1

147731983582c2196c304d1e6453cb2d26920756

SHA256

ce093ffa19f020a2b73719f653b5e0423df28ef1d59035d55e99154a85c5c668

SSDEEP

3072:+MyjfYtI0Tu1tOGd1SfOZw5IhQT6CgrQp0My:+jQnKOI4z5Iet0My

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Actions looks like stealing of personal data
  • gandcrab 4.1.2.exe (PID: 3372)
GandCrab keys found
  • gandcrab 4.1.2.exe (PID: 3372)
Connects to CnC server
  • gandcrab 4.1.2.exe (PID: 3372)
Deletes shadow copies
  • gandcrab 4.1.2.exe (PID: 3372)
Dropped file may contain instructions of ransomware
  • gandcrab 4.1.2.exe (PID: 3372)
Renames files like Ransomware
  • gandcrab 4.1.2.exe (PID: 3372)
Writes file to Word startup folder
  • gandcrab 4.1.2.exe (PID: 3372)
GANDCRAB detected
  • gandcrab 4.1.2.exe (PID: 3372)
  • gandcrab 4.1.2.exe (PID: 3372)
Creates files in the program directory
  • gandcrab 4.1.2.exe (PID: 3372)
Creates files like Ransomware instruction
  • gandcrab 4.1.2.exe (PID: 3372)
Reads the cookies of Mozilla Firefox
  • gandcrab 4.1.2.exe (PID: 3372)
Creates files in the user directory
  • gandcrab 4.1.2.exe (PID: 3372)
Dropped object may contain TOR URL's
  • gandcrab 4.1.2.exe (PID: 3372)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:07:13 18:48:14+02:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
53248
InitializedDataSize:
77824
UninitializedDataSize:
null
EntryPoint:
0x2f0d
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
13-Jul-2018 16:48:14
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
13-Jul-2018 16:48:14
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000CFF4 0x0000D000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.68988
.rdata 0x0000E000 0x00005BF6 0x00005C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.5011
.data 0x00014000 0x0000C154 0x0000A400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.0134
.rsrc 0x00021000 0x000001E0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.71768
.reloc 0x00022000 0x00000F28 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.49428
Resources
1

Imports
    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    SHELL32.dll

    MPR.dll

    WININET.dll

Exports

    No exports.

Screenshots

Processes

Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #GANDCRAB gandcrab 4.1.2.exe wmic.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3372
CMD
"C:\Users\admin\AppData\Local\Temp\gandcrab 4.1.2.exe"
Path
C:\Users\admin\AppData\Local\Temp\gandcrab 4.1.2.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\gandcrab 4.1.2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe

PID
2492
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
No indicators
Parent process
gandcrab 4.1.2.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147749908
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

Registry activity

Total events
119
Read events
89
Write events
30
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
EnableFileTracing
0
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
EnableConsoleTracing
0
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
FileTracingMask
4294901760
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
ConsoleTracingMask
4294901760
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
MaxFileSize
1048576
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
FileDirectory
%windir%\tracing
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
EnableFileTracing
0
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
EnableConsoleTracing
0
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
FileTracingMask
4294901760
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
ConsoleTracingMask
4294901760
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
MaxFileSize
1048576
3372
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
FileDirectory
%windir%\tracing
3372
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3372
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3372
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3372
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3372
gandcrab 4.1.2.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3372
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
public
0602000000A40000525341310008000001000100A1F44CC975C1215B0E9F91C0143BBBBDA3005966BF09C74D63B1FC0AF5D93EAA370C1D97DECE305EB6722B6F65A9C614EBF8BA3222ED8719023D5D74C8534C51C67E3FB479E2EB525D33CC05FE70F4A43BC876545C536F3BDCC4D0212A0EC134E8B2523ED711302CC565A938618A1F6E0558F31EB2A40CE10963D14E237B17760EF8ABAC74394D986D8BA21D1924A1C43BAC57005DA36B6633FF57EA1139333F3EFAA9BC463317B9A41582F8F013706772D2C6C2D6CBDE9743D4EA28B61FABBB90E7CB195B755C82C47ECD61FA892FA97DEB996092763E75FD23AE7D9D252BD1DAE6A230349D1E66F762EF58C89DA0BCEB3DC0B7E56B195B67A2EE8A06C8FAC0
3372
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
private
94040000C1E39247F48ECD5A7341634DEB253BE834832CD30F8984710FE56689B8F814E70AD331D1E55F25B4FD2DF422945E0889F4938F54A0B5E84E971DEBA25D66DE8B3B6BF0CDC339989A5EE89560DBB5F37A513B1F6AFD942DB8BF3DD82471E3B9AA3CCDB130AC28383EE7365787A78798530F8B356F821E2958B6282AB93AFA48DDCBE9025F0C55F8B553A4479B96B92EDB01CEA9445593E8D292CEA7173FE48381505EE385E6D7A67624222C89FD17B29263454CB7B1DE346120468C07B669B8B9FF3EC87744EC686A9676B69D9897824217E4334812C041DFEC0CD8C8D2CDC7B4C2FB6E7F70D68201BEB510D9562A2F9B03094D6CB04622807C69836A5A9A5A36B7D033DAF96A01D104EEB8D72AEB1DDD4A174A58C204DD00E66C0BDD48918FDFD3405F6749375675D907251DD8BB8888D9389D97EEB7CA7F33C4D59A1DA4211A85DBFBD99D13EEE9ADC30F9C613EA732880698DB3F2182C0E03FB461147ABE24101E1B3DDFB5870CFDEB969BFA33B9530BE9E46FAF1E7A417DC304F498DB1834A65BFE0AE357120DF74E9AD3C1B48A02CEE348AA5729F462A1CF708475E500EB3821BDD364FA964F61E55BC2E993456363E245D7A048F411FB8F04C90BE4CBE794A382D18DB8F495302AC0580EB715F2B1F4DC520665AF9276D48CFF4B9F2E54DFA1D2BB6BF59E8A05A443634920D947C33C5B185D92E4D7E0B8B51FDE8BA45267DBA1AC4346866ACF3E91412C80ED46C5F1DA69BBC9D20020697F9C3BB45B2D5D8238FB1B26DAB81D41E9EA28FCD7562EBA07AEE58EC3A00D5863BB6E57FE59A34A5505C6EDD0B501577C1EF239948509FF0079EA810C0202F11AE07E66E52CD6F0C0372C27A24056DFFA3C09232F9D46EB7A3D50B4346C97767AA61C9F3F18CBDA54D3D4FC2031F617C8B8ADF5732654D2B78E70A5F929534CF7D2BF1E232BCC240B8AFA7DF040D2D3F0EA08D230048E230F2CAAF18B3D4E9D1F64D4205F8C0DEBD6241A911650E4AD379FD81059E3A7434E7CDCD7230B87AB90356DBB4E551463C6AD7587EF55F6FBE6C6130B795F31EF4E89A6416D7CBA8F68C06384277985B4A941D42F15BF27C2841DD5E23A6EA4815FA30062B937C9813A3B71BE66F06F462E4D927327EFEF6C3770B4907F67509C05EBC1E37ADE6346CC43FBE3C12147E2450C27639D9D11786C6512D765BC7A153A95C617B4624EDECABED91565EC3A9B332780800556BEDFF6B51444FB74862A2C306570F0C32A26B7DD2D3EEF2DB1D84786073A4E799FDC86B2D12FF0730C712861C8AAB31803ECD6972DC129698E0217D224A9782014DF7D949B6D5957D9BC2FFFE326A266B2A14D4ADC5026D436A9941397D9A44B1F2B091DC92FD63BC3A41834B50EFEDB600D6B0953A770F36AF218C933E9E88C8687F69E5E3A67E6DECB6E93D9F079FA25140C57D3382080100402003E256430094475DAD7B92EE90EF2D84CB18C5EEE442E50FC6E6A00B05BCB4500BB011740933D627C40CCD038156A08E5EC6645B9586A4154E595FA9D187C71E758F334BFF37084957853955BDE5926B1A48DAD6499E81CF4C720B9AE85B252554C7AF6CDA1FCD2403EBDFEA8CF1334F50F823BF92116C9346E8C20FE69260A068863DFD08A5BC1B62A450F885B3F8F11E5A1254755B64F52BBC45AAF3134C89DBF5EE521DD67115DAB543FB835BD315C05DEF97A874B8B4901F5B201CB9CC56BBEF3679343BE68F02FE905B4B10ED13E87225890B508A3D0E559948F15D2BCCA78FB99071C6FC3D677BEFA0CA115B48BE0C4DD8CC686D61B3D2E585236428E064D85805B33D431BCF216C71E185DB30D1B3684A7974F42807D28BCDED3D26A1EB6B52CB94EBFD1E1A0C0A0B8FABD7F48523BFBE8774A1796CC971C46DE3BDF9A11C6B9898E32E8C62B2D530AFB040696F0914E24CB849AB45BD4789562E3AD971197C8306FFFA645A56936584CB75F1B6986108747FB9E78B27FEAA67FF9DCAE42519ADA3E7657DAE6B3223FB47234508375C1486605BA155C00023279EC615567689E7562757E298DA7EE9B17A81DD9E828598965BF4E9F561B8463A35B65C68963E2B2822DE2FCF13237CF670589823E875235A49E0120ABFEBAEA4B6BD3FE35F1FC640287B5BED3B8D877C3981F05480404B0E1E9DFF64B0261B14B3C4F2FFDA081669385C311C3200EC10E58184BC15A6493E6C8596FBE181E2638EF81DD664A8FD207014D2FDD60042D4D49040B4B1CC247C4C2A02E02F2B7DEBE1BDBB45AD324B80293C927EA64D83F48DAB9EA0774B18EF0F747ACF19CF8C5C33DE24418E082F0BDC48773ED1130AA4BCC516C500B07D76B1A0F6B2E6F49CA59D82590F9A697C19C9FA659001BD19D96473D0A

Files activity

Executable files
0
Suspicious files
271
Text files
205
Unknown types
7

Dropped files

PID
Process
Filename
Type
3372
gandcrab 4.1.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Videos\Sample Videos\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.KRAB
binary
MD5: d6a99d729e3113cbfa5dcb3bc1caf4a4
SHA256: d4b070f065846318fc764312eba7739051d37abd056ebb60144f1b2e4c4f7266
3372
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\Sample Media\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.KRAB
binary
MD5: cfc308c31a08455542e0c951e87cd398
SHA256: 3af0517b7c73afd502810a4331198f4329b545122b1049237220c5309aba6427
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.KRAB
binary
MD5: 39393cd5dbcefb92f813057e730a0640
SHA256: d9b503d44cb58bb179309feb06b59ec851733b95cd06fa8224c1728a1008e045
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.KRAB
binary
MD5: 473ec552f3c14d81fe56869d2cd6f1be
SHA256: 9c35da1fdde513a068d74727b0dfbd43f25734f89c036579545ec6046f04d6a3
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.KRAB
binary
MD5: 158003299c8bdb24ac71269c7b8780bd
SHA256: d957b8fa41ce27a047bf28e8ee4ab5730c577931ba6b9739d3a4e739279f7f51
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.KRAB
binary
MD5: cb97ca3920194fc5c2ee44bda16b6d5c
SHA256: 51491b37881a8af750205a4f3b335061980b43adc62af433d96dc3b091090f89
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.KRAB
binary
MD5: fad4d543d4e495e3686235d00f722821
SHA256: e663348d1546d283a191f2462a1941af6e75b7d7fce1b8664636a0d74b1f6e3e
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.KRAB
binary
MD5: c2e46f9e041cd651b2991cfe3516829d
SHA256: 2a9e7e9797bbd278fbb801ad13a32e2c704609724e5a41fae884c808781fcb7e
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.KRAB
binary
MD5: ed14140db95efbd966cb446fd477467f
SHA256: ae87be891bfb588e311c1db5c2816926e20b362d59494ff4a34dd22ffefd30ca
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Music\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Videos\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Downloads\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Libraries\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.KRAB
binary
MD5: d50ba03a35bb856f91c4131dba260b1f
SHA256: d477142289c039b8a27e4e3167977b9b4c701818747c49d8621129909d27c788
3372
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Favorites\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\Public\Documents\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\Public\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.KRAB
binary
MD5: 841fe5fbe75fc722b997773ae08bd48d
SHA256: 2972b6be20865ebacb4bf600c7a57a0379f08ab1c5a23bb03652e1d42027bf97
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.KRAB
binary
MD5: b8750d9beb935b0ecd945502c4af229d
SHA256: 851e3a8efda1d515b2af842f85dac0ed75135791f59a005adbcbcaed780246fa
3372
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Saved Games\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\seanature.jpg.KRAB
binary
MD5: d158e8eca1a00d99c5f5d0c0a08073ae
SHA256: 6ee1c9be6a422798e6c049e3af197394120e3f8995eb69f9be0ab279c1e45b20
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Searches\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\lordallowed.jpg.KRAB
binary
MD5: b2bee087f1ace8a4a895f50569e70b05
SHA256: 1956debd6d6d86062e0e6542f878ea0f4e7cb5a4c21f5b55a65f71c4864c4263
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\nakedsince.jpg.KRAB
binary
MD5: 9f5f62773f73e40467d7c5f47f148800
SHA256: b68243ca07fbd9f7847200370fa15c6a1a509137ba432d81329c79aba48f1d6e
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\termaccessories.png.KRAB
binary
MD5: d65472d1036d61c943c8ece0df28ed75
SHA256: dc1ac1902eb584c4328d8875b1df3b8a0de2f592ed29c79893b2351ab263e1c3
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\nakedsince.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\termaccessories.png
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\lordallowed.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\seanature.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\ntuser.ini.KRAB
binary
MD5: 153c026776e2b357f5c4225966d477ee
SHA256: b5ea3cb28a12574a74046006300ed2a357e030ab22f75c9ca4e7330d309d16ad
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\actualtech.jpg.KRAB
binary
MD5: aee452692553b4a34b5136124c9ae9d2
SHA256: 01f4e8cbb2831dae355120416b5a535bd8c3488e4497b813ebce070f572dffe2
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\actualtech.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.KRAB
binary
MD5: 297bca5de43cc1745e0785e44cec495a
SHA256: 686a30cfcc6682cda166e605786a768156573f2762bdbea45760ab03de75d4b6
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.KRAB
binary
MD5: 0bede05459a31946d50c21e238b870c6
SHA256: 4cdbaf4c4287f9662fa103552239625858310f4aa7af8f0bd9f37fa5902069dd
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.KRAB
binary
MD5: b2090598409604d2f3514b065b785fae
SHA256: 009db48499c3e8a7b575b974a41605810774f7fc083da104b6a3db5ccfa7aa3a
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.KRAB
binary
MD5: 568e27e46bd4c5a309cdfe93e9013025
SHA256: 873af9ab7d34c5ca714ac05e3a3d16de745fe9b20039b56e305537df1e60aced
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.KRAB
binary
MD5: ef35cf55e2149d9cd2375286abca3a7f
SHA256: e9b9f567a269a0582afa184df93091995c11dfca4f12fb65cb0a2ae850047210
3372
gandcrab 4.1.2.exe
C:\Users\admin\Links\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.KRAB
binary
MD5: 48ee26c68ccf75da4452577c4abe2bca
SHA256: 5823f5ebe902c74b5f7048dce938aff54365ff68b0afc9e53ab475f240daa8dd
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.KRAB
binary
MD5: ed8458a6ef08796d28d241922b29f80b
SHA256: 0c730b9d0367db2db5bc9c4b685a02b4b242498f21842dcae5c677954720c021
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.KRAB
binary
MD5: 8bf8ec692cca7e34427bf8a3f7f4b60a
SHA256: af79fb9905e0e9133e1e77940ebf9acdd3f0c474e89c3ffccd2820ca3231d06d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.KRAB
ini
MD5: 5e30144a651c2cce54330c6e79ec48d8
SHA256: b81c8ae93f477832e548b1395e84ec629ae7daf81c3b515897ee70474c5a55cd
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.KRAB
binary
MD5: 363a26eb7caec1e9cd5b4c06616cc593
SHA256: 8fa61fb7ccf269615df3e69b4dd7106dcc24b382521c60ffaacc204516d2a175
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.KRAB
binary
MD5: 94e503872cddc0cfe6945ad1d2dc79d9
SHA256: 027ea203e99ace0e701f84dbe419180db1eb63b47741b36a6426a0ab7a0c8114
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.KRAB
vc
MD5: 0a944b79a14e3911c6c0316f7a81404d
SHA256: da98481c52274199c6c4134d32f0d6da23ffa09c90375bb0a6b371e5d753a460
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.KRAB
binary
MD5: 5d8fbc4914e275df84e395e6eca69395
SHA256: 3dd2b3ba48bc40d60f9eb80bc8dc0dc35bf260e4a8d9134d20bf3ffc8a09b1b2
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.KRAB
ini
MD5: 04b3b5f199c953ce2fe604464a56540a
SHA256: ce48c2718f903836c58167490570892518c793cf3fa2e0962262a7ee597732a4
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.KRAB
binary
MD5: 88d509abc0d74ae61a003b9f1ff55b50
SHA256: e9684f20d4899d5d4158bda3f051c0afd75fb139f6ff72ddfdfa9e905f07ef6e
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.KRAB
binary
MD5: 987ea26f74818b54cd036b2ac9a63fda
SHA256: cd2a5c7cac1be7249345d88b95e1a7f54715c6829184fda0aa14523b370f0c2b
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.KRAB
binary
MD5: 0361109f9c9ccd91575b8aeb97f0508a
SHA256: 711dadb7f48bad78090331293c5ad0a0da5658a8221469615c2f6160c52fc574
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\usahistorical.jpg.KRAB
binary
MD5: 4c139450474397e20f8b9cf98e5e0876
SHA256: 4d7a2ae529529cb3871a6f5beb990a2a09fead84a85c147d2185a22619cafdd8
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.KRAB
binary
MD5: 330b36f9b332c9897007bce53b22faa7
SHA256: 239031c7dde47b19d072eaf435cea3bcab765ad23241c2624845cbd79eb0fada
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.KRAB
binary
MD5: 46a492804914b8737b1aae8c79d4344c
SHA256: c29f4cb8735e45bdeaba767d0c7895facc73ee7430ed1677fd69c9b255ee4fa8
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\usahistorical.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\releasedregular.png.KRAB
binary
MD5: 3859dab9c2fad0127029deb45212af24
SHA256: a3f3da9eb54c11fc600ee70dcb3a6a9d63e259befb554b1bf73ee6b4a63ca2f8
3372
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\giftsound.jpg.KRAB
binary
MD5: 387ee394cbe73331fe27e182035e2ed7
SHA256: f13301161ec9003609aab5a3f717b75e8c3f4ea34e0bec58ae5bee486fdfb1f7
3372
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\releasedregular.png
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\giftsound.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\suchnext.rtf.KRAB
vc
MD5: 28ea4ff508f408719cd12b07b10b54d0
SHA256: eefa1b46bc6f6a7ff292214b23219912c4fe2ad21363eb7d16e6ea8f928cc206
3372
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\suchnext.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\programmestore.rtf.KRAB
mp3
MD5: df0f1edcbbcabac6d9773fd0b7739de3
SHA256: 43ad62188d29d1bb8163137f876f20c5639e5cd3eedbfc121b60032be02adefe
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\programmestore.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.KRAB
binary
MD5: 4e5912e6c9e49c3165520cde698a4a4b
SHA256: 8cfd9ecca06651d07c72535581c7c7dfbef7e7c16012d777982e07e2b2fe0138
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.KRAB
binary
MD5: 4efba4a219ad7c3c1a3398d3592f15a9
SHA256: caebea28018ff256251d2c1fd24b77ecb0167775d48a1391d747ed108f1cef1e
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: a29632f0c6275fbbdee98ead279fd391
SHA256: f64ee35b6eade9de3c6712429c7ab2478e5735e0188e237b2fdaceaaf69e4244
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.KRAB
binary
MD5: 25b632b61fc43bb512e5939f137e8e22
SHA256: dcd496cb8e6425821be9cf1201a574a9835183c857eb2804f76675f7377976cc
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.KRAB
binary
MD5: d6d4c7e0e60b5d68f3697613fe8d95af
SHA256: 616c57a98b54b53f6808bf88c0c0faae3e3bbc45cda94bd3349ba1782239e554
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.KRAB
binary
MD5: f7abf92059130b17980088c06cf73ffc
SHA256: c3fe338dabc12731d52ba399f275a874f8e781be35a7bcb1bcd4f2ac83962f3c
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.KRAB
binary
MD5: a251ce27d33c6b883a922dd8d59d891a
SHA256: 9a9044ae80dc928fb0a822c7e83c677d076786f424287334d9f20a75ae5eb7b9
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.KRAB
binary
MD5: 50e83e4f3888575121e8f8851d73916b
SHA256: 7df62b40a323dd00da985b9325de1bed5c05d9391b8d786c31d7a5bede2054af
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Videos\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\motherfar.rtf.KRAB
binary
MD5: 0a58a7d0621f8b7b4cb290ec0cb12a93
SHA256: de0f3d829591c2d413e6d13a2e21c714c65cc3f30c01f068e56f96ae94a6d0e1
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\lostmilf.rtf.KRAB
binary
MD5: bb589659c97198de87227e5362fb5808
SHA256: 0a77813f9bef1477d62cc09721350adb151ca2fbb9f8dd15b56273fc54836a23
3372
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Music\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\lostmilf.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Documents\motherfar.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\relationshipemergency.png.KRAB
binary
MD5: 62548b108bd9e755b76933c54ebfa8f0
SHA256: 18919708b74ebb0906734970f786bd500dbdad37af302d93fe369e33e12382a9
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ladministration.jpg.KRAB
binary
MD5: 7d49673145047a6b77c7e36eeb85a2b0
SHA256: bd3b60c5256fef31017ecb6ef90ef1214ee45da406d2f86cee5038261360b80e
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\meetingmini.rtf.KRAB
binary
MD5: e46fcf21f10cf3bf8bb1688758b0f74f
SHA256: 6c749399dc921eac0b51b396b040861a3b8d3d7b0b6b664e0099ae7ec9f05dec
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\impactcould.rtf.KRAB
binary
MD5: 442602d4b7407311a5e77330d417e9a5
SHA256: 98aad35dd782ef6b81634a5edb3ad2446616ec159738ac48b0c15f11b7847bd0
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\lettersexpress.png.KRAB
binary
MD5: 4de83c0258a906a02f054dc2f68514aa
SHA256: 6c5a132ae3ff0ebea4e9e3dbdd32924d6350e054cf313692fc9bf2d4eefb036a
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ladministration.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\impactcould.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\relationshipemergency.png
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\meetingmini.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\lettersexpress.png
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\edagain.jpg.KRAB
binary
MD5: 67a838cfa374c39f781261999341caa2
SHA256: 8633c6c6aa3ef043816d3a726450d15af9575d996f4252a3e2d44dbf2e8d6243
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ideasforums.jpg.KRAB
binary
MD5: afc26473e547a9c4b1fa36731f94ceb5
SHA256: 051135fadfbc0340547b8791d46a40d9aa9cd3e62942dbd9a35982918ff396da
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\employeefashion.png.KRAB
binary
MD5: 2c476741e9ad23e708c4d3fe750a0b2d
SHA256: 3e53077367121168d1a2b58229bc17762c0d446711ff8319ac01eb876456c2e6
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\housethread.rtf.KRAB
binary
MD5: 94034f7ff2c34430ec259780b94a6f55
SHA256: eaec7de11e9ab3f6ac1448b673c87664a0f145a9d2b975335aee638b7d36734c
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\employeefashion.png
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ideasforums.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\housethread.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Contacts\admin.contact.KRAB
binary
MD5: ea067a3446ca2894d63737c913507cf2
SHA256: 2eedfc9f7b29e17d559ddde92061a1d8dbb32b8b74c106b9ae9c0339963abfb2
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\answeri.png.KRAB
binary
MD5: b77fe2f5505f9be859353d35a48d49eb
SHA256: 3ea481453fd02007ef68da7caa9773d2cbe012b1da98e6edde54c1abbbb10165
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\datingsociety.rtf.KRAB
binary
MD5: e4a93e3560b3e4be7232c668e30bb4e7
SHA256: 2a5d2665e6804de723abc66ec175b6dc97b43f344f293a955b69eb60a411b264
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\applyf.rtf.KRAB
binary
MD5: 69c286478fcb740dbb489b526f96d65e
SHA256: 4d7ff890dea0f2495caee148612654d8b92c8a5cff3cc5faa5e4f6fe2def1b3b
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\datingsociety.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\edagain.jpg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\answeri.png
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\applyf.rtf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.KRAB
binary
MD5: c50f5c19d6f46cebf2edb271ba9f916a
SHA256: 9d7b1b2c4e6e7b95befc194c214a4bec677d48f4b13a41232d26e598d067899f
3372
gandcrab 4.1.2.exe
C:\Users\admin\Contacts\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Sun\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.KRAB
binary
MD5: a36860f4ae2adbdf94e8337f98ec95d9
SHA256: 200ecf7bf324fe3fafdd396e40a423c991f4c1b2d2224aff81f08e0618faec0a
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.KRAB
binary
MD5: 6b4fdb0d124bdac97400e282e305ca4a
SHA256: 16692375291a6fa14ce7d1a39ee1adc8fd3e9f91c3a0d92e90fd9395de95766e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.KRAB
binary
MD5: dc722cc95eb42544dc5eff175853160e
SHA256: 4beb298e8fc6dfa26bb1befde6d4c38c0089b91b99230babb45938b73eb168b5
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.KRAB
binary
MD5: aae9fa92c724b3ef1c36eaaaa3749c06
SHA256: 30e6f0ee256d0502d8f4f85376d2056859906e1acbff13e4eda58c5a6c9f7630
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.KRAB
binary
MD5: 60381b19000f2ae57473eb163c3fa011
SHA256: e98b6fbe53611ff859453edf57df8be35ddc4eb60aca55c2d5f00c2425e11639
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.KRAB
binary
MD5: 26a0077f1f0969858a5c0875a271312f
SHA256: 07e48278989b8ff64e903fff975f86aa5a9e9a3d8aefa9d74f1df3a2fa7fc597
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.KRAB
binary
MD5: a6d16e3d3fc8490df34d8e3390a3d79e
SHA256: 8a06ada41f714485f872683ed0633ddf311807eb48ab13c003c88a1a267bf0f9
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\logs\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.KRAB
binary
MD5: 16d0de5cb31f79f8c4383b97da6dfde9
SHA256: d4b85ffdf7ed5f2da85c92d2cda1cda71df2e2e83ce755c921b7213fb5ef866d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.KRAB
binary
MD5: 36df2d709af125f169b11c9982c01910
SHA256: 20574da6d46d2fdb1ddee5f213869edb518178cfaffbb47dc74d051b1478f2e8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.KRAB
binary
MD5: 27a73ffb0d46bddf3e52a4b94bb6cf69
SHA256: 91607a70428da92ece7b1b1fe6dad13f8a69d37f3f5f25d2dffb7151d99d0ea1
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.KRAB
binary
MD5: 3ab92d9212c91568d12f5cd94468bae8
SHA256: 6fbaa355ef87587cbbede4081de8ef82563c8e07dd13afa2153d2d90640d73c6
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.KRAB
binary
MD5: cc687d4c94f7a032b102b3c1d81391ab
SHA256: 93e219f6824a1f3e94a998c99bee46db4064d7e6d8e9090ffc840c941927fbef
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.KRAB
binary
MD5: 51d10a46bf9bb93e3d230f9faf5c7f26
SHA256: 4c1d6a8f8cc96314f6856a9bde3f422d5d4a416dd2132bb3498d75ed9b4afbbe
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.KRAB
binary
MD5: c971ddf7bd338d298c384c271c6269b2
SHA256: cf93c30ab3caa7ffe59db2f4639176d843383ad1b78d91f4be70fe18303b5645
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.KRAB
binary
MD5: 612f1efddd361f94589a33e280409715
SHA256: cd388ee5f3317cb3632ab07dea177179f63a30989741dc89e17c5db01a9910d0
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.KRAB
binary
MD5: b90c39bd0cb496c1809b82a0dfef17f1
SHA256: e11e31970f689ef5e8a0d4a05242323a121fff6ebba406db29e198a011a55607
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.KRAB
binary
MD5: bf2918c146d8d7a071c7faa8e9ec35f0
SHA256: d47d006ea5ecfc2dcbe0aef3db0a6c865e0970b0618ef71e688e25698f850a95
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.KRAB
binary
MD5: 802770a0ac85efe8d8cb4725424b68b5
SHA256: 5e3bb4b02164d6aeca7f380582ec9f5c358dbd812e057dc48cc7c28f4dc31bf8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.KRAB
binary
MD5: 2dc0d3c7e64f972da6132e25c3392096
SHA256: 67ad57fead1a910dd2e05c6fce00e69990ba1ee2664c7c3622b5f41dbca7d711
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.KRAB
binary
MD5: fe492cc1d8d9f96ae78b834bb77673ed
SHA256: 7f85c85b848f7bb6ca437427c3587ebeb8b0b6ac94d509b1f11cf261673a3f1e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.KRAB
binary
MD5: 197cae0c312dc4598ef1ed01c220debe
SHA256: b06947a00dbbad92eabc3323f8d39a218a1f34e4cc8feccbd5d285005122f04d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.KRAB
binary
MD5: 14d3f28f80033eb722a623d2f870ccf0
SHA256: c38aac0b5310908174e885c588a52e384e8712bbc1a24ba2a78dcd4f45014c70
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.KRAB
binary
MD5: 508b1a73c0bf94ad8f962c984f59964d
SHA256: 13dfd415db38318c0af965f9fd685b3fd22f10f486f50335018f0da1e73bc227
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.KRAB
binary
MD5: c55a2c6591b231fe3fe687b23d1d06ce
SHA256: 57c0bb143bae375543281c878571f67e31e4037226dd4695b07eea61305e2506
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.KRAB
binary
MD5: 1132b75f14d394517bbe83d2a88a3972
SHA256: dd58cfaf6eb7e523d0cf7fbaa1af810b331367c9a6152d6b5f6d04d478a523e8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.KRAB
binary
MD5: 2079fe9882613715b9aeb106967f061d
SHA256: f54fd8f3a4eec22f53bcc97f99382c6e562a3c54e762fad250734f72e6498e1d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.KRAB
binary
MD5: 89c2d52e7b3e0047bbac77b8dbf2e3b8
SHA256: 0790b0aa42bdfa6926a5bc8221ef548c9503f82b944f32aa6ad881dad0eb233f
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.KRAB
binary
MD5: 9bb75a533afa3ca30f17a8b32e7dba7b
SHA256: 06813b44b24e549a8555438036a333da775af61f51bbe8993f7d721167437027
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.KRAB
binary
MD5: 4546bbd604444dcb210a20a59602a987
SHA256: f4c0e9ef9b6259135ebf348d64146290ad2ab6f5b1e35877436535f1c7bc05fb
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.KRAB
binary
MD5: b29974823b04edf131ca8a1884a86977
SHA256: e048f63b0731987d2a1acaaa529e12bcabfde4e419c3d5a3042ed843682cd236
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.KRAB
binary
MD5: 0044f6f69e4e4965c55f517eba0cb05c
SHA256: 4e14c616b7f1a66fa0238e480d6101f0542f840e1ce945a6b01bc03336382d30
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.KRAB
flc
MD5: d08424f1ed752c358f0312ecceca76b9
SHA256: 27ef24ab85be1823d867968a26246019595eff6f20ba7faaf1b03fac0bfb7d3b
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.KRAB
binary
MD5: 266e11a092c1486fc9f12fd083c094d9
SHA256: 8668d8937c4aa8248780d45be7603913a11cd730e061b310602d9d82df29acac
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.KRAB
binary
MD5: 37b862a35d62e71b526269e9073db246
SHA256: fed82e099836eb63e10800259bd6e322b53c02fc12780d6384be6bbe38800941
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.KRAB
binary
MD5: aa3e63beaaa8953217a860a7bdda2142
SHA256: f99f44cc171215f6ab64d5a2b6f10bbdfc698b9e7717a5ba98536ab426ea0e19
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.KRAB
binary
MD5: 55f40cea6f3cffc1d315a905daa6c3c8
SHA256: 85857381cc7825bae97025dbc47a5aec339fc7ed7f5ae4aae1dd3951ee8f2ae4
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.KRAB
binary
MD5: 0eb2ef762584c359bb37ff526235c69f
SHA256: 448ac9f4451339d3f6cc9af3ea5906c70e15504af3f33c13c146c58401d63a16
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.KRAB
binary
MD5: 23e671ee6504bafe65a3a48a632a4fba
SHA256: 4bd2c72cdd03f94620736ca4ba490e2f4316417e084723b0fc4fe83187ab4868
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.KRAB
binary
MD5: 79faf10f224ccc35dd519c8e62a1ed45
SHA256: e2ed66fb21fafce80f9e7e2e3629198f29c777b56df000bb9c1dcc40c08c2f55
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.KRAB
binary
MD5: 1824fcaf9c65d1ed503df54289088ab7
SHA256: 8babace41c569907b8d2d3315c985ee34257ba1f6b295da85fcce1c729efea22
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.KRAB
binary
MD5: 43d18a291d1cd007dfdcefdc5ee767c5
SHA256: 53ec6900fa56c199af4b2bb534db1f2bfa5fb5559eb5f9854a07ff7e658355b6
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.KRAB
binary
MD5: b6568b8aec8a53cf976bfe349e037983
SHA256: 74d6b1534e82cb72ef291cb8648756711e93ef7d151d772f8d55771a30c28225
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.KRAB
binary
MD5: 581d281fd6f857375022e2b485db21e2
SHA256: 268e25595ee6e79ee66f80f27d41b6f787753eb670942cff05b2cd3e05dd7f41
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.KRAB
binary
MD5: ad3605837511229cbc2faaecc6477c35
SHA256: bc5149fd85220bf9e2a9c6fccf36fe317962383dc930889a092f4d34d3b07fcb
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.KRAB
binary
MD5: 8463ec873a4371bb9653bae3db2b767d
SHA256: 6165f290933ccd88ae009159ef9c6881db721a9b5fc516545aefcb2f2d89d59f
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.KRAB
binary
MD5: 181c09728e9ebabfc7c1f0f285967494
SHA256: cf333d6740b9374cb659836a5b3308c26800851b73e47920813e6b83c9248e51
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.KRAB
binary
MD5: bd1fd4e3a76020ee82b4c1785bc599ff
SHA256: f3003b265346b27ba31008a30bb8f5d2d5be73ebe5931a745d0d5228fb5a4ca8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.KRAB
binary
MD5: 49fa00757618e3f12c25e4e81b2793f5
SHA256: a051fc5c3cfda3df699768e573137caac27a947c1265370d0b6b1bc1350dc057
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.KRAB
vc
MD5: 40af6aa20f3c3305613123b2af2b3c54
SHA256: 105b0a0999c768e6ce09e3ed9b11df8ce4ff79c47e57600df6630c7e917ad2fe
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.KRAB
binary
MD5: f990d90bb5ab5adec0a0fc8ae49e1114
SHA256: 4873aa1a636d96633dbdaa29fb46daef51773dd11d8e856db70faf809b761608
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.KRAB
binary
MD5: bdfaf3af457b6381027c1529a6c9d12f
SHA256: 674e90a4830f9193422446cd10788d8e0635b47d9ebcc2f77ffac14408e9fb9d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.KRAB
binary
MD5: 0367d8f3a2a9e36824daaa49df5ede94
SHA256: a27d61e572edbaea63e81cf3c2bc392a41bdabf6005e6a887b0d758c60292597
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.KRAB
binary
MD5: b056135b2e718d8691b19ce75f323a36
SHA256: 1e7a383438f6754348baf0c11583625b29a4cb75e9cafe38a02a52b6dc5ab8de
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.KRAB
binary
MD5: 8aee4d90fbe2f8c1e8745b254059b02e
SHA256: ce19ac3a070c4b4d44786bc810f234231b1dae38eba1f04dc8d427d5c1743d0e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.KRAB
binary
MD5: 961b0b4903b65b791954a0de9a62791d
SHA256: fa34a2177d2d459a71f4d67a7411f2fb894f7eded35c460c71e8691cf3162573
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.KRAB
binary
MD5: 457a95cf02c3c194e04976b67107601a
SHA256: 5abb23af6f4416f3a6f8a24873b232ebed985ebdf11a25e8f4a15b750f0ba8a8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.KRAB
binary
MD5: 0293397fd9e6c508ac914ae1088c7abd
SHA256: c9fbb95d366b5e16d08f9ba5290c6b5f2ae22333ca44c38399e6049dc60e6a2b
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.KRAB
binary
MD5: 5e44ed828de69b4a6b5da51da333146b
SHA256: f7433d5b773ad30064f3b685072717ac41cb9fafec5be878b35770586494ec2f
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.KRAB
binary
MD5: 5c65397fe06ba5a3beb6f402b9c4105a
SHA256: 453b391d42815d314c4703e4fcaeb44796ff9037a712bc77993143fb673b75a5
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.KRAB
binary
MD5: 37ac7db5109a730c7bf4ac12b3593ed9
SHA256: f4bf65e580d4e9345614c60f170c000ae0fee81340ab87191aafea7b8a3659e2
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.KRAB
binary
MD5: 43557b4f1e0f41d6eb1a2ff62b05c869
SHA256: 6e5830b8d843494d993eaae142bc267e4785bd202c9a660b8487d6570619b26b
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.KRAB
binary
MD5: 62b002ad03f82f6d38314900758343ac
SHA256: 25f6691e536d4bd687708e48241fb4c870346c6964efb39be83ed8eff488dad8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.KRAB
binary
MD5: a628d595029a564b8a98390a159c17e0
SHA256: 36dbcc406469a171af24b08ea9a1a3724d4f88ac6f459d006b124412cffcfb71
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.KRAB
binary
MD5: 6bb4c8a80880611edaaedcdd72ff0ecd
SHA256: 6b7090e927ea977a084fdeccded6623e908623972f39567a24af200e72a847e6
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.KRAB
binary
MD5: 2dc9622d6d101e4c15d694e7e655e002
SHA256: 0cfabd42c65d1466eed016f61aca33fe1c98875148a99158103995718cd27147
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.KRAB
binary
MD5: a21f9885b6aefbb1d1b83ede5f34c190
SHA256: 6a8bb51c141c730b74d5524d93ce27efbbf54143a568197b7dc6982985b62e46
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.KRAB
binary
MD5: 16c1a0f6e2f8c724dd0fff1a34201b21
SHA256: 6f713d6cc545a3071e5ff587f2cc16f79a99fd9731378d80cbeefddee66f9154
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.KRAB
binary
MD5: 4d9edfc1ef0aa89e68f7391fc3c785c2
SHA256: 714f434090933d59823018e03c1ca484bb3b125dc917a184884d242d7a9ece65
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.KRAB
binary
MD5: f12e74ec2ee26c4f7012c8ecd01b7738
SHA256: 115a09eb0231d1cd526c598eb61475a8f8094fcac525c4b842abff264970f539
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.KRAB
binary
MD5: 2c3e7636fa3bffd55053306fafc46616
SHA256: 6074efe233284c07a361695ba43cb9e54d6d717d52c2a5cbf8154cff16dd6498
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.KRAB
binary
MD5: b5266c8b5d2ddd500e035740158c0310
SHA256: 7d74eb3bc702141872d779d293b7392a085d8b2a89179045019a3b6096969805
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.KRAB
binary
MD5: 05986eeb9431c85d85cec08cb167a829
SHA256: 10db04310feaf307dd4c1b4f88cb0354690f4f036e2a093d48cd0b6031c15f66
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.KRAB
binary
MD5: 28f993eadc45b957f1077331838112d1
SHA256: 191ef27b9c7c45536898963d2fb9ab98004c1a9d289ce9fd2a15a79f02aee8bd
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.KRAB
binary
MD5: 0907db3d16a6595700ce9e2d9912dd28
SHA256: 73d7b495cf48c23204971e3556303b1aaaf40dc10b46f8263ab2c37e71a21464
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.KRAB
binary
MD5: 1fddc45a53b5fc4cf329cdfc4879b853
SHA256: 56aa5d6794cc341a0e3776a79fb4e0f4d22c5d2ab51fef9cf5dec2773c1ffda4
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.KRAB
binary
MD5: 0feda0b9d6c9548e0c62359eac4224f7
SHA256: 2e1f49a31b7bc555ff035d7b74e37ba65c740352346b23b3d6a695f41bc2d7fb
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.KRAB
binary
MD5: c34d527f697e4cc19fdf198609ee747b
SHA256: 3ec47dd603e8f3e8b1f390d30a62e0208726f9e429698242911e5757ee8b74a2
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\journals\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2.KRAB
binary
MD5: df1924c155a8ed1f18cc265f66fc8df5
SHA256: 358918274fed1efb866ad3d1093095f0b05f7f7f063860318e8f759c8e22ebd7
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.KRAB
binary
MD5: d3dd88f814da74698a5b6a660f77a6f9
SHA256: b211f376c5109d274aa51452311cdf8adcc861b43f8ff1e51e0d4197c02d0f8c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.KRAB
binary
MD5: c5b5b5b2f1aeee6e75d8054dbd5af2a8
SHA256: e5697e7ce36b2cf9399b81bf3ccca7e583ff0155da97167ea19b62b75a3fd5af
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.KRAB
binary
MD5: 2b78998cd23a30481467661ff52fc2c6
SHA256: dfe00133de8efc126cb9c63795437feb73830f0141f3715f2a787bbc373f1ae2
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.KRAB
binary
MD5: d54cfae3dd67ad06b4a29cc5118a7631
SHA256: 85f757435435eca68c1716706f632b780598e3436090616c0d9ddcadac01f748
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.KRAB
binary
MD5: faea0ad4beb53e4e2d8e6b69bf630907
SHA256: 38448b76d2e3dbddbc0ff5b7c68a0d9c04be6ffec041ef628f7444aba041ecff
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.KRAB
binary
MD5: 1305cd48fc51fdcf152f7e0a0b209eca
SHA256: 2cafec79c3916432da225b43567d345028008d506e153b85d6ebd578941c04b3
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.KRAB
binary
MD5: e0347e4f054d28123c7d4926c7d65370
SHA256: d71374b475abe0704d593de330a61edaa41edffb2f4ac55cc505b6c9b7d94e27
3372
gandcrab 4.1.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.KRAB
binary
MD5: b5982c18143ac9ce170c46e368f84608
SHA256: 267762bb7920e9d56913dae61c3c272d7480e98978e6b66d015b9ea95de83176
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2.KRAB
binary
MD5: 4ee9da549f0daa864718eac6116761e4
SHA256: 8d8cd09ded2f2cc5d65bcb87e8e26071d1e08ec6940fac0a44c757ac973e26a8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.KRAB
binary
MD5: 500e6a23f63c96642cc03a35d73d400f
SHA256: 736e8c5dd6a7fe9a433d48cb25f45356f8e38147b59f188475a586047e6cb45d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.KRAB
binary
MD5: 4e5f25023cdf50d601f3430faa0985ce
SHA256: cda59739d2eb57cf886ea4521fb3e9f46a4eff9777ae610494d10b8cc25d7aeb
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.KRAB
binary
MD5: e21b1249e85dced95348013181110e2c
SHA256: 58250b1521223a663dbdcdcbab03365d1bff2637e5f09709887bdb270adb8580
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.KRAB
binary
MD5: 99d7586908a6d665bbe42f66c2c08b25
SHA256: 2d6c5ee0880c2bb60d6a3df5b906b28f3ac9fbb12c0f03ad54144fc3a1690789
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.KRAB
binary
MD5: 22bd102d6553cbfe3fdff9c635a9bdf5
SHA256: 793e872f49dd3b66b5697a0d68395894bf4c91c8ecb58898d1d04969c00f3e97
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.KRAB
binary
MD5: 4c0d053affcce86266e58b77648d2350
SHA256: 8bff23ec427d4e22a1e03898af120e2d61746fe144d93984517cfe5a147596c5
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.KRAB
binary
MD5: b5c0995ed8436a588680c2488c4f4b76
SHA256: c75f301a6fd6c098aa813b8d7a0d46b9c6b031ef6bd532ea359529814fcff6f5
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53.KRAB
binary
MD5: 36b8afe4ba2380356693fa13b8e65f6f
SHA256: f1dc341237f81371c56426d9e482d039f10e22f91a528b907953b0e1809c28a1
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9.KRAB
pgc
MD5: 7adfc927f5048d8835d2630e36dc1d29
SHA256: 1e5b666e33c96106ce709cec223ba642275d8975edab85936b7676df78f32751
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f.KRAB
binary
MD5: f763c17f6cd6c25ae9e629555b164f9a
SHA256: 8ccb55e0d0ccf768acbe80e3d6c1633c071fc6c12521891f4624b392542d5b1c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.KRAB
binary
MD5: d843f990fb7874e62995ac75a26301d7
SHA256: 6faa99c7034de6f5fdebac10c5fc443cdc900c298cf733703e61d5d0d137012c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.KRAB
binary
MD5: ab5619c5d5e4ea0d6be8bc936b341484
SHA256: c59b0e6a7606ac8871227c299e2cfb04b23c896db9f5e1c3a2a364b71a25d3de
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.KRAB
binary
MD5: 9732f5dde08154e3d3a56772be3edc88
SHA256: c215972b9f768634016accc185d46e85179c8b7e1c62e2bccec7d9499e2ced0e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.KRAB
binary
MD5: 6cf12df1f59809d90a1e60006045aadf
SHA256: bec0a6ed0ca1397e7b13e26b7060f2d1ec26a731afbc2747a87af49a57eff560
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.KRAB
binary
MD5: 82be57bdfe884f166652ce0b32a9dc2a
SHA256: ffa84bb724a7adbc42fbba92b16f5de4f03f0141e458e252f2eea90bca30257f
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.KRAB
binary
MD5: 86eca16202126c427b90fd97ec4f142c
SHA256: 402f58a732faeaad5e72c29d1abab5a63d48446de75f493c1e9fd19cef032b45
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.KRAB
binary
MD5: e4b44dd9139493988d4c6addf77c8c8b
SHA256: ecda0690505c122b84cbff4085c4cba74bc9f904043d7ad155b9aea97938fa93
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.KRAB
binary
MD5: eb118b73d609ac6162a164aee65b6d6c
SHA256: 787c953c956c42538f2ae60b166298f6c9ed1ed3058c8647f4b6e1315a9d01dc
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.KRAB
binary
MD5: 94383a4f28acd6b311a7e370e58254c4
SHA256: 5cf3b6fe36c9d1f9c93e725eefd608a304b306216dc719069af34cb7938bb693
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.KRAB
binary
MD5: 74782b34cc22e88b426a0e5502c3eeb3
SHA256: 588c44f8619fdd073942aca2ab779d4b2e4d82f39a8c83383d30822c29f6c9d7
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.KRAB
binary
MD5: 534d5f9af7b1490aae3e4ad1d4bd9aac
SHA256: aea8de91a8f040c5dd7e4cb740070155290bf7509582690ac9331e1d239f5581
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.KRAB
binary
MD5: e18f370288e05e5c7a2755c2460a1ef4
SHA256: 02e4030eb03a2862a66c0782fbcb6ebc4949b0988abf2394c2c6245dead6e8a9
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.KRAB
binary
MD5: 31db8b714ad92ae83d30a8f90e569b52
SHA256: 87ff72b1d13163db030fe8bd2a7a5957e141bae1d335b1072edb18f19f093cc0
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.KRAB
binary
MD5: 7498c6a1f4d6365ddfe3f05210e54cd8
SHA256: 0711ac442b146d52b418436b08007d0a1be51ae51eb2c60364d10b15f2fa096f
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040859.0194ec90-9aa2-412d-a21d-de074d2bda44.main.jsonlz4.KRAB
binary
MD5: 576710105c745a837760818600575659
SHA256: 72dbd618d5537da6bf8df030f708adcf2ba888030df30f4d0e1f12cafb3e67d6
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.KRAB
binary
MD5: cb0c219eca2b033879a83d6722da53fe
SHA256: 6c382141bc67e8f4a8f8a9d55ee400ab16e84dc0c9390c8f9917963464ff0bef
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.KRAB
binary
MD5: bdf7482b2e0a3e863d26e0bd3f0e7fc9
SHA256: 7c391ca950267a0c0e3003d01a8f507cf18ed639f4076b8558d35ed8c1c043ee
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.KRAB
binary
MD5: a2cbe7bf3c3e613446b362d17b035e40
SHA256: f621b4d58769eede3ef17d9d72bc7d83087325e057b619d0328cdf510766eb52
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4.KRAB
binary
MD5: 96fc21a7ee9868854b8c7ed7b46ee278
SHA256: fd7a01a11b12f587231799f2c8f9b2575f8d37122d7acce6cdc2c6c7f45f52dd
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040843.64e19fd2-09c5-457f-b7da-c6beab032106.health.jsonlz4.KRAB
binary
MD5: e9344b0689656c1fde8c6aefd000480c
SHA256: 888ed55c5d063976cf6a0ad4ecbbb1b947ac1ff8b14903734d9215d5cce27f75
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4.KRAB
binary
MD5: daaeb0710fbcc3a0d8fc5bb24a9f97ed
SHA256: 9002c4b1073b84ce4eb495aff7ce4dda59e54630ef269c0f8ec7b785b1afcc77
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040812.7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53.health.jsonlz4.KRAB
binary
MD5: 603bbd4105b9deafc0f64a5c99ccc5ea
SHA256: e7327eaa42a91d34565e3dc15ece3be1ae5f1cce69f20d1c459de34938f1d273
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040859.0194ec90-9aa2-412d-a21d-de074d2bda44.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040843.64e19fd2-09c5-457f-b7da-c6beab032106.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040812.7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4.KRAB
binary
MD5: 71464418f9866461c5d8276d5bd5492a
SHA256: 918e3e650947dc30e278099426e66bced0447a58a2d93563b2e3319483bbe344
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4.KRAB
binary
MD5: f5873a380dd593411acae1f49cef4fa7
SHA256: d0726b98e4b2cd910ebf3f8885912280f5926ef64b74dedcd0384b0b851c0085
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.KRAB
binary
MD5: 95a3c788b95ee04f4fe63338b2aa9f3e
SHA256: 11e0062492e84503408bb8cfd85b9079ad64ba2eb886ed87aa4a3d851e885d4e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4.KRAB
binary
MD5: ff1724ad970ba3f6f607e95c9298d75a
SHA256: 2dc9bece45b6dc34373fd42875b06831cb3b11739274b965971e4d3cd1479990
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.KRAB
binary
MD5: 9eec2be2f84e4ec67b374db5dec1986d
SHA256: dab743e06ac242fab072dd4fae10b7b0181748faa369f77cd3c4ccbd7f4a7ffc
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.KRAB
binary
MD5: 8150a1a35ef6bb680cc4fb78f01892c7
SHA256: 6250a89ce0edefce4a69f6861d49af6a81a3845ad3b64cf8ac8ccde25802916b
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.KRAB
binary
MD5: bdcaede95908378b59bd64cd8d54490e
SHA256: 98d77d0285e8e158b895c7e8ed985d64e0e46f1ec8e5d0191ad45ee6b18436de
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.KRAB
binary
MD5: 03f129ceb6bc53b2e2fc7f020d4ec25d
SHA256: f3d6631a10bee6e6d12e9b99be47039e4fc0effd1d04531fc5b9b3ecb79a3d03
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.KRAB
binary
MD5: 61146e6b65cd70088f153e6ae210874f
SHA256: d7a59c9a5bb3a84d39d43fe5340d7c9ff1991d7811d9c780ab8631a447b59f40
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.KRAB
binary
MD5: 459b173de6d13b8c5976329552fb310e
SHA256: c6f7f117b9bae309f560f95efa3a7538e8641ba641f459191e5ea1d27fb69070
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.KRAB
binary
MD5: 18f8a0e5328f1d7c97e022a271a28128
SHA256: c54ec1c47e792cd595a98aaa548148f7f8f665480a2377f1b9ba8f1bbc534c8b
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.KRAB
binary
MD5: b8ca91396a694406a854ba647489852f
SHA256: 1a71149602432f198f78253c80a6aac766e96409bf37ef1ed065ba2e789e101a
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.KRAB
binary
MD5: 4f294cd4b68be1d19efdf4bbb58bb3be
SHA256: 3aded334c5ec4fc47af5ec7de9de68cff62bf51bb62282bb93ee240c2203aea0
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.KRAB
binary
MD5: 665e11f6f014ffd52d9aafdc4cfb6d67
SHA256: 4d4ef3fe8fae6f9dafa18f2455570d7c292e874e95ac91b6bcab62e7eba83c9f
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501.KRAB
binary
MD5: 51e97352e43091390f42adb832790bd2
SHA256: 1e7f2f836a4ec820853c4dea341aedabc702076b69faf293dee3d7104112da2d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.KRAB
binary
MD5: 888140534742d6c404ca8adab64add99
SHA256: 7fc70924b1f9d77d3a7215ca7200b390ccccfd96935340ef9438000eaa8aad1c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.KRAB
binary
MD5: 6589b1195b3f11097b665fe320af51c7
SHA256: f73e7d4fab5e37fd2feccfe3339f551541523411cc361b017bc030293a389387
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.KRAB
binary
MD5: fef86600faaa12900af27818bcb779ec
SHA256: 05f3f1354152203916722a870ab164b6d721fb07d1aa2de9e7d5ce77fec580f1
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.KRAB
binary
MD5: 2b0e5e50aabc7077f71b618a2d8c5526
SHA256: 22f64ec54a5fc2fecb77eef4ae7a7b2af5f6d6c9c64cb7b345fadcc1cef9b432
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.KRAB
binary
MD5: 03f9f969719ab4f67587e9911cb32bac
SHA256: 5aa5a1d6703b5fe684a487b2f3762383c3c3ebdd5753a68dbebf01306361fe22
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.KRAB
binary
MD5: e3242aefe65b245560ef59cfffe61fc6
SHA256: d6ffce1519d1b3d02ce4c1fee446390f5c4fdc69177b6f274684974a38021528
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.KRAB
binary
MD5: d19e789beb0f5cabf105ca0f73a8ecf1
SHA256: 90689eaeb9cfaa650f6a33bd0b96eb6508ad66e5ce76700be93182ec690194fa
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.KRAB
binary
MD5: 78c6a8d3e2cec78dae9015e621f7c2c2
SHA256: 3aebd1a9df69114a7d60fa8c0674ac67dedba71599305f72b34a53ae90411b2d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.KRAB
binary
MD5: 9e81ecab051d9a1035f0f363c8dda4d5
SHA256: 5023be44ad100661264cb9685352684d445d402594ec132c6790100f63c1a4ce
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.KRAB
binary
MD5: 22ccdebc6e98808428c4e426fa3f66de
SHA256: aa03270d1ee56408763f14c794e8b3d39634484469377c3f401228f5da519a36
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.KRAB
binary
MD5: 2e4f5fb2bc5d399feb02662a8faa8da0
SHA256: e621d7229d31e9fb8ec02e87a0a0e476c3c07a7151c51502af291f779e5ee454
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.KRAB
ini
MD5: 556189f06adb291b3c79a4cfc3ff2054
SHA256: ad280a08b8d9df768c9cb9352220d06793b1a70aec570c034847bc247f3ea8f1
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.KRAB
binary
MD5: 62f83ec7bbce7ced24fe674ea7fbb351
SHA256: f197e4cf30a051af8fbddde0062c547c54ffcc60ca532dc9875b97028ae5a066
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.KRAB
binary
MD5: 75d61a89086805485c681ad3037db0d8
SHA256: 33d61c852c7f57af4aaa5c3b338b4979ab03ef638f31fd92cf45be0b65e40f7e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.KRAB
binary
MD5: 44d4739121983bea6c8936a4e0d26806
SHA256: ea35db572f67f5db80a71633544f5ca8bcbe98070c34288ed75c49501ecefd1c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.KRAB
binary
MD5: bba84bba209d3f3b2ba4eb49b2bfb235
SHA256: b7ddfbce89a67064ea1e42d82b92c8a11386eaef5d28e5c8e86e602012981b7c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.KRAB
binary
MD5: 02fcf004055ac74d7dee9d1c0640b2ce
SHA256: 10a0bc19a26f475cae063339ca1cf581497211684d9c629844c6f142bd8a747b
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.KRAB
flc
MD5: dffcc862088e2274b8d21f0c97b1ad3c
SHA256: 751c1a4f3645df89fd6fbd6215b7475e9d79c192486721cfed1b5e6e09314dd6
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.KRAB
binary
MD5: 6b433fcdd2e156537925a7043a08a8f3
SHA256: 0e9fc0e7b9270056900b2f65f72915079f3ec22273ee8c6919144f7aa6b2c849
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.KRAB
binary
MD5: b95df297f6b00dccbf7becb8a315cdee
SHA256: 94f079cd95f1f7480ffc7e15e7144b19a0298fb560da72b2c8ceff4505e4ba90
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.KRAB
binary
MD5: 6988e0039716699658b245b2767023a9
SHA256: ebfe4cc7a08a89675eedc852053cd6d79b2c1feb2163d1f1af3be29bfffd5d77
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.KRAB
binary
MD5: 2c79d5c23857ee126e51661324186420
SHA256: 98936f74699d0054031c7ac58dc2ad870e2abdce010397d778d1cca41dbdbb21
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.KRAB
binary
MD5: 7754cfee73f32a8895bde603b6ce2158
SHA256: 79276c10bb3ccff66f5789a48566e3a69471eb30acb452e9d3d53d1459fc0a74
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.KRAB
binary
MD5: 45823c9da6681c344ed70946441135d5
SHA256: 9e8c02d077159f050e30f72d0df0df69700584d23b28db1905bbfe0c2efb2278
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.KRAB
binary
MD5: f63e7c2f83b2a124e3164cd7c173f937
SHA256: 0ab31ede87f6d65d1755debe36eb4729fdc4534409161aa639d8ecba91aca0ae
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.KRAB
binary
MD5: 4830a921f192abf6929199b5230a0c06
SHA256: 5aaee0c31c23cc1c178e567d8ba58edcb74f95f4d7f76a7e04bb28bcb43bae2a
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.KRAB
binary
MD5: 902369049699c6405164df73f063794b
SHA256: bb7801fbed4bab8c481065c758757a8404cfedb76c5dccb28dcc8794b1573522
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.KRAB
binary
MD5: 516645fa499b5ca7d8c3d347ef637a29
SHA256: a9e8fa82b4705a8722a930200f9c6eb616500577668750183c218dc58fe39239
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.KRAB
binary
MD5: 80c492007cb6688b23b4f01d5236e4b8
SHA256: c6484feba5b13af8cf8d67dfc1e45103eb35817b7e58069f336ab5f1fdce6ce9
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.KRAB
binary
MD5: e4278048be150142817c731d37b9a3e9
SHA256: 9ca8b04ad55dd154b31d3268ae644d513d3ae00689a9bda38ca5c2289553db0e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.KRAB
binary
MD5: 7e482c3667b7f630fb628046c0f7adc8
SHA256: 396b0b876a69256442a8c6c1708424d8ab6f304d91a04e55364a0b26d16c9567
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.KRAB
binary
MD5: f252b827215bd870fbe3f1ba9802b7cb
SHA256: a4d6fa5b21d64c8897be924465a7c469a8650b1cc0a3bce047a36b154c60af25
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.KRAB
binary
MD5: 356a6cd1b2fcafa7ea8523240367a5ea
SHA256: 1aaf332a8dc511423aacfd396bd903976ee4ac5ae54027e6929241cfe1ec7817
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.KRAB
binary
MD5: c54d261e491ba71de7f89112c52156c8
SHA256: 2fcd0b5d7494cd08f37146b08f2f13c48b14565117301f3e7807590ea3d379cb
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.KRAB
binary
MD5: 641bfda226bcd6c98e47e78927d32153
SHA256: e44ddc9e3f82c0d186668880daed0a70cff283f8279450c812fa16250022f524
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.KRAB
binary
MD5: 4033c7fbe3cd5eaa03316e83c5127990
SHA256: 49655906782ea6fc86bdb5367029f0db61584438682947135b391c18ef8b9535
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.KRAB
binary
MD5: 849fcb00b640c54c7ea9d8cc7b5a0d5b
SHA256: e7795df951ff3cb1426de7b34fd670dd8fa49ee64a0dffe99a18b30d845c32da
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.KRAB
binary
MD5: cc8c87761037edfef27d76861ba07795
SHA256: 4a62dfbe748636617934e377bcc637885ea1c17efcfa5d50aaece744f5b74a3c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.KRAB
binary
MD5: e74802bc38a3a60f15372a6ac54c93e0
SHA256: 1ffd16e51130015ba2f652d88c2a740c9549be84e59e1567a995b992368f1949
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.KRAB
binary
MD5: 0ef3dd2df30c0b552406abc8d431b293
SHA256: c91e34f056268ce7a4d8ad4e223f4ab8ea9ee5eca98b5174a58a32d6998ffb9f
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.KRAB
binary
MD5: 49af3d5971924bd6b2118303511cfbe6
SHA256: 6e1b92d9b1872d62cff0f1f3c53fd97676bcc1e4071c8884c3f83990d5bb6005
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.KRAB
binary
MD5: fe86e5daf814fb4b91882cd2d522f922
SHA256: 588cc9d80c6a16844ca1554a3aaa56c8e79778ce0298c7d868885850ac3bf149
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.KRAB
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.KRAB
binary
MD5: 781f40e332082c2bb602129d65a63f68
SHA256: 9837b3955cf38b037f906fa3197f832a4f81e7d646b3eda56919f5e616e0aa25
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.KRAB
binary
MD5: 34b7d67272753f4162396eca6c686584
SHA256: 2891e5993dd75dc05e35104553dd00a3f744eeac8ccffe9034ceec87f123dfab
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.KRAB
binary
MD5: 2c1b5914cfd3a3b1188f63e5479fe495
SHA256: 8c691a43382a1b2af4c99142d0d1cd22b11b50ec2560bae6cf9c81d2069331a4
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.KRAB
binary
MD5: efe65aa8ceae9b1bff601c10dd5cec76
SHA256: db179dbde82b548d5b6f80597ad79c6d7c109846fd1b84c1df000ecb4cfdac79
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.KRAB
binary
MD5: 849076243a76d99e270cc1166f1248dc
SHA256: 7e5b067282648b17101a682a590b3e8623b2184b2425c8bbb7ce08291e98f707
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.KRAB
binary
MD5: 2c1ca580ebdfb15d01d7d70ea1533cad
SHA256: a9e4d994960cc38e03bd37870d7d86ebd02bfd2d4c8a98bf776b6aa3dd627f18
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.KRAB
binary
MD5: 5ef525620ec9fc744b30dfb1fba948a7
SHA256: 39e00fd5e40180353649ca06925eb2f487a5b7615bb6f2b7b3821cf284206614
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1.KRAB
binary
MD5: c64151aa3e16d80f0c772d9f6df870d3
SHA256: aaf08382a1a1da24ef40e447c645bf62212ba4e821848bc49afa151e9f79c07a
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.KRAB
binary
MD5: 6bdcfecaa7277ae8960707f2816ac418
SHA256: cc0b0f3186ab8266fe77bda882d5f97da52ac5405f435dde211a21c0fc9c30a4
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.KRAB
binary
MD5: 7056184d3aeda15bbbe40beaabae6e03
SHA256: b724c3956053905de2e902202fc1e5c264d2e8b7669a8436e25ebbbb3805bbfe
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.KRAB
binary
MD5: 365c9640305313f9d8b98e63da18f94f
SHA256: be6ad88a20df09293f7794440815fe58cab105f879872f3a8edb668ee0f711ac
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.KRAB
binary
MD5: 853c5d283473b6b5f6a020b015a00552
SHA256: dd07bdce63c9fb4742a83919e94bbab18883936815e6893f965808daf779e673
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.KRAB
binary
MD5: 2439dc38a8945b09cebefd2664cac2be
SHA256: 52cda2f3efc0d973e2f6da592e3706961d717a741d37dde4f71221f0e63f6e57
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.KRAB
binary
MD5: 49cd67c62ed02195d5226243865f8890
SHA256: d174329335800c3d05ed1e39201b98b360175fa0b2eff0be669ea846172e681e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.KRAB
binary
MD5: 33b8e04c40722e8436c5d1e00346479c
SHA256: d856d5f887ffa05046f9c865140cc3bc930ae361f42d04a359b420f4cb68e141
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.KRAB
binary
MD5: e92ac06262425debf089e24bbe56a302
SHA256: 166d743e2b2e79796fb7dafd79919b9a37f74ca66987f48e99bc8e205d0f7e77
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.KRAB
binary
MD5: 092eea9b68434f9c2e3ef721140e82c8
SHA256: 234851ac01493da1a2b53ae45e0ee3d4776183cdd2f2a4c8585c1f60285394e2
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.KRAB
binary
MD5: 016e00f4eee6139ef3fde329fb169446
SHA256: 4768f35a828cebfa0770a908da9d49ac2cf454b8eb26a31681a4a01afe76586d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.KRAB
binary
MD5: 80e81d6ee50796875c428cc5dd0652cc
SHA256: d36787b52d12f68c28c0670d9ce713aa096891be107143fe5ba9d14561fbca84
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 64a332e66b821fc4e377c5c911018b54
SHA256: 58582c34e7a8bc542faab0c27a17aaf21518016f174c8daaae9761d8f80bdf1a
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 7b4edbde774d19c4ed0fbfcf3d3468e2
SHA256: 47b2181b3b18d0505c0f182a647ed55dfe531fe1e4f4088017d63c909f08b1e4
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: a1024bc0b80dadca7f20fb160788cbad
SHA256: 3fabdf5dd607b756bd754938a25e6f835c8fd79e99c22501ee8a8e1adac78772
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 7b537542e741ef2e73e6c683778d9894
SHA256: 34302d7e50f1c03df604d62ddefa05175781215f46ed014adc2be0884de93138
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 1f105ac5d5b8c41c5162d6028a4ca968
SHA256: 372878d7580ed02337ae3b836ee86cd454db0206d22ac45eb4b9c0f15b46a43e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 86248a9f65131263d7a7a1a11ee80c8c
SHA256: f1c35454fa8a972a449020f440684cba0b698affe6f6f19681d1691639b30f8c
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.KRAB
binary
MD5: a5e0790b76427fe126c41ae241aebd80
SHA256: d781b2508e2a67d1decffe30d5ac0e1029999b1d084b45c333e844849e2fcb69
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.KRAB
binary
MD5: 6894727333e9cf11a2caa0101f2bef0b
SHA256: c7dad2a0d1cc6dfa4ee34bce11c72850da54d5c962ade6815bfcf0ef4d84b255
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.KRAB
binary
MD5: ac01f45ebb760a39da67e8ea66aa1489
SHA256: e73e4a8645d306f448dd74d5202f2734c3384c5a6369e24323e483c80b2fc707
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Identities\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.KRAB
binary
MD5: 3206489c05aaa151a533e69336c6265a
SHA256: 30719fee35a281361fc14dba57a41f364c418b041a1f7003b4a1861e861fd3b2
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.KRAB
binary
MD5: 094bd1a104a180095b5f6305f9199571
SHA256: 0160e5743e59f2b94477309ba2cad501605ccec836e962487ad95ceb9b828aa1
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.KRAB
binary
MD5: ef8d9b85aa3ac9be98cf5b09915c5204
SHA256: a5bbe7106c872584fc9ca658803d882500dafd0e5b9713163ce7192551388268
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.KRAB
binary
MD5: 1fdf73391b31ddd018910fc0ba593b0f
SHA256: 08d1a3825770b396318b268b30627edb4dad08b8dca62ddac9548c481b2050d2
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.KRAB
binary
MD5: 51087725574062fa16c4c7db52e9c7ad
SHA256: e0e8fae39edf3365b2633a12cb72cd9bc045166691b75ec6d8611e7470dab346
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.KRAB
binary
MD5: ebed67a8d093cfdfed89e79b477e007b
SHA256: 768c2a5a46f8f2ab6093521e99e0dea5cde14a8cc4c6398324fe1a2dcdf7f8e8
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.KRAB
binary
MD5: 3b53edfd6b93483d0ff7d8b2096bf6dc
SHA256: 5e40bbf8199415eae576f2b8cb934242861899190ad8697733298df492d26e1e
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.KRAB
binary
MD5: acd547c40c0918415a22a56fc5601fa2
SHA256: aafe75eeee570b2b2a0c3f263fa055aa065907030393fa426f13f3f6aa253611
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.KRAB
binary
MD5: f505f79b281df4296df53708a2f77f11
SHA256: f6c2d469c8ad5312f459f47872589092c6d001262a362362e7aae83ed048fe0b
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.KRAB
binary
MD5: 3b97fd00430c6c08b5f456d2dc2ff7fc
SHA256: feb3a6ac3fdc4a7309f49eb53dcb727620bc6da3a6f3bd7733c3e3c26f342b3d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\.oracle_jre_usage\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.KRAB
binary
MD5: a93748c6327114dafb28ff78cda4ce2b
SHA256: e07f8e6d233a5d0749e4f5c89db5958ba3d6501fe9917f30a244c1e44cfb3e82
3372
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3372
gandcrab 4.1.2.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d
3372
gandcrab 4.1.2.exe
C:\Users\admin\KRAB-DECRYPT.txt
text
MD5: 1737a0a57613796cc834ad5504e0219c
SHA256: 1002232f510c519cd141940b4a19779618d720864abf016196d967680bbb165d

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
11
TCP/UDP connections
19
DNS requests
8
Threats
12

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3372 gandcrab 4.1.2.exe GET 302 217.160.0.234:80 http://www.billerimpex.com/ DE
html
malicious
3372 gandcrab 4.1.2.exe GET 301 217.70.184.50:80 http://www.macartegrise.eu/ FR
html
malicious
3372 gandcrab 4.1.2.exe GET 301 199.188.201.218:80 http://www.poketeg.com/ US
html
malicious
3372 gandcrab 4.1.2.exe GET –– 92.53.96.201:80 http://perovaphoto.ru/ RU
––
––
malicious
3372 gandcrab 4.1.2.exe POST 404 92.53.96.201:80 http://perovaphoto.ru/includes/pics/zuda.jpg RU
text
html
malicious
3372 gandcrab 4.1.2.exe GET –– 87.236.16.31:80 http://asl-company.ru/ RU
––
––
malicious
3372 gandcrab 4.1.2.exe POST 404 87.236.16.31:80 http://asl-company.ru/uploads/assets/keamso.bmp RU
text
html
malicious
3372 gandcrab 4.1.2.exe GET –– 77.104.171.238:80 http://www.fabbfoundation.gm/ US
––
––
malicious
3372 gandcrab 4.1.2.exe POST –– 77.104.171.238:80 http://www.fabbfoundation.gm/wp-content/imgs/kakese.gif US
text
––
––
malicious
3372 gandcrab 4.1.2.exe GET –– 146.66.72.87:80 http://www.perfectfunnelblueprint.com/ US
––
––
malicious
3372 gandcrab 4.1.2.exe POST –– 146.66.72.87:80 http://www.perfectfunnelblueprint.com/data/images/kazu.gif US
text
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3372 gandcrab 4.1.2.exe 217.160.0.234:80 1&1 Internet SE DE suspicious
3372 gandcrab 4.1.2.exe 217.160.0.234:443 1&1 Internet SE DE suspicious
3372 gandcrab 4.1.2.exe 217.70.184.50:80 GANDI SAS FR malicious
3372 gandcrab 4.1.2.exe 217.70.184.50:443 GANDI SAS FR malicious
3372 gandcrab 4.1.2.exe 199.188.201.218:80 Namecheap, Inc. US unknown
3372 gandcrab 4.1.2.exe 199.188.201.218:443 Namecheap, Inc. US unknown
3372 gandcrab 4.1.2.exe 92.53.96.201:80 TimeWeb Ltd. RU malicious
3372 gandcrab 4.1.2.exe 87.236.16.31:80 Beget Ltd RU malicious
–– –– 77.104.171.238:80 SoftLayer Technologies Inc. US malicious
3372 gandcrab 4.1.2.exe 77.104.171.238:80 SoftLayer Technologies Inc. US malicious
3372 gandcrab 4.1.2.exe 146.66.72.87:80 US malicious
3372 gandcrab 4.1.2.exe 91.195.240.94:80 SEDO GmbH DE malicious

DNS requests

Domain IP Reputation
www.billerimpex.com 217.160.0.234
malicious
www.macartegrise.eu 217.70.184.50
malicious
www.poketeg.com 199.188.201.218
malicious
perovaphoto.ru 92.53.96.201
malicious
asl-company.ru 87.236.16.31
malicious
www.fabbfoundation.gm 77.104.171.238
malicious
www.perfectfunnelblueprint.com 146.66.72.87
malicious
www.wash-wear.com 91.195.240.94
malicious

Threats

PID Process Class Message
3372 gandcrab 4.1.2.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
3372 gandcrab 4.1.2.exe A Network Trojan was detected ET TROJAN [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3372 gandcrab 4.1.2.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3372 gandcrab 4.1.2.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3372 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP

Debug output strings

No debug info.