General Info

File name

gandcrab 4.1.2

Full analysis
https://app.any.run/tasks/a705463c-59cc-4fd7-9207-b70dc323e1ff
Verdict
Malicious activity
Analysis date
5/15/2019, 18:14:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

0301296543c91492d49847ae636857a4

SHA1

147731983582c2196c304d1e6453cb2d26920756

SHA256

ce093ffa19f020a2b73719f653b5e0423df28ef1d59035d55e99154a85c5c668

SSDEEP

3072:+MyjfYtI0Tu1tOGd1SfOZw5IhQT6CgrQp0My:+jQnKOI4z5Iet0My

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Actions looks like stealing of personal data
  • gandcrab 4.1.2.exe (PID: 3528)
Writes file to Word startup folder
  • gandcrab 4.1.2.exe (PID: 3528)
GandCrab keys found
  • gandcrab 4.1.2.exe (PID: 3528)
Renames files like Ransomware
  • gandcrab 4.1.2.exe (PID: 3528)
Connects to CnC server
  • gandcrab 4.1.2.exe (PID: 3528)
Dropped file may contain instructions of ransomware
  • gandcrab 4.1.2.exe (PID: 3528)
Deletes shadow copies
  • gandcrab 4.1.2.exe (PID: 3528)
GANDCRAB detected
  • gandcrab 4.1.2.exe (PID: 3528)
  • gandcrab 4.1.2.exe (PID: 3528)
Creates files in the program directory
  • gandcrab 4.1.2.exe (PID: 3528)
Reads the cookies of Mozilla Firefox
  • gandcrab 4.1.2.exe (PID: 3528)
Creates files like Ransomware instruction
  • gandcrab 4.1.2.exe (PID: 3528)
Creates files in the user directory
  • gandcrab 4.1.2.exe (PID: 3528)
Dropped object may contain TOR URL's
  • gandcrab 4.1.2.exe (PID: 3528)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:07:13 18:48:14+02:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
53248
InitializedDataSize:
77824
UninitializedDataSize:
null
EntryPoint:
0x2f0d
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
13-Jul-2018 16:48:14
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
13-Jul-2018 16:48:14
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000CFF4 0x0000D000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.68988
.rdata 0x0000E000 0x00005BF6 0x00005C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.5011
.data 0x00014000 0x0000C154 0x0000A400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.0134
.rsrc 0x00021000 0x000001E0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.71768
.reloc 0x00022000 0x00000F28 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.49428
Resources
1

Imports
    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    SHELL32.dll

    MPR.dll

    WININET.dll

Exports

    No exports.

Screenshots

Processes

Total processes
39
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #GANDCRAB gandcrab 4.1.2.exe wmic.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3528
CMD
"C:\Users\admin\AppData\Local\Temp\gandcrab 4.1.2.exe"
Path
C:\Users\admin\AppData\Local\Temp\gandcrab 4.1.2.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1073807364
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\gandcrab 4.1.2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe

PID
3160
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
No indicators
Parent process
gandcrab 4.1.2.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147749908
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

Registry activity

Total events
119
Read events
89
Write events
30
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
EnableFileTracing
0
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
EnableConsoleTracing
0
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
FileTracingMask
4294901760
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
ConsoleTracingMask
4294901760
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
MaxFileSize
1048576
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASAPI32
FileDirectory
%windir%\tracing
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
EnableFileTracing
0
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
EnableConsoleTracing
0
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
FileTracingMask
4294901760
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
ConsoleTracingMask
4294901760
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
MaxFileSize
1048576
3528
gandcrab 4.1.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\gandcrab 4_RASMANCS
FileDirectory
%windir%\tracing
3528
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3528
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3528
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3528
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3528
gandcrab 4.1.2.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3528
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
public
0602000000A400005253413100080000010001002D1AC51362B09569390A1F54F9473D42CE5F47F87360A78F9A948473E3B66F4D6AFE38D40DC99F7872A36538C790326814DC736202F074EA29355EA25A5BB908158DBC66331FEB0A97F1C5893519408AAB9D87BAE15E67A90898061125929199EA24537BBB740DE5D91AC855BE77B2533165502CF8F36FA379610EA7411819B9EEFA0DC1D9158416439E1A8863419ED3F4C996EEDCD9B3D687DB1E2506050828F63A6C5544D650F06AFB9887EA888FE974597CE212A54A0802AAC3F9E1542A56B283E925A89A551918EDB2E47DF4C32FAA0AB0DD3737FC0E5FE2F9BC006328FD0C9E52A8138DC305E1CCA8CB5930F84D0E9BECF6DF7474828A811B7666C461F1
3528
gandcrab 4.1.2.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
private
94040000811F7FED53CE3A142D613E1CA8E203F2C046BC8698DDAA35D2947ED3D3221A1786CF3DD32FFF997D7855FC49D91664B2B249AB6DE09438E8F4BC54653E2C72442985079F83610F394EC00FB9F7F4DD943DAEE4FA0D4F1BC88802E0536FF10C3C7746B33E61E1568BD9E7F152DDD132191FFA046AEA76A872ACF2E284766243C42E0E4B18F066BCADF3E4C2ACACE54CE50FF30A63AA298EE911F517F52662B0A6CD3281B5002BA189AA8C97D0369722558A1E7139F9F19E24B33D20FFB7F3B72A2FCBEF255CA5CFE72D33101076C3A54C67DD7F310BE7CB22F76EF67CCDCEF62ECA76605EDD6FC34D77B8EB34646E104B6A01FF004DC765F1D651BB744B002E661AC96A081D15ECFE45CA290474EBA8D22FA7753FBD805CE35A0F098AD7660D287F4E153D24E774C731C7D1475F839E580DD540B3374D891B56BB8FD179B20437DCF9F1449F9A0A99B3B01C3AFBF5855D8609BB65DA5955F97ED5B618AD4AE24C0B8F61DD2A5EBF058C16C41A775623396E4A21418E3BB9AF0F28FC0BC45A46D5B3BCB7AA56727905430ED6E3D302CA548CBBAA59245F098117A002E0E271E475093201B0EFA35315FE07E1CB976FC185657B6261997343B7792E6434992AB8D78634CA142E9D0DC138AC565D0557B23F3244864D8E4F585D13E2CD0FF49D2A552BA46EC104E5AF2B2D8EBA950E6E018959D34F144643429A397044AF0E1C18067DFA24DBB99917EDD8D06947291BFA56E2FC792A1AE09E36EB0850B5BFD2F07FF659DC35FA3DC0BFFC5A984804DC8E9EC6E67569D85673730A8D713E95EF5508F8BFD2968417B230D9AA4F06B582C9345570FE82FBFB333A33772B507CF1747D7EB59723355A4966E6CADFECF63F5D70B669F1806213200CE598055E63FF4DBA8A41351A695F97F5F611181F26184E81B6CF89A33F0709891ED4F4EA32F74D2FFBC605528A7D6BC423BB14E05777724FE2668F8D3AE067F30B3D21AD0B9792FD2B7EDBB8A63DF229E1C23812C616A6FDC2D26D05BD951A389E5C266C5E0380E80D8AD497B062CBB0F4159DAB7E671D46192D1AF60B42BB4436766AFCB7F14F55C561087920B03140862C6CC949048E94ED33FD78B561B853FF833BD572019F848668D77EF29AEB7B65BA9E337CF72FF5012137D113DCEDE581D33DCC1C1B4426B7929795AC8B79D6C29E88762C3F592BC983C7030F7AB80E92F2E3A9890D33EA9EE8B6A43A750F0A36A6B2F484FDF0D727B7633CEC8E3CF2699F4705696427CD531158BC81DF4D08E314862D69025EDED41BE09C7E26511B1723C5594D88C90E58A5FF358236BB61BE3C869A0CFFF89EDDE96329157AAEC483D367DFA63100F74B09543D29E934A71945CA67DE7685E5CE5443501EC7BCD18AC524727A6EBB0850195DB0CD51991F91DD38A6783CFDF36CF9B8E05B3714BCCA35BD7DAF81525D8D9A2B7F47C1A4CD62300694B7C55B1D22E4D25F71C877FC2B94D5DCCECCADD74643CCE4CB4BB39BAC9A6CAD50CD0558FE8D3D94FC3739D2A87EAF1AFF1DA29EC27224F101D55DC8E6E479C6A560A3084934D0A2BE7F8EA7179D8C2BC448E9881C36247F37A1361ADABE44527870EDA4EB20AC18033B1DDCAA164AB738CED527C0CE62629211D3AA8B8E48A1EE9BBFC2EDEE30410EF40E7615E083E23C12B8D62DF0D18DCE9E6C8423C8A755A5BF41B509B57AB796871DB615FE7494C47463098C762CE105721003778E273014701B963F6F131797C584AC8F79F127B1A9160F50C13D65B5850C2D59D5BFDCD66096DC87A60E857B41146DD32B21B8B5EB708C9E18D2CE3360033CCBC2A21D359CFE01A24C8A077D55EEEF4354DC3C2E956833CA954E2657F38B0153D3054F4B909B83CDDF4B1B3784A4DE25FADAABB7CFAE8EA55CE43D986DEBB089C02A812DE9CA98D5DCD151DCEAEF3DDD65C4D01DCCC0221D42AA3503A5F756F2B7404C0427FD1F89CD08DD9CDDF7923593380156170F070862D3D6979662BFEE8D4AB64404B8C269B6AC09B09B285EEA205ABE682AFA3F2A05B0C501CAF1C96536A07F015E12403DEEBDD402A0C0E719D52B0BC8E5CC350845F02F0F2E5D79E3AAB36647629999B4C2DA4FED1EF05B109721F0DF3587962FB669E9EF992A707B828469233B6925F67ACA66BC125E3DD175CFE569F768EB6204F4FEB2E58884E5FFE5108FF5ED5A6D221177D0B4205F32B6C385385721A142F9C4CAF9CDC48A107B066ED9658FF19DF338414C99E505FA08A44B693FCB0C9896F7A7A3EAA303534500968AC407815188D2421CCF13BCE9E2107B26E8644C12C44B3CAAF50D2FFAB5F9DB20738564FAFC2849291F78DE296CB0FBE52B009AC5DA54C32585DC51DD49D774E707E601C41F9393

Files activity

Executable files
0
Suspicious files
270
Text files
203
Unknown types
12

Dropped files

PID
Process
Filename
Type
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 8770e8bff27bf5e89dfe6c3b6f0c8978
SHA256: f48400a8c97d3f9ba0d3af20a83ec02fb6a21ac83306833659e77403a57fe6d1
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Videos\Sample Videos\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Recorded TV\Sample Media\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.KRAB
binary
MD5: 2280b42334f69ed49624710818b0087e
SHA256: b874bf93f135e6502c397e6a0f8b01369915a1833c3de79b79afad7e2ff0a4b8
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.KRAB
binary
MD5: 2f0ae23020c455c5159d78dc576bd71d
SHA256: 0135df51084151a964989ded26c986c5fdaee8d5892005ddd4ae10818886b5f1
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.KRAB
binary
MD5: da868cd6ce24273205d0ba1fbea8da50
SHA256: de11d4ffd6e9f8f84937d33d02cf360bed0d85789ac2b7d0007c72b1314284f7
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.KRAB
binary
MD5: 6e6518d32e0626d17d640329191ba4c2
SHA256: 6a2af531312c47680b7ace91d92cfd2c6f03ddff11ca85e55945c96359b27775
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.KRAB
binary
MD5: 30dc7147f1243b4c46028f8c0937171a
SHA256: 8b425d1631b684c69e787e22490accba77f2623c2a1eb9519b484b47462092c8
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.KRAB
binary
MD5: 42a52eb866a6c05a28e772401ba45061
SHA256: 196be7a6fa01560cc90ccd575ea0804a94a0f2a018bd4990e5a47484e71a953b
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.KRAB
binary
MD5: 6052ccf8d2df9606f6a8338f69673017
SHA256: 2bda569b453b2261d888a1aca7a0fd3835196dca90cf0a86da3650b08d8f14ac
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.KRAB
binary
MD5: ca17a5c97acc7f4c5455f8b20862e2b5
SHA256: 6d4b6b6dc0a2a266417ca8dca7cd8be2ad1a195aa9702a39345c07fd721f8ef6
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\Sample Pictures\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.KRAB
binary
MD5: dd70dfaa50d13b8ba2624b06c0ac19d3
SHA256: 2d8cb99ad213b6e2cecd0e723106239c5e0353b743e7c475cb77db31a08e5e07
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\Sample Music\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.KRAB
binary
MD5: 561cba5d0b7c965daa07dd588d6b289b
SHA256: 4b96fb4e1b33f1e7d563c7cdd7c43b4a2ad9f9cca99acdf5b499e49a087bb985
3528
gandcrab 4.1.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\Public\Pictures\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Downloads\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Libraries\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Favorites\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Music\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Videos\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\Public\Documents\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.KRAB
binary
MD5: 7f9e1e492027e62f719420d798414d85
SHA256: 909a23acbe859e6c3b765aaff88c5903441b1c8dd87335b87b88edab92938a73
3528
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.KRAB
binary
MD5: eaa0180419be9cbf83508dc94689a2a0
SHA256: c250ec821fdebeb96a7cc44c42fdc722e024f45a4ccfdd3d1242b27c14930943
3528
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Searches\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\superprinter.jpg.KRAB
binary
MD5: 98373912cada7f899483e1e78d46d3e5
SHA256: 934bf53f60ab5906f34caa5169e081f6006f3247c66e460793e05192fe2f06cc
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Saved Games\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\superprinter.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\ratheridea.png.KRAB
binary
MD5: 327244fd7f0a628c798d877b04aa5047
SHA256: 17726339493b3afcdef73bcfc6ef91cb27ae8439ba8b21102b9340356497e9db
3528
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\ratheridea.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\iceoffers.png.KRAB
binary
MD5: ea220cbe9d2a472969a140792cacfec3
SHA256: dcecea24e8186a51d35a04d5de8ef795da64d15d795fd5d52874f9ab522b34ba
3528
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\iceoffers.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\ntuser.ini.KRAB
binary
MD5: d77481d3fe7a6cb2f4b313e1e389c5d2
SHA256: 2be92e9f4f0b9b1abf60fdd705e48ca7102b9ac5790f7e8b884f95e9ff024bb6
3528
gandcrab 4.1.2.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Links\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.KRAB
binary
MD5: 3cfde5c9860fd1f98ecd2b8121ded637
SHA256: 9c5874b7325a9a52a33ea72ad2cf53602a06f28c75355ec1e98f05b59c4f152e
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.KRAB
binary
MD5: 2647de473ae0216043c6fb0350d1d761
SHA256: 12a67102daf535a74e4a1ccd36905296369a4f5ae70398398b334ca95c793885
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.KRAB
binary
MD5: 960b69b1756d6164a5b6eaabdac5077e
SHA256: 3e1b810b5cc4e30095957a631f79e8e721be4167eb024ce7f704ed42c5692b27
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.KRAB
binary
MD5: b461b9ec22c779a6ecc437f6497eafa3
SHA256: f057e20ae1eea5fa62d16c040fa23a563bedecec94af0081455bddc3037e584d
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Windows Live\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.KRAB
binary
MD5: 2b8b64ac08b4e258835423f04e45e44a
SHA256: fd8949c0ab8de060b01eba8700f2c3411f570e2ccad70293f4bfc108dd285879
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.KRAB
binary
MD5: 6afcc2e0d39e5c75d6cd4ea563df413e
SHA256: 081982fdada171003af24b7ef2a2ad36ba56b8cfc652c84ed5484981769654bd
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.KRAB
binary
MD5: 13022d28d2fb5a7f9918e62f3306ac49
SHA256: 14a3eccdbbebab827ed0ecdbc58ab6dd08012f7ce37f35fde60ee39fb26105b4
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.KRAB
binary
MD5: 670c832f1f24612845c2705aa5b4d831
SHA256: 452f95629b9563512ff1b27b743d120944754382295a3ff829f52b1b3c6e0dfe
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.KRAB
binary
MD5: 9e5949d8f684b5e9f889f2bb3d2aeaf6
SHA256: 089f772e80d60dbfebde7d4458ac39b3ea55ec2ff3d78940949a0314d51e77a7
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.KRAB
binary
MD5: 9fece87bb4c77d082843b445fc5de0f8
SHA256: 2c266fba1039fc473670b36c2c602132b9d209f6211592bc1f761812d737590b
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.KRAB
binary
MD5: a6f7ff2982e1d4fd347ca6046daf590b
SHA256: 057cc6b8633c722c0dfe27dffa5b565ecbafc3058f0d58b76c8a046ac64576e8
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\MSN Websites\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.KRAB
binary
MD5: cc11dff017ae5d381c93b2097e493ff9
SHA256: 3f45bdc6b85f7ab2f909a81e952cb447ce8bb31c57f9ddb79021ab19727acc23
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.KRAB
binary
MD5: 85beb8a2feb31f4eab6880e25248f410
SHA256: 1822d2a75ff956f07772703e5c5249cadd521f6770346b4ccb14f00fda406c2c
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.KRAB
binary
MD5: eb49709ffbd3a1d25372f1ea8405b9e7
SHA256: 613cfe0fd91b526c243add49a47ed0e84ad6e823e422a203e30949cf89a08fa2
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.KRAB
pgc
MD5: d6cbc9edc87c23cf5a1da9814e8bb097
SHA256: 4d2e902ffb1b0ff75a190d49729fc1dbf4f25708b63c883f49d3c56fcdf56090
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Microsoft Websites\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.KRAB
binary
MD5: 35da1a6a311ff4d5f626c836b26c8ddd
SHA256: 86655f5be3ee6adb261dbcb8f6be17f78c28538f467908fb2c7903bde7ca662a
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.KRAB
binary
MD5: 52a380528679896aeecc3a276ffc6eeb
SHA256: 9317f5079d3b20a81603c8cd711ffd262974ded3b2f838c1fe99590d5ca11ab4
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links for United States\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.KRAB
binary
MD5: adc628838b4344d459dfcd1db8500452
SHA256: 68e1b4411bd6f1ca86b571c8b831c6b201c8c14e207cbb7253b461f060962458
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.KRAB
binary
MD5: 8736ff55cb3b17c595a53d88af4b4d11
SHA256: 3370b9f3929b8cef671c4de4c2d90114d65f8cb1a3ac900015c8072f6dee1226
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\Links\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Favorites\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\ratedmembership.jpg.KRAB
binary
MD5: e45a502ab3e28184c1f45c893d2d9618
SHA256: 0ebf87fa684c8ebe3b189d52f8d3025d3c9010d5c948e505ecde6b5fe995c998
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\ratedmembership.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\mapimprove.png.KRAB
binary
MD5: b8368ac3becd57383d8c6248cdaac519
SHA256: cd8b363a7d977331f65d19a245043a735692ecd71a947a33cc8687450af9c544
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\mapimprove.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\libraryhall.jpg.KRAB
binary
MD5: f92de3e79e77ad006bc440ef94146ca7
SHA256: d4b3a61c970dd3167bc24f6fbf02519784955084f0a95d1a37a9d3207824fd5a
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\libraryhall.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\individualboard.jpg.KRAB
binary
MD5: 3d1a1f6d2012100a30a769486a313008
SHA256: 6f789e23f1df0a6a9ae94b24fc0708be17f0b8d2c1987f4c2f2d3d490cd449dc
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\individualboard.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\clientswireless.jpg.KRAB
binary
MD5: f8ecba029f21ffe4bef815d064590a10
SHA256: ac7680fcbcef36ad0005cd5e057af93947172511c387908f5d177700b90ae16f
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\clientswireless.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\abilitysimilar.png.KRAB
binary
MD5: 03a2e37ffa849b11edee7383c3ca597c
SHA256: 39cc54d0d4302cceb3ff7238649aff36908e437c515d0442ed928260ca268563
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\abilitysimilar.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Downloads\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\yettrying.rtf.KRAB
binary
MD5: ca2e63901dc8086d8f55a715acf6dfc3
SHA256: 7dff11ec3372bd5858443103b46118ef0f745d32d2e75b4c22e1eb5f98ce5e79
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\yettrying.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\steelsearch.rtf.KRAB
binary
MD5: 7965cfbe60cc45cfe0d9ccc98941a0bb
SHA256: 681c4ca01cd9ae43ba9c004717772be6bf8da179a37430d4f155abe8ef0cdeee
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\steelsearch.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.KRAB
binary
MD5: 4305b4d83d83fb0ffaa8f48c17793771
SHA256: d84081d99b025f523a3b8c1aee63a70f9d97e7c99a0755e9d91e438744df632f
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.KRAB
binary
MD5: 6631f82a345d4fffef28b7a7f7f36007
SHA256: 7bc0e918af7a40d7ff058fdb1cf8326d0a4392e2951dc51f95aa4c46ec06cf0f
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.KRAB
binary
MD5: 65046ff79232fcdc4a5e4d6267149764
SHA256: 4cae44e768df31fb31f7a5e66f7d8beffbe5cf6d362dd3f225a462321036f57c
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.KRAB
bs
MD5: 52a88234cbc4f3ab023f8c5aebd27aea
SHA256: d4c15ce04505b7140c57b1beafb83b65d5e5e35b2ee92bba32c2f3c45d09f81f
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: e2bf67f12a13af0740b9b3f8c4a69efd
SHA256: 1eef0bdbba8aeeff19f40c86f4f6a8a7a0f1891d9299db437ecda9919f8a606d
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\Outlook Files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.KRAB
binary
MD5: 5294197525f33b170d01927d3a110c87
SHA256: 1b4d5bdb5386218aa37ab8b5860352bd4a1ad9165015ce2aa2b595e9a9e65f48
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.KRAB
binary
MD5: 9524fcca24696db1d8d7122b3a343171
SHA256: 9d7d8feaafdf748be3f7a4a748b45b33357daf9c0626988615a5d6323c1e2ace
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.KRAB
binary
MD5: 5625fc8d57981e0143f158115f0e706c
SHA256: 823ae074be95867a644e5be856b53e1693486681def7eed6222a6f7b3fb77baa
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Videos\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Pictures\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\OneNote Notebooks\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Music\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\effortrunning.rtf.KRAB
binary
MD5: d72915c48b4a0e1f7800f6ddcab798cb
SHA256: 13d2d571c55efef7c4eee3d12f0d6d91363e8ff1200a566357c5be56c1510f7a
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\effortrunning.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\developmentdescribed.rtf.KRAB
binary
MD5: a858863d630b2c55297ba9fe2e7f2bb6
SHA256: 2682fb698ae05ae47a237efa6a1fa6ac1a5eb32625f9d32a3614538a0d4ba73f
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\developmentdescribed.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Documents\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\stepweek.jpg.KRAB
binary
MD5: 29ece6d05f16a1d30fcc13bcd93c23bb
SHA256: 3318b33aeb64443b827889219f7a4119b5a46181a590c426918c9dd08d970685
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\stepweek.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ruletelevision.png.KRAB
binary
MD5: 7f34405374d2640f2a579d1698453348
SHA256: b345e62b9ba733f1b32ac084d79e5efbce5664f440ec6ba400fa614a540abdcd
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ruletelevision.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\purchaselines.rtf.KRAB
binary
MD5: 4eb4bd54a56cad1465671b91f325935f
SHA256: 2bab34e35324fa586c93a514aaa32887219df1bfc159f3061c4829df4954c345
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\purchaselines.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\manufacturingsources.png.KRAB
binary
MD5: c5de495c8762c415a8b59d417f0edb12
SHA256: 57856d007f2dba66c4e9c1fda7390be1058b2a1bdb67d3db9e651d1d4a99535a
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\manufacturingsources.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\functionsregistered.png.KRAB
binary
MD5: b6ef1588b0b4a713350e645ea9dc8f94
SHA256: b0a5f5fb46ea8ea9af52b468082c0d9b1c72b17b77e8fc71d3e880470284801a
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\functionsregistered.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\fairreported.png.KRAB
binary
MD5: 38a695c6e13ce793ba0e0fbd9b1a7c26
SHA256: 7d41ee1533b689477dae13b8c81559091ac6226ee88d6fa5d1b9b1f96e17f674
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\fairreported.png
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\cumdelivery.rtf.KRAB
binary
MD5: 9dd86e58c3952cc7e51dd847978cb94b
SHA256: aff042343f218edbf15b154802faa0e7ad2f1db5bdf4cbe6fdff8b373a23f5cd
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\cumdelivery.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\christianfocus.jpg.KRAB
binary
MD5: 794ca784dd1d181cef8539fdd3545e02
SHA256: 87a2b624d304a0ded657dd43a78d15b1b4381faf4ba2439bb2b3e2ed6a60f3bc
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\christianfocus.jpg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\advanceddifferent.rtf.KRAB
binary
MD5: 9f24c7f6fba7c08e691c4e2f337e1c91
SHA256: 53094158887e352c71e8030806cf4c57468b6dd055e513ed8304048ea1de87f2
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\advanceddifferent.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\accountdisclaimer.rtf.KRAB
binary
MD5: 34420b1ba3499f14ca7f31121a203471
SHA256: d4c504ea49018939e6f6522321a2007166bfdbb96057052f0d46384020d579d4
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\accountdisclaimer.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ablemodel.rtf.KRAB
binary
MD5: 8b80751d0de55bc7b6b2339592a4c2b4
SHA256: e2cff4245aad2db14d00cadb1892e384aaa46776f3123541c8d344914938ba70
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\ablemodel.rtf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\Contacts\admin.contact.KRAB
binary
MD5: 4d606aa391ef5a34d09982987d2c1ef1
SHA256: 9d0b7bff67e3bb2ae511decc0a14b3dc0f94f382fd14d1f29c96457cc8325705
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Desktop\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.KRAB
binary
MD5: 7b9138ad215f6c2b25e35f642326fbc3
SHA256: 5b0368525648973fda58b51e51b888562898363e0a6309fe31c3611dd25e2e8d
3528
gandcrab 4.1.2.exe
C:\Users\admin\Contacts\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Sun\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.KRAB
binary
MD5: 18e47ad81e9c3f68fe0287a02b64dca4
SHA256: 3b4f648e30846cdf8a0b8340c9ede64018d8008179863b71b8cd674892df9f6d
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.KRAB
binary
MD5: 50d4bcd015ef992fd63bcdc54e112ff8
SHA256: e0cb8d8b481259722774bdc8ba2de56e5149e89e07d211bcb6c3ab8e08e62e1a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.KRAB
binary
MD5: 0a58c926ecb24a1b2d3dd8c851f57ffa
SHA256: 946c397a7abf914bac660f7f3d35fd5fb06588ba617ad753f4cf59cae39fe4ff
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.KRAB
binary
MD5: 0ee2594dfb484892760eb8cc8bdfe464
SHA256: ce71a14a3a1938f1281b123f04f560a267e8ade8679259cb7a296d7dd78b2f72
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.KRAB
binary
MD5: 02e0c428050de88ac2560e534a78e578
SHA256: a564ae5779fa459e95496b7a81ff11bfdf6a53061295f85b613859bbe0f21c1e
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.KRAB
binary
MD5: aa23be362a007a41d9ab36e6716196d1
SHA256: de9770cd127544234a6032777d715a9f24ac6fdaecd0a4620590d66fc4ea4534
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.KRAB
binary
MD5: 69dff3ac3d0297bdbf52a2a190de13e0
SHA256: d1d50c48d6eb3cde63a45e8a450996da09e11430a48dd591a78ea4f3193bad16
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\logs\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.KRAB
binary
MD5: 0b2b73eed75d6275e5752de52871c41a
SHA256: a33c17722af6b27e2607c92bf4c8e40a58dff72f49bc51203e98f33c3fdef0c8
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.KRAB
binary
MD5: e565e77c168db10d6139062362a95d57
SHA256: a7be62caefb213801b525dfa07937469f3fcd53c4c2aba14595e0c784b7d4105
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.KRAB
binary
MD5: fa17f2088553d8a7f0d5a01ccc9d242c
SHA256: b367f249296ad807777e0931e8ec5b9551eb5774b7ce8e5642cd1a8cd4da68ba
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Skype\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.KRAB
binary
MD5: fbe61fb8459187ee48b64996aca4cf93
SHA256: 9fdf84710c48047d6016912a71125e4da12318efbbf686d3674a41c9e21896f9
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.KRAB
binary
MD5: 5311f576df34d358228b7c90c390ddaf
SHA256: c4e84da30411003e59a55643ea8304bf051c2bd61ae1597ea2ce80fbd02ee8d3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.KRAB
binary
MD5: 199c76e2cecea500277e7d7e011fe823
SHA256: 6bbf55d342bb8cf8d599be4c66f62cc4bb9dd82d571db262ad1e115ccbdf8bef
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.KRAB
binary
MD5: e3e6b6366be5387f3a34759d9c757f6a
SHA256: ab326e1336870904760a1eb6fbf468d4ef2bf1fa4f44e1a2872d9cfd42459945
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.KRAB
binary
MD5: b5a508c1f71826078c20fcaa41ea877e
SHA256: f21469623c26dd838680da302e783568f0d7a05470f786b1cab667805f0c1a22
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.KRAB
binary
MD5: 3e6cf93b00697bb38fe710b4a8a3005b
SHA256: e2d6047cfed612001a9b0ef3d7091edb274c40a427876176e52755952d107857
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.KRAB
binary
MD5: cf8cda7529b985b29ef4c872719319de
SHA256: 7dea6d880ba94676b91138dcda30b9545662cbc82a21cea5f53633eb2ca455cf
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.KRAB
binary
MD5: 9919d36383b756afbbe0876768fa6d78
SHA256: a1402742a12e3eeeac0a38e57325d958311c82188fbe80626a7f1965cd30f34e
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.KRAB
binary
MD5: 9c262babcf0b0e35d19eb6bb8ced3ab6
SHA256: f20688015e764628aeaa2f1e3557a4b14586e9774d2528a8cce1893c67c8e530
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.KRAB
binary
MD5: 56efc5aa90b60b1e8193927a2b5fa9af
SHA256: 8db0ab710a4f4839e6547b8cc4b43ca266eb9f5ae36ff58351940d51c63df70b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.KRAB
binary
MD5: 001bba1363c018ae6d51dde87bc8147d
SHA256: 589ed7fbedd953758bb30387b838c3f4342e641e972a229030040a3b40b65e98
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.KRAB
binary
MD5: c936031c9c48d247b464a3c93f92191d
SHA256: 0a8b02a6c6e00e830bbf81c3a34384842742cc79e670d5918e85f5188b0de0f3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.KRAB
binary
MD5: cf73cff64775f6165269e4a6eead3963
SHA256: 5fbe67a26c22cd51235b9debd908665c1ad537c67417d480b86f5b739a878022
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.KRAB
binary
MD5: b2ed1f94b3bacb6ab147f4eac54f9e74
SHA256: a0051536feff85027d38f74b8c290e95e56fb6c4b447224784fcf6f894673016
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.KRAB
binary
MD5: f752cec89735707765c79f97c32fef45
SHA256: 4d4d0c12c80de4675cbb1f83f680c6f877bff3eae4171226319b8b324f33daf9
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.KRAB
binary
MD5: 5674f8ad0dbaac7592d33482be37fecc
SHA256: 94d4d8f3460b90cacbab93cb97de21da7596ffec777f94b6afb33a5e6eb07c1f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.KRAB
binary
MD5: 540b58c23708dab8633526e1109acbe1
SHA256: e29447160a1de54131a91e3b8490259dcb4cae49ff8e5a5957e13807bf6ddd55
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.KRAB
binary
MD5: 0e9985d650f9d40367591cb06ec7a7f5
SHA256: 9419daa59d54a6c596a66d019f287bf2cc962a7b4803adec4aa36c507586c798
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.KRAB
binary
MD5: ca42d84e27c614451adf937767a2020b
SHA256: 52f91fa188d1f7f4436843887b764324776aa235b70ecaeb33b47f7f2283aee4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.KRAB
binary
MD5: 3188a105db4919c0b865d56469136d17
SHA256: c6b735a53630657cbfaf84b08a12c16f5634c35be3f6523a82a7bf1a1b5f889a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.KRAB
binary
MD5: fea3268bf90746ec311af903bd04f44d
SHA256: 6bb403fb31be2d3adc4c1cc8a878c028894ee79890eee928c7d89f61faffeb6b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.KRAB
binary
MD5: 56fd2e673edeaad194a7f3159381c845
SHA256: 80e345a9ed7bcbec38b5e431064600eed91884e70f04aa6b679ef3eb188ccc41
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.KRAB
binary
MD5: 96391a6728baf0c49ffb2f177d1a4c07
SHA256: 3377dce0ddfd9ff5565bf96ca6095fd79de12a14ceac601c1e2bbd12532cb74b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.KRAB
binary
MD5: 441490ba5627ff9780fcd53a9739f989
SHA256: 3052f721983e887d5884f946cacc17558361c1b702e500df9db20da9a9ffd990
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.KRAB
vc
MD5: 66c4e53f78ef9b5d5254fe0dd0b2ade9
SHA256: 123285066174699412e0d0756b645211ff221c943e1bfef5a2a5c398d8c83524
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.KRAB
binary
MD5: 5354603d9df7cc6821811fb3eab131c5
SHA256: 7dcab27f87c888cdb767ab647a72c95dd7034ea20a5b6a65c41337b3d28e4916
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.KRAB
binary
MD5: abe6553e7275eb7312d3109a4671c28c
SHA256: 071298d425ad16ba36941bcd622d39a98e89af03d4936799306dbc81e97f41c7
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.KRAB
binary
MD5: 9f0c0ecc84191f708115ef893323b2aa
SHA256: 5dc33aa0c354e46434a8dbb86b3ca7e13dab8132f0806976132b1deefc09fce1
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.KRAB
binary
MD5: b855be73497499743c1d750ae17311ac
SHA256: dcf7fbfe4b21a90942575636780ede4415adda713c83d6a7f4773d3b109a32f7
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.KRAB
binary
MD5: 5cc2670ffcc6b810503d7229675a0f9e
SHA256: 80919819697fb529fd47272b02748330e94e4c656a96a7a59513d5e5f6cf60ea
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.KRAB
binary
MD5: 4c9dfc3e591d6efa70eecefae5fd2c07
SHA256: b39eea65da768549b28c4f9b0f356a08e3ad4d1e0e89cbd493b8b522c27cb570
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.KRAB
binary
MD5: 90aa961a2830541095739545511d0cf6
SHA256: 6792fe7e6b221d81e0505ff6eb0029944ea1e4be8422687875a5ac5cfa743fcc
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.KRAB
binary
MD5: 5062ff9fe0101e50995c55b1383c8ec1
SHA256: b292f4a2a308a0b9a563b8f7eff4987adf0b205efbe853f070254a29e13da16a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.KRAB
binary
MD5: 7699559c8513bea5cdde7ab5833dae72
SHA256: 5258685167ded3fe45485fbe4dea66176b902e7c53d99dfb7c3b141109ca6df3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.KRAB
binary
MD5: 2032d0e6b481a8ea43d0fe52dd9e35ac
SHA256: 9cc6017fcbb47c644eb53354d4a48a9bdd488c2e5f781593162156207c25a565
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.KRAB
binary
MD5: 8bddfcee66d373c70e0ecaa63011e021
SHA256: 02b288f72160c561e079d1a3cd3414d2c39d210f3bd869b38fbaf4382684175d
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.KRAB
binary
MD5: 28baa73aea7497be709add9a27c28257
SHA256: 60734c1fb85280ff5c7ffee262dab7758c53e781e4561101e5a55744529d0b62
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.KRAB
binary
MD5: 8bfc2db6c0fa794f10b8b333d33429df
SHA256: fc49db2f5614db352ee71f0186b2d1e1b38ebde1047cf6f92904ec9e230f50d5
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.KRAB
binary
MD5: 9cdbafaf6bc399c1e0f6ab431088a9ca
SHA256: b4eb52d413c0083bae61f652e0c36cdd379f2bbf32d245b5b0d2c04a3f0a296c
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.KRAB
binary
MD5: 348abd2967011ba019271fe40ef16b18
SHA256: 00cc91e10603f81401264bd5fd5bec15a449179a7bdb0e8732078fd325e87d0a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.KRAB
binary
MD5: 43965737a3089edde3c6f0c4a320afef
SHA256: 0bb36ca35890675e440ef05e85fd4f0ee9de7d98a44ba7242f0d834068cfc508
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.KRAB
binary
MD5: dd14e547e2688770d877f09cdc0bbe8d
SHA256: 29c3046b6428b79456d6d8fdd6dc61f3f5f73368f7a56fd826c99a8e3e0c149a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.KRAB
binary
MD5: 366b2385fede4582fde473b42f12f2bf
SHA256: 50bba39d7b6c27d8daff34ba952edf9812ff679aaab79c380ef50b43dbdf1768
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.KRAB
binary
MD5: ae9cd5301625171095e6da8d84726106
SHA256: 0eb88f59b199b4c2a21fa8cb2d2ae80547f8c6481bb71b0aadb732dda1f3ea54
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.KRAB
binary
MD5: a99eb1eb7c4d59a9a14ce076b9565679
SHA256: 390e2761a0588d9d8d427de6b9fc001483ba92b6b933f20da73a318b3c44f50f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.KRAB
binary
MD5: 49a6b9c94e19d25005590c55b1ddaa83
SHA256: 38506d8c06028015c1ffa22a75745068148348ee8651d8e3bb240f27c569a467
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.KRAB
binary
MD5: 9804f4ba88c33514119f69a57bb56bc0
SHA256: fa57665ba5af34a3432968c171f39f3fd01513cc8e09a5e0b26622977fe13abd
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.KRAB
binary
MD5: fed50f4905cee2e9ebcdbb6f4fc07d3c
SHA256: 31b21f07c7126ea19d5569323eaaaf59c0e86ee682ed4626981f9da34cb17d36
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.KRAB
binary
MD5: e06fcd54881029972b6ef574c5be5ae4
SHA256: 8713cfba0b5e0c01e7e6a61f8660426ce607fa34d6741648819f437e1edb16a9
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.KRAB
binary
MD5: a59b28166e964f6b0537264ff7e1f206
SHA256: 5e1fe12ccaa0331c966001d703cd895e6fbcea73b8ee3ba9dfa9d86649f99595
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.KRAB
binary
MD5: 39a90547a004f0ca9c0a9e216dec8891
SHA256: 83d5075b307425f4ade0292d577406a436f059601378bf34c7ac9a726d8d7d94
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.KRAB
binary
MD5: 6ea63eb648d778b03136831a01fedc07
SHA256: 85b5686d8ca357ea2a8830081fd7fda1de0cc2e20d6c78a2aad1f04f9f9c92d8
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.KRAB
binary
MD5: 5eb2a0172a39cc9e2b4ea00104d4e0fa
SHA256: f37235f263870e7946842c9bd3c33cfcac107dcef8df918c328fa38363f77e5b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.KRAB
binary
MD5: 40079bd49eb6ec564c8c3e08f5714ecb
SHA256: e3df0e1986e20d7b463f453d6730d746145e0a6e6fdde243313ad51e2b10c649
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.KRAB
binary
MD5: 2aa842da1b1d8704cc980dbdc942190a
SHA256: 3a0d32d4e01996882883994f1a83c759c433e5fd88191f465d546baaac6fcc3a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.KRAB
binary
MD5: 39c8eb3a69cff580eb5fdca1da8f36cf
SHA256: e316495cfac19ef22ffc01889f33586fa33fb2d3c774b8805a120f428646cbdc
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.KRAB
binary
MD5: c8f88b5d9f610085364433d56ebdbce7
SHA256: 167763280b2f41c01c782c89ccdf76eee31ff30b38ff4757fc25ea30c42ab75f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.KRAB
binary
MD5: 388338d6b93de44bfe50b5240ef090ca
SHA256: 4d1edcb772b7efdacaa42fd0bf7e4f046753e1d50c0f7c1ce00c7d1dc5358dce
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.KRAB
binary
MD5: e482e3c72e02eae10e18ab8942767496
SHA256: ab0c3c96bbbbeda25cd3dd4c9ce8ce0c5bb6dfb90370d8e199663179f0d83b2a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.KRAB
binary
MD5: 4a8224a8d9794e5d805633a2eb377763
SHA256: 75e5518622dd2937a57826126580b5539a4d51fb82fadd7167028ccbf4c41762
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.KRAB
binary
MD5: 1cf0893e43eb13f37f6b3e0e7cbc030e
SHA256: bf1928eb7b75684f69bef074e954c0cfd46a6996f0e5797ae575ab0cc7d59ed3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.KRAB
binary
MD5: dbb683271159160c26e39416d3a063b3
SHA256: 74612e573dcc671d84277ba5cfd1b5adf9c68b1131071bf7fca325d89e1d9f5d
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.KRAB
binary
MD5: 6f64b15e73f16f4f3b095389eabc19c6
SHA256: a216151022fd888be6b256b51c08e32d7165e3c020d552b36bd3bbd687de60f5
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.KRAB
binary
MD5: 30dfd0370d53eaaa1acaa3f36cbb6d8b
SHA256: 4fdb75b2ba1fa372db5b385e514dc3245f2a7d7f17d35777d6db068c8bf9e5a6
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.KRAB
flc
MD5: 9e19cf1d15e842947f55a269986fc9d6
SHA256: 13504ce96ecddc1cc98bc5a7aae701703226b56121b6180fb7e45510d3ee2144
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.KRAB
binary
MD5: 0b48d96828f465680f99c1ce761264de
SHA256: bdd9f2316b773afc85ec2f09b055b23ea5d24d61223388667973d35cc27bd7a4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\journals\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2.KRAB
binary
MD5: 046a89042dec0836f11fe02fac3de8a6
SHA256: 3d10e912654868a3f6052245298bb92589f1bdfccf39f039d92550011c159b4f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.KRAB
binary
MD5: e6e15a2022d829c26b3d5da116eaff3a
SHA256: 9dbca1628fbe3b7f4161f9a09d096854f5091b5a90b492983b0518981558708b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.KRAB
binary
MD5: 0d982880fcce1294f27c0b70c6692448
SHA256: f314d28ff72e87ff8285d5329b7761906456224d7a31427896c2bcc65572fcbe
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.KRAB
binary
MD5: 8e53eb91ce504f9d482ac57230e0e66a
SHA256: 5d39c9e346a545a582c3212af945cda54f577d1cc5b81ac8d943181ed46cbbe7
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.KRAB
binary
MD5: 8ab6d848ace3e44a93768054fb0d6a17
SHA256: 5c32ecf6ca7e00a0670aae758888f1b3afc5c09fd82475665868ff1c14bc5dab
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.KRAB
binary
MD5: b4312c9a0656b9819106fac048d396e4
SHA256: 223f68fd3ef33321fbf46d583516d1ff35cd7f39fa2392e2fc6ec644b76e774a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.KRAB
binary
MD5: 4a9e5871710cef022a68455367001355
SHA256: 9bf8d9624d40472365f726c3166f507c94026c566f04483e36f6beccbeb42ea6
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.KRAB
binary
MD5: 23283ab44e0416fc2dec08da08353fff
SHA256: 9c8763843226a57fee689f4ef43ef4648b56181a8568d290316b2953147c46ac
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2.KRAB
binary
MD5: 8a131786879b322f6dfb756549d644e4
SHA256: 29c539922f45e0980fc79ff57086a0b40b754bc99111c18f91c0468ae18e3e51
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.KRAB
binary
MD5: eb7b587b6b29e2d3728f9ef8d96355fe
SHA256: 7772e0736d683c1b5d4c16136dac2ab2209879e0332adf86af06ff04730c4b4a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.KRAB
binary
MD5: 72733c48267ac1feaba1192562322317
SHA256: 02177c660f003b213f3afdca0d7e1e9cc3cf3daa1f8982173ecbc19a360a632a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.KRAB
binary
MD5: 1f46f80cc5229dc46c837ca5dbbf462b
SHA256: a060162458d34a1362b702633ac4e488553750d6beecaf782391f28fb098c082
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.KRAB
binary
MD5: 4926a3eb83214f134def47ea7da205c9
SHA256: 855ac950ebeb54b7f30cf5507ae74f00e5e8e585189195f431548c9a2ed89ced
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.KRAB
binary
MD5: 1cc8dcab9d1a925da4ba2acc490dcf6e
SHA256: 39a9cfd6f178149d88d4f80da80114bb064ed479dde7a1af498f0148d534f9eb
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.KRAB
bs
MD5: 06d87ea33c7061874fabf512fa687e6c
SHA256: 3cc9689c6af10cf8f987c3e8562892f36a7fc7a1bf1926f801b93ddfba9edb88
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.KRAB
binary
MD5: b2efbbfe1ac0d63409a791574e4b7cbc
SHA256: 914c76c8f513252e6380a2714caa097699c3ab941794ab38b16d6db088d891d6
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.KRAB
binary
MD5: 0c40c7a65102358824623bb9f3fba723
SHA256: 7ad6aef49647807b03940b60cf62f98b26ce9c64ba4482323ea5a365f1b0dfe3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9.KRAB
binary
MD5: 47fc22a35298b2b7bf0b44f051bfbd27
SHA256: e7129b509e957131ac36f9d9d5c58d2364b54d3e2ab76aa4b489c0b6f072a8c3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.KRAB
binary
MD5: 352065b9610ae2c945353d62b8e27f13
SHA256: 5041f95f2e61835ad10b23841ae51e5881226e904f6fee3931bd44b4e087882a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\3385f807-8392-4197-af83-7cd884348d97.KRAB
binary
MD5: 3529440f715ecc4da0518d7efc8fd369
SHA256: c98c4ff780b57188c8306dfe370da7c549c558f3d8e04e1763e2d0be5db1019b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f.KRAB
binary
MD5: f5475e022a38428b3ee452467705fc20
SHA256: 7643760bb8b243e160c3dc255dabc52497900594b416112c43fd01e21f068ce7
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.KRAB
binary
MD5: 044752205a4d400e01aa229fc2d6b223
SHA256: b811a05996fc19defd2ffd9061aecbad2a6531e81b97466d256db8b388f41bc3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\3385f807-8392-4197-af83-7cd884348d97
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.KRAB
binary
MD5: a6cc73de2cca376c833c8db5eedd63ed
SHA256: 6a48f09db9b041dfad2a53287790dc69067c936bbce630928432fd6b9555760c
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.KRAB
binary
MD5: cac79f90655a480f17a761e1737852dd
SHA256: 62fd287232815f941ffc9f5ac2f3e56da21431b9baace150933e6dce53ba07cd
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.KRAB
binary
MD5: bafb84b7ce2ce9a550b59c60f58d139e
SHA256: 51ca7cb05ba5b6c5d0be069284f7ffe706850782e42538b0f96a42d5257ac2c1
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.KRAB
binary
MD5: 9acac3962c5f7b0aad66f6942132856a
SHA256: f94a8156b9ae615f5b6e922d6f054fbaef8187204ff0d9f5877290351ae3a504
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.KRAB
binary
MD5: e7ca7f50c6b8ff6fd3a1a19cb6b9b2f7
SHA256: 791e810900be79dbff110f494c3a2a4bb90c07f12c9688863269ba96362cac1d
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.KRAB
binary
MD5: b7d0acad3620a6d5f6d8c6257b0d274e
SHA256: 23358990f2d24b9820d398d2bf356cb188425aaa4be40a47da24cb4f3b843a60
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.KRAB
binary
MD5: b5cc92ab8829ad55aa0a618225b557a0
SHA256: 8fd6f892843a6f7c3bd582b169242544a7d4a652a6a026fe650fa793c30f4604
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.KRAB
flc
MD5: fafbecaa3764b0c7cec3167705b7bc3b
SHA256: e95e277444a04a99a2dd5078c5feb83bed42322c0d4654ec874908a25fc6d774
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.KRAB
binary
MD5: 38923fcd36eaf57e3a231a1ab6767c52
SHA256: 8878136721bfec7c70f6f24938b96fe53d871471256f98a0472d98926bf8fb56
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.KRAB
binary
MD5: 6b14e156722d56d41f23e3c876be995f
SHA256: 65242a4e6417cc9cce238cec10ddc4dbbfa1f6cb58c747b2058034789c2cb88f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.KRAB
binary
MD5: 80fee7a2a1f5f282db0f28633ce0d12a
SHA256: 78b9a2278cfc05d9e89d11d9041d1c2367b7bf634a5188660de812a655ca8f32
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.KRAB
binary
MD5: a3e323186331769c91bd05f1386a79ef
SHA256: 97d01d5722a813de577f17583bda052d800f63309a2d8e37c153e807fe7d79eb
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.KRAB
binary
MD5: 9d9de45c1cb9f15919861212006090e4
SHA256: ba03c4f382406e1cc3beb22eaeea5b80edbfdeba5e87c2896281ef93fadaa157
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.KRAB
binary
MD5: a8db7507ca9d9d45aa7984aa96eafc06
SHA256: 8926a9ae434368fe2b42ab5f9f1195f59b95e691757788e43bc9463511b10c6e
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.KRAB
binary
MD5: cbb3575ed83ef2c8e29e491d118ad8de
SHA256: 2610b1bc1f65cda091a57465bc2ef12daee147099f0d48633c2d04b4b0251864
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4.KRAB
binary
MD5: a5dd9d1091350445544d97377143b634
SHA256: a07567ba9f9cabf968c90ab231bad72623c7cd8fca996ee840e015d856808de3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4.KRAB
binary
MD5: 860e92ae0e3e690af42be21616602bce
SHA256: 2019bd60bbd8dd5d99b74eed2984c0c495048efd31ab06df86a8feb225088034
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.KRAB
binary
MD5: 108fd4fdcd776a18f6e912425382715c
SHA256: 430954f6c5865e1a3be0cb39c40ebfbc27bada4ee6fec7dacb7ed96295564557
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581814.31cfc09e-97b0-4f3b-bbfa-28179d760902.health.jsonlz4.KRAB
binary
MD5: 41503c6cbddfde8014f4c6cb398bb4bf
SHA256: 108de0e7ea7adfecd6b91ef38ea39b5f76a314217e4e37051869c1e371fe2f18
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581794.3385f807-8392-4197-af83-7cd884348d97.health.jsonlz4.KRAB
binary
MD5: 1160808876d74a9e8ac9d333d59b99d3
SHA256: 3383f23cc0498f7d7c6f700ff90193f0989bd40c82e561f24757da4dc862b9a5
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581827.d57f8e85-a9db-4480-807f-44beb4836c33.main.jsonlz4.KRAB
binary
MD5: c2360908c9d82388168b01be4d7aed1f
SHA256: 96aadb76ec67b90ad08ee1214cfe7337d7719f4757b3a25a4d03799746f20c27
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581827.d57f8e85-a9db-4480-807f-44beb4836c33.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581814.31cfc09e-97b0-4f3b-bbfa-28179d760902.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581794.3385f807-8392-4197-af83-7cd884348d97.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4.KRAB
binary
MD5: b0c25fa47e4319f6900172782a09f4b9
SHA256: 12d1689315c8074333dda062f95bfb0b3e21fcc4c15c24f928e90f0da2d0de76
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.KRAB
binary
MD5: 2c711b2f2d89f1a67165775ae9737dcc
SHA256: 5cdd666ce90350119d4b5069132fa1f7d7bddfe587b21b003e4a6a3b92709eca
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.KRAB
binary
MD5: 27153b1e59d15a56c13d716e81bddca3
SHA256: 79b8ff3049845e6999d716275bda0ad929fb5b2cb3d3e86a81d43136884ec596
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.KRAB
binary
MD5: 751d98c3b2b747eb4a9cb626e9df6073
SHA256: a78ca21215031ca65fd230adb9d49b390ad3015abcf5c829f310e72a89e77bf4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4.KRAB
binary
MD5: 1d0f76df0b9f33633ed69177fc79e32f
SHA256: c5b33032bdab661a3cd2d89f6997867191dc6e79fb9318c03fe4d2fdefd56ad5
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4.KRAB
binary
MD5: 91d63637da9c99ef61e056245fd22168
SHA256: 4b8e008efaafd623ac01cbcf242fc9385c2a6a13077b0913e9dcb8933c8f5708
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.KRAB
binary
MD5: a0d81453e4161263642f8b13bb750d8c
SHA256: 5d82deb8f735b41130408c266a377f65adb79bcfd028f6f456a94f069d5a4725
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.KRAB
binary
MD5: fc12cec3fc7de6cd0158bcbef62fbe0e
SHA256: cadeb310c6f84054bfb458ff85d7c02958a43bbbbf4887860abad1a69d820c08
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.KRAB
binary
MD5: e8a40ba098969203a8b8f01d76696757
SHA256: 1135e3e741127cac2d781938cb03770e2f11b61f70dea613f4ad32f141d0d3e6
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.KRAB
binary
MD5: 24983c6153e068d3ba840551cfb785d2
SHA256: 0da8a7d1dde33cb452dc0b9045c3b789eb1637ec1a63310ecda74ea9878e06b7
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.KRAB
pgc
MD5: 6af5e6c72784f900472e705656414808
SHA256: 4fc59068c2952938295d98713e8c258d81863c728557156a589fdc632b57ca75
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501.KRAB
binary
MD5: cc83ccc97c14c001884d32dd72d91182
SHA256: 99c847512ee2ca2ae870633e53cf93b3eb6b81197e322fb93f01e4e4f0eabfe6
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.KRAB
binary
MD5: c6782cc8f56e834bb3ce7d85d4121a86
SHA256: 030fbb81e87ec5be6dcf5f92406add4444c58df0dae693bbe4fbab5672c552f3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.KRAB
binary
MD5: 8b4e3b8aadb38a4e137edc69faae093f
SHA256: 1150e9e338bb381fa9978c4ad4863116023e210157d28c548d066176c4e0bd78
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.KRAB
binary
MD5: 0bb45ae9718a3f4a054108d4d90949b6
SHA256: 27e76fc47643eaf321242ed9ffea71779382e308b8783a0fcb7bab78d403a6e4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.KRAB
binary
MD5: 65feee3ad11dab2320e601f7f7e9d13f
SHA256: b6e9c023823e66123a9edb723e3a6dffa880645fdf417ba61105bec3f3aead2a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.KRAB
binary
MD5: 3bf91ad4f5dcd554f7b00d6ba2f74c9e
SHA256: a4aacb9a2d0585f9f38ca7c95b2992001424341376575317e6ac9806813abf1f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.KRAB
binary
MD5: 0060be376c73b22ac5b341b25829f32c
SHA256: ae612091a46b4413e6e9c19e09ca0db59d1b518fcfe83f4681816e4a3002b951
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.KRAB
binary
MD5: 212bb82cabe2938ac35a54abc4779eed
SHA256: 5bcc0c2cde97b9bd6f002bcc674d36cf0bd8d02dd478de6a5dc219796f14a32b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.KRAB
binary
MD5: 89e23bb9d61ea10748d9e90eef1383f1
SHA256: bed48b88ddada4735a30298a39edd1b6f8632460129173e78fcfabd7783ab165
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.KRAB
binary
MD5: be0131deaf0bbe1b1188577aa30a1bc0
SHA256: cf63deed22c656443c32bbe942b4a377d5d37039d27f46bf4209d3b20f6e100c
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.KRAB
binary
MD5: 362fc55089009206416a9fd4c9a4f336
SHA256: f862043dc3e8e38f1af90344dcc72a99fd377d8e86677bd5baa334a71c17545e
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.KRAB
binary
MD5: e2aa1ab8a8f4f2a4e1aa4824448b77db
SHA256: 94f70a31e66d2acc73dd2b41b51d0ca499c4422949a761fba942dceb5986c071
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.KRAB
binary
MD5: 77dc36a25f98652fe1fa18ed77d9b13d
SHA256: 0295900f5d39a563f09ac7c05527b1058da739f70fc8d1fe88fcdfa0940b2588
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.KRAB
binary
MD5: 43fcda304219b9230e8d2e42b098916e
SHA256: 2f666c44f176d9869e6a416175cfdb88112c44492ee29fdf4a8024a0ae12f461
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.KRAB
binary
MD5: bed2a268be76e9b5d22b44b88782dda6
SHA256: fffe651ad3ae29331d511850de22878bf7c86c9ffdaeb0d2ee8e74a57673b669
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.KRAB
binary
MD5: 541b620431e93fcc4e90e99c3ca0916a
SHA256: 86e81ad389106465f47a3b14e955223489dfe3ea7512015c38895d8f8d3efaf4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.KRAB
binary
MD5: 7a10c69c1cc5b5f17656264455fc3c3a
SHA256: 7d7ec6bf8d9a3c2944c94f23ba41e7a844a8a9d1dd7029505331715a04496572
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.KRAB
binary
MD5: 128b7bf01998725f9235f20c59d584a2
SHA256: 3feaef8657c00bec4d112f56df1ce78fa645e64eedc30fc10938921a69d699e3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.KRAB
binary
MD5: fba17099bd74422478252f4ccabed84b
SHA256: d39c7df21ce898ad419d83daec6edd9aa3fea615efdf9a93b3a0f008624b80b6
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.KRAB
binary
MD5: f7441bc8bdd258302da9303df56d83d1
SHA256: 092afb78e24eefe2a97f94e789ee27a6f0a377779809f6e3c2c1efa6be0ad5e1
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.KRAB
binary
MD5: 45f2df575f92ede614dbf458a50a851e
SHA256: 713c0bee01a8433df7422b29d4f946e69ebe0d521a1dd62199a35687ed8b1a17
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.KRAB
binary
MD5: 2c7f238f15f1780ded82cdc3d1cd2b10
SHA256: 07121a556bc56895770b20188da4acf290a2eef7078c5c90825f441a59dc3174
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.KRAB
binary
MD5: 9c1326ab6acffd4b9737dcef6c0a40de
SHA256: c4b4d68d1e6a65098c58bf8be6c89f6567c30182c06c1cc397cd360c607062bc
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.KRAB
binary
MD5: 94e64d8a1b68b77a74ccda820ae13d27
SHA256: 0bb90494b8c5fb0ccba0973e77b73117fdf29dc678fb362d0cd9def8d9dff478
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.KRAB
binary
MD5: bc11e7e709e6527bd37fd2f4ae184c08
SHA256: 676021327efd43e551f27318dca1ae89b4874d7026ca2c225db29b7de8bd6d8f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.KRAB
binary
MD5: 0537f3dc05eefe5f8ed505c9cb72143d
SHA256: 36e0950c4c300a2e3d98cb1efe2316cbf00c6b40dc998bb56266f4951af58e15
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.KRAB
binary
MD5: a8032a2f67f2fbb7029c5fd84d6f7880
SHA256: b581c314290cf0b972e44561393951ec075bcfbf0cd91ae7c5ae2dd43e70e1cc
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.KRAB
binary
MD5: 0f080167151cf1a0abca22339281f2f2
SHA256: b9c297ba142eb102d39e71835207ce2fea8386420eaea9e2e7d138a2157038e1
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.KRAB
binary
MD5: d9023188185fb817a67b7033862de83d
SHA256: fc6c9a89ac016aa23f01506da864c5c0fd7852db38b599a26acc43e038272a63
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.KRAB
binary
MD5: 1155e89b9ae64065f8e1ff3241df5adc
SHA256: d6925f6b8f3239517794a8919e111c848053bdd44f5c2ed20d1a0f4cb793635e
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.KRAB
binary
MD5: d1b5bb290037d3bb1d144980a43c572f
SHA256: b85d8321f178fc84efcc9de488e1af54763667369613f6260853fc6640c228e5
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.KRAB
binary
MD5: 39404610c49eb570ce8ea9302198d392
SHA256: cd2a416d7ce52679ada9d033d6d1c9769bf718c6baef77a7056d9d3dd3a22727
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.KRAB
gpg
MD5: b8ba936572d245030316f4c8d873bce2
SHA256: 92a310823a6ef0832f72309a1f546f9d7c904f2295017f5ed7890ce4b079ddbf
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.KRAB
binary
MD5: 7630e1de5c2d6b2224cec271c42dc0ff
SHA256: 3164c178488b8e9a50871dfb0295a3044a9f0e2faeb290c2a3689da435c41640
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.KRAB
binary
MD5: 175ca8ebe747bf0435e002ee23ab1998
SHA256: 342f0f4e505501b0273ab91f52921d1c0c494b3df3cd1c8532bf454898ee0190
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.KRAB
binary
MD5: 5b6f4cc6b916d2d8539f4e3781d14a47
SHA256: a89eb1f091f96a0d3ca9bb92cc3420a85023671e454ad179a8b4a1b3bfce8c28
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.KRAB
binary
MD5: 7a7ef5414d9ee7543c319f35877350f5
SHA256: 60eb77b275d41825a4e3cd0c81963b51e5df4b2f5b09374707a6392c645a1f88
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.KRAB
binary
MD5: 942e4d3b9ad590dbeee278484830e0f0
SHA256: a3f6b831f9e08c45b0dc9d142292b93220a1ba6f501b4f130c0d935330fcb6df
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.KRAB
binary
MD5: 3e3750f7d14ec2ee6d0de25db176df8e
SHA256: 497b8110c814d9c93cb6827ecc027617ca7eaeec0bad3027405509643d40bcfb
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.KRAB
binary
MD5: 71190c1cdff68110edc2cd7df0273d06
SHA256: 15937c9141489112915b053d09e717e55aa0139bc3f3048ad28c814be12a526b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.KRAB
binary
MD5: 262dc15525319dffdab78a17c94d215c
SHA256: 8749a5cc78cc6bfc3a46f51dda1e4de5a57d0f4626b74d1b5c0586c019faea97
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.KRAB
binary
MD5: f3f3e48b0fa9ec5336adf7851f924335
SHA256: cf55c59b22b49530305fe386188db6d1c06e5866b047861fe56a079ca9d23376
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.KRAB
binary
MD5: 093b5e2cccd9ec09086feae34ecd3c12
SHA256: 18a34a6f07690912f94b350cffbd3b4cc8f7ebc5759ec63a2bfe66cfdf1a47a5
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.KRAB
binary
MD5: d8a33171b16d4f58eee57ed546bb7100
SHA256: 680892e51bc15bd1ff64d8ab93ee93165784853ecc01d077dfa997c50756d903
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.KRAB
binary
MD5: eb7525708c88cf076a0f3f6d45727a91
SHA256: a274844167381374af74026dd2413f0bf081a327730d6ea224107af719c9ec19
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.KRAB
binary
MD5: b1567969f0b49391213cc671843a2081
SHA256: 3896885986aefd37a3733427a813ab3f81703a7f431d52046ef75111e53560f3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.KRAB
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.KRAB
pgc
MD5: 966289ddf00f2e70ea7e154adf3825ca
SHA256: 210df567703d537a54cf6d986b8291cb1bf8be3fc555113e8bd7ec690ca50101
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.KRAB
binary
MD5: 89e8e8d4a30bbc85ee3d6bcfb2eb7cab
SHA256: f51f538facdad571ecb1edfeab5e06d598b40b3362eb0fc7d99a63a43f19c3b2
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.KRAB
binary
MD5: 99eee0d7e343f5b52a9f668c42ff659f
SHA256: 54da066b91d21a78147eb8040090bfb3fee32a0be6d9ccf7d3c06676ce6ab25d
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.KRAB
bs
MD5: 848d6fe3b22691e6192f11e1b53e1fe6
SHA256: 64c71da3083cd803b24f1fbb1d11c236ee7c655b4715a1ddc587caf0de314ef3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.KRAB
binary
MD5: eccd22c089b54dca206837b5db3a5d56
SHA256: 7dd7591aa85ddef6eb808b8bff208b665acd64f6b80eb01333d060684acf609b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1.KRAB
binary
MD5: 30105dfb94482a60c589d4efcd5ee591
SHA256: 2fd720eb53f34b3930711a62cd7913954e522957488782fdf30b8a7d055ada29
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.KRAB
binary
MD5: 729332893718a950017b58f373885e47
SHA256: 86cf9df9a715dc6edb04ffb5768a192690ffc1bb6e68e6d330e17c2abb31be07
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.KRAB
binary
MD5: faee48fa7046ba8f7591956ae17e8bcf
SHA256: de6523dc1da6539fc0960612bde6926c6dc72566a485080d435fb668aaf0653b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.KRAB
binary
MD5: dd6a1bf2c861b6eea648fb1789bcad41
SHA256: bd85e923533036835fbc4978f8a5a90c2d8e6704f44b5312d54e9a58972573a7
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.KRAB
binary
MD5: ea7dc718844c225bdc3cf2f0ac2bb065
SHA256: 80cb0dc99b76b33d1d91839aa86f173c5fbd9b266d835114c514de6848ae00d3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.KRAB
binary
MD5: 1a2911ef8defdd3c52dcf4fd3dc838ee
SHA256: 2c5d4a8a30c37d9df139f81d93145ac0295bb978aab4dd838b3eab3e3b8ba01b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.KRAB
binary
MD5: 25b857d0f674ddd18dd6d01c9ed0aab8
SHA256: 878adcebbc711cb5c3a3f8bfa24d1ba547665bbcc96b5fcb4143d2133811e2a4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.KRAB
binary
MD5: 7f3d1ea8205227896d7e34d6a06fc228
SHA256: a0766ff88ef7f36d05c63b04c03e30389a0083f34727e1cd76c4da4b5a68a528
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.KRAB
binary
MD5: 2d2e07fdb45c6c3cda9824ecab150569
SHA256: 2b450521989ca3674ae0d09f9808d53cae0237eb0ae4a15b5881dffe78fa9723
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.KRAB
binary
MD5: a9208f5fa7df6a1e206ac52ebaf1bad7
SHA256: 6f8f1399a091c8b9d9b8b16305c836e19f835b496720e01744aee4598fcfa4b1
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.KRAB
binary
MD5: 37a0d3ff8ffe2341b8b17cb7666b9cff
SHA256: 02d3a2dba6324d078721ee0610ae0f2156aaeaa96621cc88cd964f72cf529632
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.KRAB
binary
MD5: 8a6ee351984a9806244ced5557e6c32c
SHA256: 6738d0658985f485a1664d196ec11dfdff0933ef17554bf288d6bdf832bedab7
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.KRAB
binary
MD5: 431bdaf5ae90cef169a8b8ac616da5ca
SHA256: e66862e57b3a3989bcb26f8c32c8713d741de79cfbdf5d50b3aaa6631bfdbbde
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.KRAB
binary
MD5: 0302e98a2199e6dc0e3436b80ab93c88
SHA256: e04c191d177345a11e2aa768064a37bb588d6bf1cd755d88c77f325ad347fe94
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: ddc27ebbfeaff3f6697713b575a29834
SHA256: 932ba9e65c9da3b6924afef1b4f43883632b525c95d31b9e9d76f0b4e8c8323e
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: aea08abddf66fae6e34f665616a903bd
SHA256: 2170c8c456489d78062e5c99543a418107b10ba92efc5c5ee14d95ced88c84a4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 15cc892206051d04359a804749ea483d
SHA256: 1fea447648b3d04de35da6351898a21ab216e9e92c980debf644f7a7416e1efa
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 13be694b87f70941d05432257607fe98
SHA256: 4455b0fbea63a1ad18a372e4f83dfbb4624807622b6f43de326ce223550f7b3c
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 4016c2bc34f77ac61f8652fc69db5dd8
SHA256: b52fbff023ca418c980a1abfdae7d486748d1232c5dc272b5e46001b7fb02ac0
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.KRAB
binary
MD5: 72d30935ddec13e9e3eb2f98f9fa4726
SHA256: 8041f1e195ff52fd2fc6528858458f3888c77e92584bdd1e73a912f4a8d82ca9
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.KRAB
binary
MD5: 857ea84225b16654642ae79931dd65f0
SHA256: 3557d40731ae65edf23fdc376c5f24e7812a452cd50e808add02c6e46d6b53e3
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.KRAB
binary
MD5: 9545e13076c1659b76092d2d4fd32a69
SHA256: b9d973e4b9e58148208a3f24609b5f655b75ffed7e83cf82c84f5c89951b5777
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Identities\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.KRAB
binary
MD5: 26ab6ddc4c6e54d5af9c3ef7e7a65b7a
SHA256: 129138e257f5bdf24ed08110c3f2bf75e63d0c4e2c0c2bd86c90d1cdd73967fc
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.KRAB
binary
MD5: 335b29c15851d2603130aff2e8284acd
SHA256: c8dd1c575737106c8e6a099897af9c2f643a199091780eb32216f026d968481a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.KRAB
binary
MD5: 0fe51e5ca1fbd9ea6662f585fbda505c
SHA256: 62cb176b0ffd3b7b90c89416dee0980c118bde9cedd193753ce2d62040e4dd0a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.KRAB
flc
MD5: 6f6b605de89c8e4948626751eb9e5071
SHA256: 69928a3e40100d62adae6724811555ec87a5195a661ed8e6fc3d1ebc8894f3a4
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.KRAB
binary
MD5: 57b8a5e82691b833032126b2cf61189c
SHA256: 39394f75df3ede6c4aff5dcc322b93639fa7d5f774794a70ba459e353728e616
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.KRAB
binary
MD5: 8d6a829bb9a21c97e92548fc1da475b6
SHA256: c5f551c5f7def08c5386dd621e151af563ca7e1e934c1e3c212881429cd77b06
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.KRAB
binary
MD5: cd4fa164025a3a3f920bfd7d5ab32c56
SHA256: b7d22fd24385bbfab9ea1cf20f419a79f6b19e82016846ec220ba05834465b95
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.KRAB
binary
MD5: 1b697faba144595130c8c1e4d2d654c9
SHA256: 2f5f13058f3a625ee1729d30d6fac362f25a99df162d4b46f43ccd5dd4cb461b
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.KRAB
binary
MD5: b2b83a5e25d22d58e819a78719ac0b14
SHA256: 0ca75d5d92e9fc9b23a446578fd9c5a713339882aa96a565f74baad89f58790a
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.KRAB
binary
MD5: 45fd8fefc79f1a05686eb5023dfb0e6d
SHA256: 0eae6d2b508b4b6ae7189f5db87f5f3bd908c82c6720246b7860f280f7825cba
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.KRAB
binary
MD5: fc7b90049173df88fe3b5045fe36c9d9
SHA256: 8c77e4d359cd9bb1df1f2b332576aa5c9104a3b4044138cf75c2fcfc3d90af9f
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\Users\admin\.oracle_jre_usage\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852
3528
gandcrab 4.1.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.KRAB
binary
MD5: 4d2b8b2ac653c4fc20eaa75e3565c6b4
SHA256: 97ba29a7b8151021a0d4d7bee5ddad27107e136b8a34bedb5c00acad1bf67ae9
3528
gandcrab 4.1.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3528
gandcrab 4.1.2.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\KRAB-DECRYPT.txt
text
MD5: ad0b8a50cc4c48084cf7b55e0c1c2a95
SHA256: 15dc0c9eb795ca626ace9907737b6c9c5469d96e4482d49f75dfd79d90281852

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
15
TCP/UDP connections
22
DNS requests
14
Threats
17

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3528 gandcrab 4.1.2.exe GET 302 217.160.0.234:80 http://www.billerimpex.com/ DE
html
malicious
3528 gandcrab 4.1.2.exe GET 301 217.70.184.50:80 http://www.macartegrise.eu/ FR
html
malicious
3528 gandcrab 4.1.2.exe GET 301 199.188.201.218:80 http://www.poketeg.com/ US
html
malicious
3528 gandcrab 4.1.2.exe GET –– 92.53.96.201:80 http://perovaphoto.ru/ RU
––
––
malicious
3528 gandcrab 4.1.2.exe POST 404 92.53.96.201:80 http://perovaphoto.ru/static/imgs/amamheruth.gif RU
text
html
malicious
3528 gandcrab 4.1.2.exe GET –– 87.236.16.31:80 http://asl-company.ru/ RU
––
––
malicious
3528 gandcrab 4.1.2.exe POST 404 87.236.16.31:80 http://asl-company.ru/static/images/daam.bmp RU
text
html
malicious
3528 gandcrab 4.1.2.exe GET –– 77.104.171.238:80 http://www.fabbfoundation.gm/ US
––
––
malicious
3528 gandcrab 4.1.2.exe POST –– 77.104.171.238:80 http://www.fabbfoundation.gm/news/tmp/dadaim.jpg US
text
––
––
malicious
3528 gandcrab 4.1.2.exe GET –– 146.66.72.87:80 http://www.perfectfunnelblueprint.com/ US
––
––
malicious
3528 gandcrab 4.1.2.exe POST –– 146.66.72.87:80 http://www.perfectfunnelblueprint.com/wp-content/pictures/esessees.png US
text
––
––
malicious
3528 gandcrab 4.1.2.exe GET –– 91.195.240.94:80 http://www.wash-wear.com/ DE
––
––
malicious
3528 gandcrab 4.1.2.exe POST 403 91.195.240.94:80 http://www.wash-wear.com/static/pictures/imda.jpg DE
text
html
malicious
3528 gandcrab 4.1.2.exe GET 200 5.101.159.20:80 http://pp-panda74.ru/ RU
html
malicious
3528 gandcrab 4.1.2.exe POST 404 5.101.159.20:80 http://pp-panda74.ru/uploads/image/moseamruim.gif RU
text
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3528 gandcrab 4.1.2.exe 217.160.0.234:80 1&1 Internet SE DE suspicious
3528 gandcrab 4.1.2.exe 217.160.0.234:443 1&1 Internet SE DE suspicious
3528 gandcrab 4.1.2.exe 217.70.184.50:80 GANDI SAS FR malicious
3528 gandcrab 4.1.2.exe 217.70.184.50:443 GANDI SAS FR malicious
3528 gandcrab 4.1.2.exe 199.188.201.218:80 Namecheap, Inc. US unknown
3528 gandcrab 4.1.2.exe 199.188.201.218:443 Namecheap, Inc. US unknown
3528 gandcrab 4.1.2.exe 92.53.96.201:80 TimeWeb Ltd. RU malicious
3528 gandcrab 4.1.2.exe 87.236.16.31:80 Beget Ltd RU malicious
3528 gandcrab 4.1.2.exe 77.104.171.238:80 SoftLayer Technologies Inc. US malicious
3528 gandcrab 4.1.2.exe 146.66.72.87:80 US malicious
3528 gandcrab 4.1.2.exe 91.195.240.94:80 SEDO GmbH DE malicious
3528 gandcrab 4.1.2.exe 5.101.159.20:80 Beget Ltd RU malicious

DNS requests

Domain IP Reputation
www.billerimpex.com 217.160.0.234
malicious
www.macartegrise.eu 217.70.184.50
malicious
www.poketeg.com 199.188.201.218
malicious
dns.msftncsi.com 131.107.255.255
whitelisted
perovaphoto.ru 92.53.96.201
malicious
asl-company.ru 87.236.16.31
malicious
www.fabbfoundation.gm 77.104.171.238
malicious
www.perfectfunnelblueprint.com 146.66.72.87
malicious
www.wash-wear.com 91.195.240.94
malicious
pp-panda74.ru 5.101.159.20
malicious
cevent.net No response malicious
alem.be No response malicious
bellytobabyphotographyseattle.com No response unknown

Threats

PID Process Class Message
3528 gandcrab 4.1.2.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
3528 gandcrab 4.1.2.exe A Network Trojan was detected ET TROJAN [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3528 gandcrab 4.1.2.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3528 gandcrab 4.1.2.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP
3528 gandcrab 4.1.2.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3528 gandcrab 4.1.2.exe A Network Trojan was detected MALWARE [PTsecurity] GandCrab Ransomware HTTP

Debug output strings

No debug info.