General Info

File name

GandCrab.exe

Full analysis
https://app.any.run/tasks/680b6c15-fda6-47c4-aa81-9f10514f29b9
Verdict
Malicious activity
Threats:

GandCrab is a ransomware type malware, which means that it encrypts files on infected machines and demands a ransom in cryptocurrency to restore the lost data. What’s more, this particular strain is distributed as a Ransomware-As-A-Service, allowing anybody to use this malware by purchasing access to a control dashboard.

Analysis date
12/2/2019, 18:24:22
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

trojan

opendir

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

07fadb006486953439ce0092651fd7a6

SHA1

e42431d37561cc695de03b85e8e99c9e31321742

SHA256

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0

SSDEEP

3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Actions looks like stealing of personal data
  • GandCrab.exe (PID: 2740)
GandCrab keys found
  • GandCrab.exe (PID: 2740)
Renames files like Ransomware
  • GandCrab.exe (PID: 2740)
Connects to CnC server
  • GandCrab.exe (PID: 2740)
Writes file to Word startup folder
  • GandCrab.exe (PID: 2740)
Deletes shadow copies
  • GandCrab.exe (PID: 2740)
Creates files like Ransomware instruction
  • GandCrab.exe (PID: 2740)
Creates files in the user directory
  • notepad++.exe (PID: 1016)
  • GandCrab.exe (PID: 2740)
Reads the cookies of Mozilla Firefox
  • GandCrab.exe (PID: 2740)
Manual execution by user
  • GandCrab.exe (PID: 964)
  • GandCrab.exe (PID: 1772)
  • iexplore.exe (PID: 2860)
  • notepad++.exe (PID: 1016)
  • iexplore.exe (PID: 688)
  • GandCrab.exe (PID: 2372)
  • GandCrab.exe (PID: 2912)
Reads internet explorer settings
  • iexplore.exe (PID: 1748)
  • iexplore.exe (PID: 3336)
Changes internet zones settings
  • iexplore.exe (PID: 2860)
  • iexplore.exe (PID: 688)
Dropped object may contain Bitcoin addresses
  • GandCrab.exe (PID: 2740)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:09:24 09:47:02+02:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
79360
InitializedDataSize:
114688
UninitializedDataSize:
null
EntryPoint:
0x6314
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
24-Sep-2018 07:47:02
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
24-Sep-2018 07:47:02
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00013474 0x00013600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.57387
.rdata 0x00015000 0x00006EE0 0x00007000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.58949
.data 0x0001C000 0x000138F4 0x00011C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.85604
.rsrc 0x00030000 0x000001E0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.7015
.reloc 0x00031000 0x000013B4 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.65085
Resources
1

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    SHELL32.dll

    ole32.dll

    MPR.dll

    WININET.dll

    XPSPRINT.DLL

    RPCRT4.dll

Exports

    No exports.

Screenshots

Processes

Total processes
49
Monitored processes
12
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #GANDCRAB gandcrab.exe wmic.exe no specs gandcrab.exe no specs gandcrab.exe no specs gandcrab.exe no specs gandcrab.exe no specs iexplore.exe iexplore.exe no specs notepad++.exe gup.exe iexplore.exe no specs iexplore.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2740
CMD
"C:\Users\admin\Desktop\GandCrab.exe"
Path
C:\Users\admin\Desktop\GandCrab.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\gandcrab.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\xpsprint.dll
c:\windows\system32\prntvpt.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\xpsgdiconverter.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\xpsservices.dll
c:\windows\system32\opcservices.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll

PID
1712
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
No indicators
Parent process
GandCrab.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147749908
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

PID
964
CMD
"C:\Users\admin\Desktop\GandCrab.exe"
Path
C:\Users\admin\Desktop\GandCrab.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\gandcrab.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\xpsprint.dll
c:\windows\system32\prntvpt.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\xpsgdiconverter.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\xpsservices.dll
c:\windows\system32\opcservices.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll

PID
1772
CMD
"C:\Users\admin\Desktop\GandCrab.exe"
Path
C:\Users\admin\Desktop\GandCrab.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\gandcrab.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\xpsprint.dll
c:\windows\system32\prntvpt.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\xpsgdiconverter.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\xpsservices.dll
c:\windows\system32\opcservices.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll

PID
2912
CMD
"C:\Users\admin\Desktop\GandCrab.exe"
Path
C:\Users\admin\Desktop\GandCrab.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\gandcrab.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\xpsprint.dll
c:\windows\system32\prntvpt.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\xpsgdiconverter.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\xpsservices.dll
c:\windows\system32\opcservices.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll

PID
2372
CMD
"C:\Users\admin\Desktop\GandCrab.exe"
Path
C:\Users\admin\Desktop\GandCrab.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\gandcrab.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\xpsprint.dll
c:\windows\system32\prntvpt.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\xpsgdiconverter.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\xpsservices.dll
c:\windows\system32\opcservices.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll

PID
2860
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\Desktop\HTYPP-DECRYPT.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\netutils.dll

PID
1748
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2860 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\msimg32.dll

PID
1016
CMD
"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\admin\Desktop\HTYPP-DECRYPT.html"
Path
C:\Program Files\Notepad++\notepad++.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Don HO [email protected]
Description
Notepad++ : a free (GNU) source code editor
Version
7.51
Modules
Image
c:\program files\notepad++\notepad++.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\program files\notepad++\scilexer.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\program files\notepad++\updater\gup.exe
c:\windows\system32\windowscodecs.dll
c:\program files\notepad++\plugins\mimetools.dll
c:\program files\notepad++\plugins\nppconverter.dll
c:\program files\notepad++\plugins\nppexport.dll

PID
3708
CMD
"C:\Program Files\Notepad++\updater\gup.exe" -v7.51
Path
C:\Program Files\Notepad++\updater\gup.exe
Indicators
Parent process
notepad++.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Don HO [email protected]
Description
GUP : a free (LGPL) Generic Updater
Version
4.1
Modules
Image
c:\program files\notepad++\updater\gup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\notepad++\updater\libcurl.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\normaliz.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll

PID
688
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\Desktop\HTYPP-DECRYPT.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
3336
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:688 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll

Registry activity

Total events
1056
Read events
915
Write events
138
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASAPI32
EnableFileTracing
0
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASAPI32
EnableConsoleTracing
0
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASAPI32
FileTracingMask
4294901760
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASAPI32
ConsoleTracingMask
4294901760
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASAPI32
MaxFileSize
1048576
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASAPI32
FileDirectory
%windir%\tracing
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASMANCS
EnableFileTracing
0
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASMANCS
EnableConsoleTracing
0
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASMANCS
FileTracingMask
4294901760
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASMANCS
ConsoleTracingMask
4294901760
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASMANCS
MaxFileSize
1048576
2740
GandCrab.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GandCrab_RASMANCS
FileDirectory
%windir%\tracing
2740
GandCrab.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2740
GandCrab.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2740
GandCrab.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2740
GandCrab.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2740
GandCrab.exe
write
HKEY_CURRENT_USER\Software\ex_data\data
ext
2E00680074007900700070000000
2740
GandCrab.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
public
0602000000A400005253413100080000010001003582F4F5EEDEC54175F7B383CEBB3CC48A9E4760696DC49131F9E64778EBF71F7B4E8532AA34C5323C5BBFABED5341B7B36FFF348CE12D29A8BE3D0FF34F854DFB580F91A03ADAB959916D9B8E0B4273FA3DBA4C91B55BE5DFAD1250D750DC7582FFE974CC6A7998FDB332856DE81E27732899437C9DAE6183FFE06BC2B6E0FF058F50D275F994F53E23FF64C67BBA51350652AD36930F1BA9E254C819E8E84015EE1F1D2B5353498A7ED6B2128FD601A9762B45C2589485BE195A470871914DDA8FCC9CCC8FFE21CD76D90277DE61AF65E076CCCEA58DDE310630031B02FF1233330A241638EE39CB9DF2B6FE438AABDA2DB379D91E58ECEF054480F01D6AC1
2740
GandCrab.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
private
940400007578A1482CB581A24006F341E8F2D4F3F0D76521067D312A3A3D996C68F52E6592AE9EBB8935153C56FC362F35158D23FF7DDB4D28CAB8BDE8D68A35FF620EEFE98E59118B98F1E6E812F846B42F16C1481D5755D785796D9DC30CA674E4AE2D049CA7E04A839579259FCFC9F6D750A8685119335A034EF7E47DE6379FA167E1B9188198A0E7C20E30E16EB86F0269EC1391F3C384A216681DAC044E159139E3DFBF3246DE0F8D0A8A4EDE65E9523ED991A5DE3096902701AE9CE25B8C6A73C245DFD4E740EE3A6544DAF361CAFA846BBFCC708A3BF275F820D10C6F103B3E02EA817452CC6825407F975999A687F9ADF7C6E9680765C7101ABBF9AE0C8A7556B0F7FE4EB9F83DC6431F3F5D49929807D455C525B905706ABC905F0D72F733F5D7F5D1AC5F06A730FD4EEB21E9913DFA79CA9E70A11A2EF9CC4C88A47DD935DED3D39E2F24F49F8C12D32348716DFA69C7AE58EF398B9DC9D5D9C91D085D8A2908639F7D11C8FEE3DC9993D071D4D25B634490EF2701B961566782B07F2925BA109DE78F8B601C542CC7568A2C34F841DEC5A3E77DE1CD85E49BD1E996308AA286D8867980C3B38106A1F2C0AFC42B3F1409B64B26D80B7FBF6AD68A4465E31E274E5010F22CE7CC00489CC7550C2915114ABAE31733C8A1B190444440C660F4852E0ADC107B4F3D2E3D4396BF4ACB1C9E3B48C066C916A58091296805B344362862C658E1951C0739314D7DCFE920C3A9111499756B1216E55F9AF9ABA3D75377F891C0C179B1503C90405EB824A317744C5C960283E9F6F3D15765A6CEAFEDCA3017888D54BABF7400E24BF087EBCFFD7AC697CADAAC0EBF73A5A3C25C6663FB3C39B816D4F3C7C4F8E29BB30D9BA15D067F2EBDD48408D33AD128E4DE4FAD33DDE7713782985759C81177B2D0B4CBCE6E4B2AD5F7B872EEA1B84835EE2BA651B4BDE207CEBF30671666F065F9FA04DF0CFE3A5FC62A0DBD72C5C7154F3840D198F95F3CD712CFEB544BD361CBBB48B170F0DDD2B72D15775D938349CF606A79D2ADA090D4B7642C2BDB60F883DFCDB5815AF07E6C627F645808E35100F0E5D2180BD9D489C889B8E311071401721EC7190ABC45645D16C8E8B6F4A296AC3089E6FA6AA305BF9D0A7C55F1A8DDCF757CFC5C1D86EA29D1F45655FD0AEEF2F8B931A8EDDC19FA8DE4C2EAA2EBE910BEF9FF21C5A8A1A8D51D20AE95E9D12E200B16A6F554930FE4DA759D4400D0279A6EB91BAD86FF2544F3FD0F655991BB444A31B969B4561AD0D5F6C73EAFDC2FA38F42639512FDC318D9EFD5CCD08FE3730E9E56F306EDE4D5B01EBBF0578813847735EF954BCFF29AB17252B729B8789B5B938F9F6D403A20ECB0E0760B645CB4C36FD41D4E2BCE16ADC2655ECB7782A654587EC022F3C654C5FCB85307E12107F64682A92E8247CA26A0C5542EE71F0A35C8483B007BFCF8B62DCE77B7EE93676DD5E57C43D1BC0666F2A5190C9D49DC8A4B0457A07E4CC2E815100F5535D7B1441588AC9D66AD8471F6C70D964B55FBE70D694A854C8D2F734230D8AE5A76710E8A16C80DA03E64AC07FBDDCB145C6E40725950765CED0762BD742AE584DACA1C149B8F84780263427A6AF0C03C14F1AE75C822C7527441412B85E033C4D331DDD5881A9C23E7F55FF902A2426467844E7DFC1855A99B18E28B91237FA9BB817F7699FCCC96ED27BA976379401259CA03C80A3101A2096716783FADD3658597037964CF444A606C5606DDFD182A2A0AA3158D75B6CFBE8719CFCD4DFEFAFEA750603509F94D30CEA82E4D702571B6472589CE9DDDC5903E36BE215737E473AEE2811E348D7865E5E3679C1950FF89FACDF3AAB262BD37BD6944E54D8E95B14207973B9281234D1F31E80C059E299F9CD150C961AC9CC11B4921B8BCA95723C77A1B4B71CB35BF2E24B5B4AA2BDCF9770A65C2A1FD722398B5E6F3E79A330C47529D2D2983F153B77A2306829FB94A115DA75A14F847E129F978475F49C9F35A244107B7565C4D964125E52E235FE52F8017F97B408FD22E8BCBB4A97A867DE339EBE868C3727CF379615C9613DA0406E9C6534F4369071C45D67446C4ACA93CCF8D94C0B3685E6D88175F492C4F9680D2E3A9E2AA71200E404E4FC765CD1707033733332C94F2E1B4A9025CC9A5B45E36C21989FF298D55B8A660828CB317ABA1B6CC288472DE7C4E3DB4920238D66715F903500D088A3A5E9FDE331BF2A8CB1EDB2AAB129653D76C190903F641DB34D4A94B05CE1850344CD6738E4197438CD76B67CAA7C43A64927483AA5346DB9B03134766AD283EC32AA81A0553EB056C8F70A37F77A4B895A742CFAEDDFBC750AA94FE0A216010A0EE0F15113ED7F91E8561FE92
2740
GandCrab.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2740
GandCrab.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
2740
GandCrab.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
2740
GandCrab.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
2740
GandCrab.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
2740
GandCrab.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2860
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
2860
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
2860
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B3E4B7CF-1528-11EA-AB41-5254004A04AF}
0
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070C0001000200110019001000D900
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070C0001000200110019001000D900
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
0800000002000000A001000001000000030000007C000000000000006E00320096FE0000824F168B200048545950502D7E312E48544D0000520008000400EFBE824F168B824F168B2A000000D82F0100000001000000000000000000000000000000480054005900500050002D0044004500430052005900500054002E00680074006D006C0000001C000000000000008A000000010000007C00320008030000824F168B20005355474745537E312E4854590000600008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C002E006800740079007000700000001C000000000000008E0000000200000080003200FE020000824F168B2000574542534C497E312E4854590000640008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C002E006800740079007000700000001C00000000000000
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099DD67B9870504419A65E6C4D05E0F420000000002000000000010660000000100002000000016F60827084DAEE625BB682130689B8D365AD6D0050B9A3115DE9E02C3C59310000000000E8000000002000020000000C804726A1F6411B0AC83F5BBFE40673781DA0965530C2FDFA5C637E041DA2F755000000014231DDAF1B49665DEAD4B66EAF996C595FDA4464B315C7BC231E5A4B3F770E71F501528969EC5BCD008A676C72BB1492403827653ADA884F51C81751AE6BE58629174BDE0514EC7D0E2BBA1E770395A40000000269D7BE5ED7FCA5DD3B5308216827BFAB3465A21C66885EBE44040169261B6797A652931E94430F935EDF101B3403449378BC34F544DD68C24536BBF8476AA6E
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2860
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099DD67B9870504419A65E6C4D05E0F42000000000200000000001066000000010000200000009FD42F415A36D0BB0A43195016D0AFEB1C5A9D9BF44D3829A742A358283102F4000000000E8000000002000020000000D9C40832C6F9F96E2D58479B5E923FC0CF6D45A6E84433DED4078F2EE547D3C010000000FAB0E00B19E932ED8DB41CE41269FD4240000000B7D329B50AD423772E0199B3676BDDF69FBD669FAB1DA685290FC6A491417C65FAC31995496EE68543FE9811D42EB0F50A0860002814367C6B994364232609C2
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070C0001000200110019001000CD02
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070C00010002001100190010001B03
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
55
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070C00010002001100190010007903
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
29
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1748
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1748
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
0904
1748
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
1748
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
1016
notepad++.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1016
notepad++.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1016
notepad++.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000094000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{CF8B5D99-1528-11EA-AB41-5254004A04AF}
0
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070C000100020011001A0002004102
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070C000100020011001A0002004102
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
688
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
0800000002000000A001000001000000030000007C000000000000006E00320096FE0000824F168B200048545950502D7E312E48544D0000520008000400EFBE824F168B824F168B2A000000D82F0100000001000000000000000000000000000000480054005900500050002D0044004500430052005900500054002E00680074006D006C0000001C000000000000008A000000010000007C00320008030000824F168B20005355474745537E312E4854590000600008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C002E006800740079007000700000001C000000000000008E0000000200000080003200FE020000824F168B2000574542534C497E312E4854590000640008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C002E006800740079007000700000001C00000000000000
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070C000100020011001A000200BE02
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070C000100020011001A000200CD02
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
49
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070C000100020011001A000200EC02
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
24
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
0
Suspicious files
304
Text files
224
Unknown types
12

Dropped files

PID
Process
Filename
Type
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 37f705ac525959c1f61fbef9574c4fca
SHA256: 449a9cc9948c138c512d322049d60fd38756a528f690cf3878ee3849cdb7a339
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: ddfda6e1db4ef10473e4fd83796f94ea
SHA256: e2eec6bdc1ec6ec7b94e88b6715ab1fcbbaf554b21bf4dfc5e9ea4c2f29e614f
688
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CF8B5D99-1528-11EA-AB41-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
688
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2E65A59BCE927386.TMP
––
MD5:  ––
SHA256:  ––
3336
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: dec44b7a151d1b23bdf751b522bc1578
SHA256: cafdc0a391174dcd85d63bc0c7c55705bf07365f886faa3d578a1a6764b135e1
688
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{CF8B5D9A-1528-11EA-AB41-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
688
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF6C96B1D7DE6F6DED.TMP
––
MD5:  ––
SHA256:  ––
688
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{D7EF8458-1528-11EA-AB41-5254004A04AF}.dat
binary
MD5: 5013971f10557c82cbc352bfe7ea3f51
SHA256: 00c3f4f831dee4e2eeed6b680af287e05e12d9387ff837fc7b7f0af02534bbc7
688
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{BDB0E1A4-1528-11EA-AB41-5254004A04AF}.dat
binary
MD5: b33bc619e8bbbeba806af471ab41206c
SHA256: a17db192d3532a1b287f59a64f54e312ebdffd2487d5e013b4344ecb86d2781c
688
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2FF65420E702F0DA.TMP
––
MD5:  ––
SHA256:  ––
688
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF0AA824AFBA3D7003.TMP
––
MD5:  ––
SHA256:  ––
688
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: b24c78fdcd3c041c15edcf52bcc838a9
SHA256: 58b35c2542f8690ad969364e5407fc5ae1007a5f8a743aedce34e2d3f7cf6621
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
1016
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\config.xml
xml
MD5: 30b204e0738a6d5058835ee0ae7e3989
SHA256: caac1d12843928845c8749d2922c9cb8e797137f44bc6a48b5401df1507955c5
1016
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\session.xml
text
MD5: 3fd69944040225f0f3ded9524456196a
SHA256: f053de7575b5450073cdff7b34b209f8cbc7f218f49fd3adf01c05ff7e71f689
1016
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\Config\converter.ini
text
MD5: f70f579156c93b097e656caba577a5c9
SHA256: b926498a19ca95dc28964b7336e5847107dd3c0f52c85195c135d9dd6ca402d4
1016
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
xml
MD5: 4f46475c050c985c98669102d3138f58
SHA256: 1eb58d72ee0d7c5e1d51cf7ee98e31b31f545383e2842e4e6184675f341a9ba1
1016
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\shortcuts.xml
text
MD5: ad21a64014891793dd9b21d835278f36
SHA256: c24699c9d00abdd510140fe1b2ace97bfc70d8b21bf3462ded85afc4f73fe52f
1016
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\stylers.xml
xml
MD5: 44982e1d48434c0ab3e8277e322dd1e4
SHA256: 3e661d3f1ff3977b022a0acc26b840b5e57d600bc03dcfc6befdb408c665904c
1016
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\langs.xml
xml
MD5: e792264bec29005b9044a435fba185ab
SHA256: 5298fd2f119c43d04f6cf831f379ec25b4156192278e40e458ec356f9b49d624
2860
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B3E4B7CF-1528-11EA-AB41-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2860
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF1FD5B7F07C655C8A.TMP
––
MD5:  ––
SHA256:  ––
1748
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 880f02e667fbf7d2dd2dc03ba026310f
SHA256: 2decd5c4d6043fa8426a23bc93fd2405e2663b423b1758f2b00efb9bd5ab1f53
2860
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B3E4B7D0-1528-11EA-AB41-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2860
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFF220B0CEDEE08B7C.TMP
––
MD5:  ––
SHA256:  ––
2860
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
binary
MD5: 9fee1520d3c7552a370b59cf9a8fb7c5
SHA256: 676d3bcdff9bac046aed1c66feaa604ed516eed576e3e14416a14d7b74d91075
2860
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{BDB0E1A5-1528-11EA-AB41-5254004A04AF}.dat
binary
MD5: 54f8978d598b1af5b10c45685c0da6ef
SHA256: 98bf3105d91dc62fb157a38cb1d9102c662a760564a336fd43df4b88096eac12
2860
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{BDB0E1A4-1528-11EA-AB41-5254004A04AF}.dat
binary
MD5: 9003dfbfb5c651980c59ec3ac26b80f4
SHA256: 9eef595e4ef4213cb81c13bce0555bdd5d2ca8e0efa869d3997a9933acc34a31
2860
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFEA6BEDB55AD32E33.TMP
––
MD5:  ––
SHA256:  ––
2860
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF154C6B9DB31EBA1B.TMP
––
MD5:  ––
SHA256:  ––
2860
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2860
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2860
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Local\Temp\pidor.bmp
image
MD5: 4b0a969b940ebe6c8fef6c1f3acbe72d
SHA256: fd4b274b6e3babe2fc8fa6fe2c611b2aeed4bfd9229f3a91739ee4484ad4027c
2740
GandCrab.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Videos\Sample Videos\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.htypp
binary
MD5: 5151abbd1e29691b5af63b4a86124623
SHA256: 6d0a346f4539cbe1cfa98ec4adaacaf8eda651f0e4e1fa925187a5646209f756
2740
GandCrab.exe
C:\Users\Public\Recorded TV\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Recorded TV\Sample Media\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.htypp
binary
MD5: 91eca18aabded7025304f4c02c1b4a74
SHA256: a981a46e8ce10f006833ed398d18f85a3f089ff5ed7b7381e69da32e6fd3f314
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.htypp
binary
MD5: 0b2b3fc55e152cd664d28eb534d3d884
SHA256: e2796da387d1e4e887ac84118782a9d133001e1582037a210946acff91027f4b
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.htypp
binary
MD5: d8c412c60b3718ca3fa659614b532143
SHA256: feaabefea83c482a4308a5d8abb6f8ea164f260e3bce46971e0e27abd91e7f29
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.htypp
binary
MD5: 698a3e9a8237e5a8bce79231a3f5dbe8
SHA256: 3cbb4783c5cd350d47a5493dd5d7b6c31ab33239d7d22c246ed53cb66baa56cf
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.htypp
binary
MD5: 7c15a950e14da32c0bce4e7e523f7ce7
SHA256: ed8071d62764edebbfaaecd8ee2827e3d4cd9eb4b61b8cc1710edd2073db35a6
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.htypp
binary
MD5: ff7d009709ce3352469557c52988bfe3
SHA256: c43f2020d6f2e59db5c2348908782b536df7e51e03bc9fb5f83cc05bcb9f41f3
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.htypp
binary
MD5: 3e01f46d15808901c1d889b459550ac6
SHA256: 715432a17dea73371029ca389c424b9ef26933459217a912090f4dea17dcd73b
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.htypp
binary
MD5: b30c53d3c400fea80d98a87a15ae2535
SHA256: b1745dd176c3460caba3fd164dadf1927ac06e0d2d60fb7f514686b266558b34
2740
GandCrab.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Libraries\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Music\Sample Music\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.htypp
binary
MD5: 41fae6e73f9f38a343492d3e1696b4b4
SHA256: 53c541c6ee4b15d2251e24620bc80b6095c67fdfd3310d65a2c87689192bf3c6
2740
GandCrab.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\Public\Downloads\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Music\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Documents\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Pictures\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Favorites\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\Videos\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\Public\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.htypp
bs
MD5: 10f5f804b9de3ef052a45ce674cb62b5
SHA256: 57ddf81fa1a61cc3d7078220de1d479799f3fa3c5a2bf4bb3c49dca2a62f0678
2740
GandCrab.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.htypp
binary
MD5: be731a4e7d4475fdb3bbdd8f8545ed31
SHA256: d7c0c9ffa43fb375620b7067b6341f9ab63d742150d990f6320f23cbe0099c7a
2740
GandCrab.exe
C:\Users\admin\Saved Games\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Pictures\placesfinance.png.htypp
binary
MD5: 9d5a95a20ecbe9f3a6172b4590e50590
SHA256: 3c98cd09ed0153d193e879be8bd4f68f9f177315a2c38e0ef427f9d4a33a83ad
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Searches\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Pictures\placesfinance.png
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Pictures\christmaspaid.png.htypp
binary
MD5: 34ab16998b9b4a2a64b35a1d14387a3b
SHA256: 7d0faaa8bfdba327a2fba407420eb98e53d2f560d89c473a68e57171936d075a
2740
GandCrab.exe
C:\Users\admin\Pictures\acceptair.png.htypp
binary
MD5: a35943a1ed033b1fb3d20f77634206d3
SHA256: ca3346d2f42a48124bbe3c282db43b13c64fa9b90db02b26fd3960b9267da21b
2740
GandCrab.exe
C:\Users\admin\ntuser.ini.htypp
binary
MD5: 706f006c8adb28d9aa633da05c2be689
SHA256: fc128528f70ef4240d25742689e9f6db72c65694adb7da74e5e665fc095bbc59
2740
GandCrab.exe
C:\Users\admin\Pictures\digitalpractice.jpg.htypp
binary
MD5: 31bc9f03b8523dd6779331bec74ff019
SHA256: 469bdabd3ecf18e565669eadbcc889e2584a478c2d416edec66b4718d4d6f677
2740
GandCrab.exe
C:\Users\admin\Pictures\digitalpractice.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Pictures\christmaspaid.png
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Pictures\acceptair.png
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.htypp
binary
MD5: e25a20e8550f8c9f44d583a8ab1bf3ca
SHA256: 20bb04a79333af395f2e3636a034b2a8dac5d9d3b2fea1c0997fbddf4975f505
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.htypp
binary
MD5: 9a695386b28c3c5599067f56e280bba6
SHA256: 523af76f6dafb13efe85517405494064d684af88569f4a5e21e9b3fa702bf674
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.htypp
binary
MD5: 998d78fd294183ab2f1dc13b07ba397a
SHA256: d7e022aaca7e7df37632d787f506a08af24ea95b39abc3ad29d547e6313b99ac
2740
GandCrab.exe
C:\Users\admin\Links\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.htypp
binary
MD5: 105b68c9b370917a7229943f5550aea9
SHA256: 796148c226ae9c28733aecbe6c828094d61faefd47a59134205a3e5a72e012d7
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.htypp
binary
MD5: fbf9b72eb7df64171f2561b5cd3575ce
SHA256: 7808590308bb2583671d0f6db3e9af577c53c62412dfcdfeeb6e0b8d49e9efd1
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.htypp
binary
MD5: 541699e5a6abc17bc3de874bd7fa8f25
SHA256: 1f6af4f5c8f74fe4b0522fba270a4a4e2a3103a84303516917e57d24bc57821a
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.htypp
binary
MD5: bb9dd1c2ab1b68b186e91f7a9f5b65e8
SHA256: ecfc1c16c02c41552c4671532a6e67c40df507d05a32328cd38cdeaa5a81c69f
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.htypp
binary
MD5: 7dbf13bab7d89becea686795390dc07f
SHA256: c2d455378710ac12b7289499a249caef724d0369202e687893fb7b08e36b833c
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.htypp
gpg
MD5: dc7cfcdafd07d7f37a4f470b79c66528
SHA256: 590cfa1f16c37296b73dd94fca85f8a69e3e2ee3ae18f41ec4b9dc46cd9c5376
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.htypp
binary
MD5: f392d85d9c51e393600e6fec287de425
SHA256: 64a0a588672b4ecf27812cff80d9f724840ff44ce3ea23963ec8efc46bf5ef4a
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.htypp
binary
MD5: 94e39a1aa63c89b47083c90a4253f225
SHA256: b38ceab1f8f2b6540a85a6768167ef7179034bc262eef593ce4df5615487b6cc
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.htypp
binary
MD5: 92539227a1774cb0fb7ef25b94124c7e
SHA256: 50d0cd6ed8466f18fd61d53b76345b270bbd3250711f2b7b8eecffdbf789fe94
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.htypp
binary
MD5: 249720d5df75064ce593f344bb18fec9
SHA256: 28486b5b720df5e0fa02220bfcfe00f59cf9687aff8161f600840a92d9dfa71a
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.htypp
binary
MD5: de5a15c7fbd7f92903c02540369e3661
SHA256: f975aec65ce673f10fa766504f5149da9f83ea42547bbcffe706ce5c600fddbe
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.htypp
binary
MD5: c29cbd02113693669dd2ab863860180d
SHA256: d19b4e762d6959441f87c0a34cf4091560744f3699b33fb70234823ef4eb3b43
2740
GandCrab.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.htypp
binary
MD5: 0177563ca6c1874aad96c05a11cb14e7
SHA256: 93cc96af6702d23e60e26f21cdb63193db5323e662169606362eaed2c6f479f4
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.htypp
binary
MD5: 2ef166e7e340a87713ee0575b9c934c6
SHA256: 082bf465dfa41ed01308ef1fa33a1a8d65256d458304d234a3af074747d6ec24
2740
GandCrab.exe
C:\Users\admin\Downloads\understandfat.png.htypp
binary
MD5: e86af26f73fce1eafbaa2012b7326181
SHA256: f9b65e47abbd65b39923142a6eb8fa5aa8539d997f29de6d0a072bc0b6a514ef
2740
GandCrab.exe
C:\Users\admin\Favorites\Links\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.htypp
binary
MD5: efea4972c423b9437e65159b5ecbbb80
SHA256: acec2d05119ceda2e135a1d47778987afa7ce8b236e6b21ef97bf921194f37e1
2740
GandCrab.exe
C:\Users\admin\Favorites\Links for United States\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.htypp
binary
MD5: ce9e6350fb6b9f7d73bf3f1d825d286a
SHA256: 344f159e8c182665501dd37ee76fb3fe7a46dcd81f2773a753af091a0e82c615
2740
GandCrab.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Downloads\shipplace.jpg.htypp
binary
MD5: 252164126cca6f619677d059edb9588a
SHA256: 4fb3f15f87306ecab9c9a6c5537ab79101828577ea5a6e9f8b3ef64f06e584ff
2740
GandCrab.exe
C:\Users\admin\Downloads\reviewhow.png.htypp
binary
MD5: beda3017845593280f877941e96518bb
SHA256: ffdf998883ca8caa2484a942dbe2f11f0ae8d942c58c4faabe4781a0aaed0703
2740
GandCrab.exe
C:\Users\admin\Downloads\barbehind.jpg.htypp
binary
MD5: 302bce1dc28effeb9520a656dd229f98
SHA256: 50ec74c23a237c9d8ce4a8269c2d5e3229aa004a4cbeabacfe772addca7e2372
2740
GandCrab.exe
C:\Users\admin\Downloads\shipplace.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Downloads\understandfat.png
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Downloads\reviewhow.png
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Downloads\barbehind.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Downloads\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Documents\someonedownloads.rtf.htypp
binary
MD5: 46e471ae0128d9dc477209d9bd288a54
SHA256: b3ae6629dbee0b3505b7996093c9908014e50789d093d266159935436c985098
2740
GandCrab.exe
C:\Users\admin\Documents\writtenproperties.rtf.htypp
binary
MD5: 048a0b7eb17702c533d461e51d968b5d
SHA256: dc5cee7c2d2be015dc4f39625cb5bcd3f41861366eab778dd4a0d8073af250f8
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.htypp
binary
MD5: 5f30655814801826ff071886333d03cf
SHA256: 4cc96915cb1b14fa1391b6629f1e7566b1fdbfb3d5b0181bbba22ebf13eff36c
2740
GandCrab.exe
C:\Users\admin\Documents\writtenproperties.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\someonedownloads.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.htypp
binary
MD5: 0599a747291a70228bfed53db136901e
SHA256: 5040b8ea1775a3b85a709262b60c8e18e0fcc317a36f7b2649ba9ea0b82656bd
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.htypp
binary
MD5: 6382c10e83c72ca6de512c53a67cef03
SHA256: f0875bccf1327d44275200d84afe1c624fc43dd5a37d48961e2ab8bd0bb9c67d
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: 8fcdc1596cae88726b016cc7410a1272
SHA256: d39b9cdc99b83cf9b27477db07cfe043721bf07d433aa26d2ec305146201c5b0
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.htypp
binary
MD5: d67f00a403092f9bd65e79b6e4906b08
SHA256: 2c54b3e26a8c385de335c7ce5259219a2a1456546681e61f5d14cb90dc367d02
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.htypp
binary
MD5: 8b6f6d989dca90ec245b33ff8682c77f
SHA256: 6c9a16d1893b6069d89d1badbbf5e72a528405245aac5f6cb2bb4a4dd24fff06
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.htypp
binary
MD5: 9837049b63a018d01071e583202bf798
SHA256: 01f821ff54bde002f3e30ad0a1485fe27331e0a3f3a1770e8a763e12c40a534e
2740
GandCrab.exe
C:\Users\admin\Documents\Outlook Files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.htypp
binary
MD5: c4c22c07c22f266c79a93b7efd72461e
SHA256: ed335e89ddadac3de1d28e68dd25eabd89dffd046988090cea6d28a586f657bb
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Videos\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Documents\marmodels.rtf.htypp
bs
MD5: 89c0781248265d83a953528b97b08e67
SHA256: 6b7c8e9160e80dc00cd0f4908be4239216982029b56a563d59c3693f13e3e107
2740
GandCrab.exe
C:\Users\admin\Documents\managementdeath.rtf.htypp
binary
MD5: da37e4c719a96b9244fc36cbfddcc352
SHA256: 641c0d2d33f023af9e5b7222f87a820672dd76b542123d4baa67de52189d8b53
2740
GandCrab.exe
C:\Users\admin\Music\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Documents\amongthrough.rtf.htypp
binary
MD5: 05e14002eae52f1474fb4e2c55c03168
SHA256: 06981bcfab4d720fdd14e22085a1af8075e5db314ea18a37f64cb80a138b25a0
2740
GandCrab.exe
C:\Users\admin\Pictures\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Documents\OneNote Notebooks\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Documents\betterpolicies.rtf.htypp
binary
MD5: f5a1974ae2e552b433148de0fe455c2f
SHA256: 58a19d86a3783d03181dbba39aa0415a602d6a70b086ebb5b34f87d6acf7ee7e
2740
GandCrab.exe
C:\Users\admin\Documents\marmodels.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\betterpolicies.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\managementdeath.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Documents\amongthrough.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\personallines.png.htypp
binary
MD5: 313564a53e4030f0b5fee391cf58c267
SHA256: a1dd286954f72e25d92095a2a5ed38d134156e096e8b81e71bce865b8efe689f
2740
GandCrab.exe
C:\Users\admin\Desktop\rememberfeet.png.htypp
binary
MD5: 0f36edf039383a2cad8481de6b5fbdfb
SHA256: 4233f5598349701e5fecabc415f46743ba29e2b1f52e0000699301ec88424a91
2740
GandCrab.exe
C:\Users\admin\Desktop\phoneper.rtf.htypp
binary
MD5: d7893485adac9d34d1944a702c3a7d28
SHA256: 93e1ff4ba393a0b65ebf0129429f7321aeb587fe21e677a239f091ad2da6a60e
2740
GandCrab.exe
C:\Users\admin\Documents\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Desktop\patientcredit.rtf.htypp
binary
MD5: 131ab81ee59751a4a43dfbd860874230
SHA256: e403e0168daacc67fa82bdeb163cc2f69df1fbf11d1837e18da5c704a479195a
2740
GandCrab.exe
C:\Users\admin\Desktop\jimprove.jpg.htypp
binary
MD5: 5c258273f2771cf99057c1217220ed97
SHA256: 715dff0dc7a580c16959686c7ead9920c33a2b86d7d5ad1722a0700d4147e763
2740
GandCrab.exe
C:\Users\admin\Desktop\rememberfeet.png
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\phoneper.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\personallines.png
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\patientcredit.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\jimprove.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\coloradocenter.rtf.htypp
binary
MD5: 250090747828bdea1b291aa12dea082b
SHA256: 6fed8b698d61b88e6cbf40a05b3ef46078fcc67ed97192fe0701555f47cdc071
2740
GandCrab.exe
C:\Users\admin\Desktop\hostdivision.jpg.htypp
binary
MD5: ea8904a2ca345edc08968473cccffc60
SHA256: 0efc6e776be3bcd611064b4b8d6dbb58b99f11191b5bc5771b5d02efde1f25d6
2740
GandCrab.exe
C:\Users\admin\Desktop\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Desktop\hospitalmembership.rtf.htypp
binary
MD5: 270e762df92a043cb6de5e438420e71d
SHA256: 19162426f6882ecbb56164c9895e1d6b751c9d3631f18b5bc1066759ebdcca52
2740
GandCrab.exe
C:\Users\admin\Desktop\hostdivision.jpg
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\hospitalmembership.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\Desktop\coloradocenter.rtf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.htypp
binary
MD5: cfc9e4077512603147c974e622ee1c71
SHA256: b89874102c90409fc149020ebd0cf8526d79950a81a1bcf343c91ba02390210f
2740
GandCrab.exe
C:\Users\admin\Contacts\admin.contact.htypp
binary
MD5: acb1942c03de83f95bdae22955e93496
SHA256: d365cb2936a478439b8b37bcb011c7e646eef929a2ff52537508ad80905ed61c
2740
GandCrab.exe
C:\Users\admin\Contacts\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Sun\Java\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.htypp
binary
MD5: 5807029a9d930a3b05aa5675c1a9dbab
SHA256: e1c060b24228481b133826836a248f7413fd41990208c8c99ec55d3c41833741
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\WinRAR\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.htypp
binary
MD5: 13ecbdaae7c8390f89e0b89118a83559
SHA256: 8f8e9f6a60e91006c09770a9eb8fcdd287bea655617d17a49854aa179437417d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.htypp
binary
MD5: 077fbb5345c7adb7e5f581b54ead4dbe
SHA256: 1fa6592ab294879d572773fb1dca44d167ceb17dad86572467aca988c3620422
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Sun\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.htypp
binary
MD5: f84297ef6ecdad713f0bc25348141e01
SHA256: 533fd57ee961b862bc26ce2c9102819086046ef377fad9a0716dd7bbffcae4b5
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.htypp
binary
MD5: 94eae753673e4fc89f44118f0ce9c9bf
SHA256: dda238a2c22bc0b0b814b68707454c0b0287ba4ada6a9cba9d9c6466001fc1f1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.htypp
binary
MD5: b3f5e6fe7fadbb28760b59d723b7a549
SHA256: 257f629ad0acf25635f8da57d959d2b70cf832c6a3fa90339e345a842c21f992
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.htypp
binary
MD5: 0b711702610db2ae56d086cbc4027acd
SHA256: ce27774b3f414018c1b9046c95cdfd4a25a2c5537e8b38e11d393ad754138d61
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\logs\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.htypp
binary
MD5: e6e56206bff9c91dca3efe677bcba1a7
SHA256: 900e3f84376971fa5c3a640b26809825381ffe55cdbe1f98cfa8797a26996e88
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.htypp
binary
MD5: faaa1b074ed7d60458609a7620680144
SHA256: fb3ececff5cacdeacb57ee6710fc9fea2d0714f3c6477025f24b6ef05c363b18
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Skype\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.htypp
binary
MD5: 0171a6f1845a9d231698dfe5aa998c2c
SHA256: f2d4ecd06761dcd4ded1ea4e7b0539763e19a5c9a4e53c3d89a81227ff46ebfe
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.htypp
binary
MD5: cd510d583218ec493c7a027795944e3c
SHA256: c4cfcdd51556cf7720210615e81106c051d06f492881dd4b15f209b65e4cbc82
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.htypp
binary
MD5: 765b37a8af438b6f466cb5d8792288c0
SHA256: 923b589cd2c9efc7026ce92c9b5f10e65f4d4ca4d300e65eea9fe961f0a547eb
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.htypp
binary
MD5: ac7a1122109c32e2982c4e74b1ebb4b0
SHA256: 57c7e94123cb9cf3f815d1a64a7ece87ee5a7370bc347affe7f2a2aafbcc6761
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.htypp
binary
MD5: 160e2bae5427d7f49c301b6366df3b15
SHA256: f0ffb2e152a6ed81e251bf41d31183ee9935ed78bc207f558dfb19c272c34480
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.htypp
binary
MD5: 2c52345d8033edf5abf78ec211cbbdca
SHA256: e3d6e16f143c06af92e6d3ea481ecd7b785422b9985450d88ad450cdae94ba6c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.htypp
binary
MD5: 405ecf0fcb08c440588c3d1b17b134f0
SHA256: 50fca811f06238c4afd9699cb4765f8ab4b3cf29d77d3230c2e000c904c4b3c6
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.htypp
binary
MD5: 8e0bbd8122d946c6b8dc74b7e802318b
SHA256: 555c395785ab8d59a4393c22410b4204314720061b6c9454b1ca01e14881868b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.htypp
binary
MD5: 089c56aea0053663380e4f92722331d0
SHA256: 36bad3fb254789c4589e6c300828417400cfc8c5bb58ae7d55f24b607cb5949e
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.htypp
binary
MD5: 7a88c8b9089fd230f7cc05e216a9e5e2
SHA256: 28bfdf02815f70175422a91e5ae03a484f4aef889bbce88629f95309f35e4ac3
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.htypp
binary
MD5: d81da12d5cfbcbc585c47e5443892cde
SHA256: ad2e77b7e8109e09726c27fed727ac8aef23f36ec84322212ad1c0fa649be388
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.htypp
binary
MD5: 03708d253030401004a247ba3ee0c699
SHA256: 6d59f3af773df1a58d1c9c44923f77ad7fa2211f9054394d233ffe6b09d30016
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.htypp
binary
MD5: 8b67a20d551cc4d846fae1a6a6ffbd06
SHA256: d9f32076c9c4378ba747432934b26aa337e65d61718da471d22cbb7a83090926
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.htypp
binary
MD5: 16e6cac044b61ec06a52e56e018eb958
SHA256: cdc8eb48384f640eb3389b8a8de9bfcec48c5805cb3f97dbaff0a7754f37930c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.htypp
binary
MD5: 61f34d19bda399bba7ff5e701171b767
SHA256: f37a913294e0621519e2a9b288ce02cb4d2d1af92b817d74b87eba32407fe894
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.htypp
binary
MD5: d10c021cda349be6c2aa574296f9a363
SHA256: 092e89f34a15505967b13048939e1c6d11d11dc5217941fc03d91a5840ca017c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.htypp
binary
MD5: 20d8e97f764a9e2c9d9b03e7748f0b4c
SHA256: a8c45a626a81517942ebc82e4d53f6c7c79fb6c7cddfd68182d89b2d587d62c7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.htypp
binary
MD5: 6dc9ef39a7493afbae62a0a1f72cca9c
SHA256: fde97a6601fd9da923444d1710cf53804ab15b9bbb95989f1f4106419dddeb01
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.htypp
binary
MD5: 761bfecbed5cc23aaf82d8f3e4f503cd
SHA256: 6af2f99a461ab777268a76a53e4c2a16c10ec10d74e7e81b6878ac642d1efc4d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.htypp
binary
MD5: ac67e29ebff955fad44a49fdc20934f0
SHA256: 2a4901c5129023d130433f7b1ba6741ba1753320889ca7320a5eab33dc2ad56b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.htypp
binary
MD5: a130bdda3bf652c2fe7ffc0c14e1883a
SHA256: 934b7e84daca52b42c2fb103db2fa414ec494c651a7e0d369be927300123ed73
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.htypp
binary
MD5: 028ae4bf0dd8111d346a6155e5c36516
SHA256: de5660c5ff7e2fb31fba65e6ca9a20adea0cd27a9a1b001d18c6f6a1570fe8f8
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.htypp
binary
MD5: f10853ea10ad5f5715d1aea6e9ca5692
SHA256: 2a7b9c4e38f33a6ac641f018ab7d8c03e0705ea69d2878a8b1702d835b91b259
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.htypp
binary
MD5: c874a81e31443741400b0c99e5eb1f2d
SHA256: 3651a728ba86723fec0eb8a39170f9325d182cc4027627931a83b0abe2075d62
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.htypp
binary
MD5: 3e5234785a4d203554b0e78bf5ea3efc
SHA256: d117e68b53a8ed3f412f3fca3716eabf35cae1d4603b1735a4976c42849e30de
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.htypp
binary
MD5: 13e03484bc62a6ee82b3d5c0131b8dfe
SHA256: e1b6744bda2163fa511427a95ef2e514ae8e78bf6696c9e161ced52fe95b11c7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.htypp
binary
MD5: 3ac15a11787dc13182f2353d17105f88
SHA256: e20233858c9900e97540ad00edc3de75daa7bb11a7f2a2fc5af1ed94d2318f54
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.htypp
binary
MD5: 28ac97017ac70fa953e5ab0dfd4be06a
SHA256: b78a657ee03623c4deb70ecc676e1e3de7639361f70743d8857218e2e6dfc973
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.htypp
binary
MD5: a9ccbcbfd3b396463161bfdf05d6bd39
SHA256: 6cf0342cb559f3889586563c151f77f6992e508b7e32d7ae422f4e8e7f592ae5
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.htypp
binary
MD5: 2b47d94d0fe0f4e06eb44449983c156a
SHA256: 34a65c0d960af35aa2f794ea34368cdaf88ce44ffe16a69e92b7a4d72ad81764
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.htypp
binary
MD5: b5b69bc3c628f485e87c718833cd8e32
SHA256: 16ab8f4009b406a5000b994c3a70309f36b47cb47f716681e78b2692943b7e34
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.htypp
binary
MD5: 01fda46c71573b8f8a455f3f31bcb4fb
SHA256: 54b21a8b62d62d13a8877e24fc72199d548818299f474e435e80166a7f2aa83a
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.htypp
binary
MD5: 9c89288ae5bfbe4fefa8b0795a19d9ae
SHA256: 566d0594777e00f297659fc91db8a674e6e568dccf6edbdc3202d139e55700b2
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.htypp
binary
MD5: 05823924129ab0668ee80dfe99c22094
SHA256: bf1975655d648c073f4592451c044ecf89c00275aeec1a0f1e9b5d17af36d15a
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.htypp
binary
MD5: d2d92d8287c15811576b6257ad3ce0f5
SHA256: 50cc5c3210261c9494ae3aac5586d6fc9e0292c09377b13f52e70b0d98e55cb1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.htypp
pc3
MD5: 6faaa6821b273d2f5601ee6aad2f4670
SHA256: e18c855ea0b85d6ccaa4214e72d221bd5afa8e5a25b4d2993234c6c9f155c767
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.htypp
binary
MD5: d943903a510167019fad2a8b2dbf25fc
SHA256: 1be1a94cb2544697f70c16480f788f12099bc2138684b9f3fc85c275b50bf70c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.htypp
binary
MD5: c98d4fffe5a793f6c3d80b50c1ff86ed
SHA256: b95fb0428f3ae799704fba3f14eb3ca2596de41585ee467e5b6f86e116105125
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.htypp
binary
MD5: 3363b78fa5437ffd8034924aa052e4e7
SHA256: 756d2446875dba0e82fac1c23686d290c2637f6c9e690a3e1f849b9257a2c9f8
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.htypp
binary
MD5: 9591bcf322c08893d6881ff8381587e3
SHA256: bdb548222f0d707a0b55d5024fa87114a00436d7a906f664513cb0efd2c6c7c1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.htypp
binary
MD5: 9c087529ce018663735be9895724a63d
SHA256: b23a7bdb21a1a7d5510af87a664db0e555955fc0fcbf68585dd3a1dc5c85158a
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.htypp
binary
MD5: d55d2db7e3a070ebec7928bb236aad4a
SHA256: 0e853bed05a27e845090823c3a111626b598b51a17e5b62fe47643648f6a6d6d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.htypp
binary
MD5: eb9471f3168f3d06908b2fff4005d97d
SHA256: bc5b534e6fd7f59a18805e645b23a3cee2a692d0eee92c311aee28f7e9d7db03
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.htypp
binary
MD5: 3c9de6e9406c5583cb5a204d7f406fc5
SHA256: 2590dc93dfcb7d2a09871f03d5d6e17ac33ae1bb85a4ae59ecf9a467fca5c5e1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.htypp
binary
MD5: 1bdcf33f38244c3dd7f47b3cdf65cb1a
SHA256: 84dd2f1785698575c90bf9a5469a7529f8044fe7e0edfe165f4c1673f2404bf0
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.htypp
pgc
MD5: 80ac0357a796e5087d603c191e4669ad
SHA256: 176520659111edf5e60a2d680a9e55ff00aabdb6db0cee8718fa2c89594082de
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.htypp
binary
MD5: 38fe13f5c4102d3001dd02adcb86f872
SHA256: 24cce04fa43163f058f676c07ab8bd73ad6c80cbbb1e2f9b95fc82fb0cff9cc7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.htypp
mp3
MD5: eabab42a1e5bfb39aa63bce0d7e0a18a
SHA256: 7f4a6b6a37cb45c083196d93155441baa3d363ca62af3e702ebf2d076023c55d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.htypp
binary
MD5: 4f66edafe5996b55ed0a5387e97614c4
SHA256: 26aeb2599ea4d429cb19d89cf2d2cde8cbcb61089c1a55720a09eb525b563de9
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.htypp
binary
MD5: 62ac72bb63e0ace45ed0e1a549d7e4a8
SHA256: 67b3552b15f3afa06ce44d3198dcefd573630db3df9a4e01ee3429ace62306b2
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.htypp
binary
MD5: 0983062b4b9caf51478b33881748b454
SHA256: 9379da787670b3ffedb20692047286c35eebee39a3ad6f149bedc9d713b9bb96
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.htypp
binary
MD5: 66d1540f852d4d0a2b8d3cd52d1c3adc
SHA256: 80c050d962b2f061d0ed6152a106df7c832f7ce4cfeb461879260c6be482b13c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.htypp
binary
MD5: 4f7e1286926d209a4241e94eac25c0e4
SHA256: d3ecdabe3827a0127e74b54770e52df21298dc3c088f7482d41b870946f0ac37
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.htypp
binary
MD5: 77dbcd284a0b4f3f2b9825001c0808b7
SHA256: a980a94bc01f2c28601e9daa7cc0a7a3bf6fa529cbb4c0bb2b6db52939f166c0
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.htypp
binary
MD5: 2df4d03e78b44e189995672feadae7e7
SHA256: 9e2fa2aa2f4a02e5936cba46bd62b866db5f466d2d82130521e4653db7c5929f
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Notepad++\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.htypp
binary
MD5: 0b33119b13138311f036d3a7183542c3
SHA256: dd416619d2f28dbdbe78158d596593d63e1d4540334bc4a163de969efcfd4fbd
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.htypp
binary
MD5: 6b47cec07354757d465230bf25c57688
SHA256: cf54ea30f31483bf24d643385105bebdbc8c22364293528ad2bd6285d8f59ae2
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.htypp
binary
MD5: 33e479ffe7939d40296277ff0810e6ca
SHA256: e6d1477c89624af78946d1ba4002aaf6d5530b4ee57c756027657860755f2440
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.htypp
pgc
MD5: 977300ec004f25773ddd26bec5850f58
SHA256: c5bc8c085404ddc9869699889beebbcbd8ff07199a01dc3887527e47b345f7a9
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.htypp
binary
MD5: 61a8d4b9b9179aa7a2825f54a650822b
SHA256: 85fe628cc28d2e20f20dda7be8a47363b0b495ebe73c32c7261b0dd5f0e98936
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.htypp
binary
MD5: b3819881fad3a098308f07d74ca4714e
SHA256: f426b970e40c68f75b3c97d3eca509ad60daab3808c0523db94ccf0e397852ad
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.htypp
binary
MD5: 67bb1bd59ea1a38fb3d6241ca75718a7
SHA256: 816251cdb9bf15661324b3e9d32412c8b4db746209040dedaca9b9a3703679aa
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.htypp
binary
MD5: 299326cef9bb288f3046daa6d59ad4ad
SHA256: 2d4211de09be49753536a03e0e179b8fb020d0d5df34b2e5c96ad393361a55ab
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.htypp
binary
MD5: da492a8cd57c0335aff1876eb0d50855
SHA256: 92e84d2c6083501ace879b452d768676bf54c6ae6fd1c867ec510c670f712bc9
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.htypp
binary
MD5: 899ae7be57e5bee7be5eda16becb2556
SHA256: dcbe8299897d59bf5e09a438149d7ff561c138e2e39ff47bfbd68a9dd2f41ac7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.htypp
binary
MD5: a230811319da91578e1e129bf252e174
SHA256: 91c4421128b81e86aba754be344f5cd6fad1bb131b85b2d838392fae5781f7ee
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.htypp
gpg
MD5: 39a91a39a7df496b9749e9863b73c234
SHA256: 25e86f4ba1df2330587cfe17ce250c9a762ee4bca4556f2bab7aa774bc31783d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.htypp
binary
MD5: 72a21791dfb62653ad76081dc6ca873a
SHA256: 56dd9162fa1f38732d86159a4b1cb5226aa8427aa26666c2b520ca482e2175a7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\journals\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.htypp
binary
MD5: e6cb63f9d82b469f1bbf3cb570510ab9
SHA256: 60922f014f3fd965f945104331441f88c02224deebc164fd3cc4dc5691fcbedf
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.htypp
binary
MD5: 34dd497ee03ec535e1c855c5db589c0b
SHA256: aa3749c42812b688265db68e56e67fb47cda960171f6ff4420e193b3c55cce28
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.htypp
pgc
MD5: 904b9ed7f5a0f24671b0483dc0687e61
SHA256: 4045ca8d9d111e8a7bbb92903a6725859ad06d8d7507834afd95ded576727606
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.htypp
binary
MD5: 9119ba33f4fa90f0aeb2e2067abe709f
SHA256: 8f6dabd571c5c5b77bbbb5024c17f2871769f8df500c2ad78d5cfaec12b94242
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite.htypp
binary
MD5: 50011b8d56191d5a9757e7766de6cf8a
SHA256: f0b3f9efbf58d9b8fd42d84ad2e02cb39b95ee551fa64c8c3bdf47a39b600f88
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\idb\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-v2.htypp
binary
MD5: 9d9ee3a5ad969fbd727ad1ef0b3ff21d
SHA256: f41102d7211e8429c3189aaa006142279a8204c8d79dbe3a058710a1e8860713
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata-v2
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata.htypp
binary
MD5: a68cabb255bbad7404e0571a3819924a
SHA256: f5b9b7fee5fa4ddfcc3bc362d0f8bc835ce0b950638f86b1b7c8ab29db96a665
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\.metadata
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.htypp
binary
MD5: ff0b17574b6b4d6b45d10c66b8ef49e7
SHA256: c1d1ef5e3343a6a6553375c6e40ef43ea1106ab6339973ca8b2c73d67bc2307a
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\moz-extension+++a35bff6e-5489-4e10-95ce-0340b402ad38^userContextId=4294967295\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.htypp
binary
MD5: 43aef851a59e2df245a50a008a968a05
SHA256: 8e495e6330e20f0f9578d8c98cdf53322449779cb3bd1b44990d91c104e53756
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.htypp
binary
MD5: 1987e5d1e0ff98e2d485c4d071c2633f
SHA256: 9c5709c2379749970991ff7e7c0bad675f33774d53f55f5523a9bbc3f7ab5594
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.htypp
binary
MD5: 0fd1845ba321ff7a00a2f3438be8048b
SHA256: 4144a138de51fdae849a7ca27e5bb1e6f98a08e2fb881d2152b84018aa3ea35a
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2.htypp
binary
MD5: e15ebeba51f532b1af011c5d03183459
SHA256: dbef9b0f6565f106be55f624590b868ed38cb3b6d900e5b85ea2239c483236be
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.htypp
binary
MD5: e41dfd0fa209349a221c071b9a540095
SHA256: adc7114a9de6f8a903b61a8775cd05cf4ccb9e5d846aaaf740cb441072a28b63
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 23b966935ba46913eb51cc19fa9b8641
SHA256: 0d5c85d5cd9df905ede5ecf9a31fe1789d244669ec877391ca2288f4480a89be
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.htypp
binary
MD5: 5c2f54204432e1cdf7e946c6375c0c85
SHA256: fbdbf980ba9d164e50ab67f58847dcf84bb6fd7863625e6eafcf3d00c2451ff6
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.htypp
binary
MD5: a5e05007c6d910d9e64bcc6e00b95fe8
SHA256: 21fa346b0dad33efc853f670f115fb591f8f120efeda098d99753e0482d73491
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.htypp
binary
MD5: 096a8234cdf70f8810ab4c0fb7ac1d7b
SHA256: 535c3bbaba4a939a2fc931e492cb07a41e04185f9292c7495fa9e3659b1108b2
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\upgrade.jsonlz4-20190717172542.htypp
binary
MD5: 30c7683dd863118ccadce8ae5b9b4a31
SHA256: c8e1ad36aaa3553295ca4392a790d352f5ef1e363925902a15920a7d11344f33
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\upgrade.jsonlz4-20190717172542
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\upgrade.jsonlz4-20190619235627.htypp
binary
MD5: f58a4fd58287b7ac6589826f04d2102b
SHA256: b977831eb14c80859766297db5d0a631a44f4123bb1899cdc990f98bdde0fda4
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\upgrade.jsonlz4-20190619235627
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.htypp
binary
MD5: 40994ef095aa902c68f3ac7ff9bd6bfe
SHA256: 8bd92f8f305c7284da31c4a0e627fd70f274f54fc1ad82c7fcf54455e02f1786
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.htypp
binary
MD5: 45fa1886d86d95985946c05d349a8db8
SHA256: bc4928f47a537e6164c1d6bd7d95cb6ad9a1fe251781bb326f3e376523181fa7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.htypp
binary
MD5: 5c6a8ff044aa395b12c61d19d1303472
SHA256: a07dcd212215f9340a9d39a6ace485ffb57d7befcf0867b9f0c0a5588b2a5cd8
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.htypp
binary
MD5: 1fd3d8ea979fd571b9cb3941564b7bf1
SHA256: aed8fba814fb9f9dc25631f4d6a3bf7bf803a8cf3766d73d62ccc83a923cf6b1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.htypp
binary
MD5: 3d0a4e844bbc09a2f58f3bbf336b6a8a
SHA256: 545bb18cd3501edee39a0c4878df1377b8eaa97ca7e9ecba438221bd3f3d6396
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.htypp
binary
MD5: ab9aa38070191c121c8aa0002d666641
SHA256: 4a713311610c7e237e54bb5d3ac13bbedd65d0dadda063a52e21b604668050d7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.htypp
binary
MD5: bddfc709ed233d056c07e844dbf5f9ec
SHA256: 4e5c0829ac52f73b1ef6313bd13d5f1bb86c7ddb98e1c9226c851da6a8d5e18d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.htypp
binary
MD5: 6bf9270babca0edd99db4a9b23f62cd8
SHA256: 7f989bc1e48150cf9a2b2d6c14db65f95d64fe81fca2fc5dc230d3db74a33c8a
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.htypp
binary
MD5: 7ff822950dda172343c46341dfce95d8
SHA256: cd15fa592dfa4daffecc6cf41db63e912a2d20058c39108443ab81e63f4e8fad
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.htypp
binary
MD5: 85e7c16b338452e4134b42d1816bf913
SHA256: 89ead46d5245ebb79d72f973ac191aa26ec5ea9fff14c52aea26f9aeede3ccab
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.htypp
binary
MD5: 8299ef72b6ed23dbf9a6543c0acbf425
SHA256: 037b8241c516d145e8264a9e13640889daaa9447dab17a610f0e941d9ab55912
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.sig.htypp
binary
MD5: 4a8d21f657ca6bf0bfc8246bd64b628a
SHA256: 56bf7ec72687eee4bee5528b5b3227f429d6cccd939ed90112fdae9ab465483c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.lib.htypp
binary
MD5: 26d8ce8c47759d83a6b71ad37f7cc6af
SHA256: a9eea5093836799c29310926d4ba279620404d3ea7c3bb61994bd503f088955d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\manifest.json.htypp
binary
MD5: bd75bb44ca4f0c1a57235b044398e4ba
SHA256: 693cc8dcbf75b95c9621ff56c893253b91673c1b4c93584b428ca7c8ddde98cc
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\manifest.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\LICENSE.txt.htypp
binary
MD5: 34fc4b04f79480947707e4856ccd147a
SHA256: b415d52f89dc273ee10debb6cff6d6fafd5f579fd9b55a715e1cd6856f464e8e
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\LICENSE.txt
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.8.1\gmpopenh264.info.htypp
binary
MD5: d00f8b9076c42eb4a902cc589660eb30
SHA256: dbc3153cb04feff331809fe1ae9974086ab28eaf5a2482daf094883feb8a6461
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.8.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.8.1\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.htypp
binary
MD5: 7e24ad136f0568bc10936b100684bab8
SHA256: 86526aa27ae41ebd5b8145b5a09497267b0215895550db74cf34d1cef8d127c5
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\features\{4b58246a-1239-4ff8-9650-839c3b3b38d1}\[email protected]
binary
MD5: 2200e9fd44dd635303015b0eca1e31da
SHA256: a2a98120ff9c094e0fbf0e112f0d1f322c72c3336af9fc771440c5351c5676dd
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\features\{4b58246a-1239-4ff8-9650-839c3b3b38d1}\[email protected]
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\features\{4b58246a-1239-4ff8-9650-839c3b3b38d1}\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\features\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.htypp
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.htypp
binary
MD5: 70ce7f4907e4a324ac674b574075f301
SHA256: b0ef4f2d4ea8845945c7f89c89010bd94cdb45066085e13fbf84d47d24906e3b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\[email protected]
binary
MD5: 94e174705319e0dd925bcef5669d17d5
SHA256: 1eb948360a2ca28c97dae974a42133268d3fffa9d0bee9a99d93e11ec3d2be7c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\[email protected]
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extension-preferences.json.htypp
binary
MD5: 2ca65ce8de76a93636bb18db07842be0
SHA256: 2163b4d1204707b4a08b232841c8c5a968efff2381363ba4e5a05a0deb73953c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extension-preferences.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.htypp
binary
MD5: 0b430d7d0940b13b0af9587eed0c831e
SHA256: c2e7f4832cc5ab51902e5047f7d548e1d32a331d9a8f5578755ec1ce86a6d4e1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.htypp
binary
MD5: a5e794cb63b770d84fa4196e48738155
SHA256: 35b8e2ff233a3c0c6b99e70618125d3b904535315d30e2d6723335b65913248f
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489328393.3f4804cb-d877-4063-abdc-f5e3f580401d.main.jsonlz4.htypp
binary
MD5: ce1196daf22d1913ad014b064f890be5
SHA256: 00bd0acf1a786a0ee4d5ac88fb9487fe67b245b3bfda4050e34e8aad8125a3ce
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489328393.3f4804cb-d877-4063-abdc-f5e3f580401d.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489249225.a92b2aef-2c4e-4d52-9046-dcf175c80123.main.jsonlz4.htypp
binary
MD5: 270be756d3707f13c2d430262463fec6
SHA256: 8e6af8a5250e1917d1d3e21dfc6321ebf07ced38823211f402975ec4196a550c
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489249225.a92b2aef-2c4e-4d52-9046-dcf175c80123.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489249221.feb02130-0f1b-4e29-becb-75b2179f799f.event.jsonlz4.htypp
binary
MD5: d1c196b2e80d5b442e767333bf282716
SHA256: 83541bbb5a8dd7a1198b22985c2178528d0875b85c8464bf7e2d73374f6265d2
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489249221.feb02130-0f1b-4e29-becb-75b2179f799f.event.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117933.97c72624-b217-49c1-8bc5-dea28b6a31e8.main.jsonlz4.htypp
binary
MD5: 06e93aee7cead4bd417548240018b9ef
SHA256: d7504aebdd71357ada21b2ee264702ec95155a81f68723be59a8d1876b373e45
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117933.97c72624-b217-49c1-8bc5-dea28b6a31e8.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117919.9f39e360-06c8-4521-aa00-735686700748.health.jsonlz4.htypp
binary
MD5: 5ae187ed6c5af924218b6a22224a1ef5
SHA256: 6aff37c473dfa673e97508f775827bcd96d4fa13ddca3b000423d9f7075e6e11
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117919.9f39e360-06c8-4521-aa00-735686700748.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117913.739f347a-1567-472c-be60-106be3bf6422.event.jsonlz4.htypp
binary
MD5: cf5543ac3b79cad1308a21a4516b026b
SHA256: dd1b9befe109af9d8a137fc8498749a3edd9e76f16ce6f994b0181928a7f0fb2
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117913.739f347a-1567-472c-be60-106be3bf6422.event.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117889.a980eee7-59fe-44ed-8591-082294c7a32d.health.jsonlz4.htypp
binary
MD5: e969ce8b4ef7db54d8d50b27eae4355e
SHA256: 523c533c1a6f120d6ea54a190e74b2a35a44807cd8c9b6d200e5f93ce9130049
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489117889.a980eee7-59fe-44ed-8591-082294c7a32d.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489065385.08756e3c-ce88-4cbc-94d7-e48f27235c82.main.jsonlz4.htypp
binary
MD5: 6afe131ac1bc837c9a9339f79766efba
SHA256: 0c836240d12c6525312cf706e0d8526f68afd3b239971417c1636b3dad013f05
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489065373.db607edd-7987-4569-a8ce-b9b5ed3a350b.health.jsonlz4.htypp
binary
MD5: 3347599bd62033177c3c656976915833
SHA256: 027c5795386d70737668281cc436fdd11e44bbe3bd4a67c92a72f06589c4080a
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489065385.08756e3c-ce88-4cbc-94d7-e48f27235c82.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489065345.424f95b4-752b-41ba-a808-cd75fbda007e.health.jsonlz4.htypp
binary
MD5: fec722e66963766c6564f41385ab3d1e
SHA256: bfc15edc77d17bd1df28434dadcd02c14a056460ce673501edf070a234c2e776
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489065345.424f95b4-752b-41ba-a808-cd75fbda007e.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489065373.db607edd-7987-4569-a8ce-b9b5ed3a350b.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489012007.ce5a9275-0b08-4ba0-8072-4a3c8feff016.main.jsonlz4.htypp
binary
MD5: 2234fbc16f7cfcac108ab0eddb0a7421
SHA256: a252d9b141fcea115228a510ca47e37bbeda5aef06940be49c23dfa454c96284
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489038214.adc0101b-f9fb-4d68-96fa-60bbb3e11110.update.jsonlz4.htypp
binary
MD5: ade49be40c7c646b2928b22a85d5472e
SHA256: 342ed28d88d813ff87805ad810da53ab7720868d3ddafd77584c8e488890d376
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489011998.a8968e24-bce9-483e-ac8f-6d6bfdfb0534.event.jsonlz4.htypp
binary
MD5: 9d3ecb4c59ae1a2c2101b308993a124a
SHA256: e7c3445aaa79e20922a64607754b42e49b0754814046df24b360a355c60fedcb
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489012007.ce5a9275-0b08-4ba0-8072-4a3c8feff016.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489038214.adc0101b-f9fb-4d68-96fa-60bbb3e11110.update.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489011998.a8968e24-bce9-483e-ac8f-6d6bfdfb0534.event.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488890786.34b7973e-79df-4cf9-b43f-e66315cb6e28.modules.jsonlz4.htypp
binary
MD5: 77d46e99d558d45b85f322605bc0c83f
SHA256: ed8bce2ab7b71e9df58a24f1b04142afb0e7685d2e6ef39520be3c1b43a243c1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489010911.182cd932-ef00-4581-9f85-b7d7c67e23da.update.jsonlz4.htypp
binary
MD5: 1c71e10fc1919822adff9b08ae9064f1
SHA256: 44efdfce3f041643ebf9fda8eed9bb69e6db0ca38eb28eb4b1d9a6f4425bf692
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488772052.dfa0fcf4-a4c4-47cd-a061-4eb83e3360d3.shield-study.jsonlz4.htypp
binary
MD5: c451ce6c1943ace9a1bf7e9976cb6654
SHA256: e7caa2ebbce96ac93eee98131a94a58e14ca2f0a38f0112a31c597280b0a619f
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488772052.dfa0fcf4-a4c4-47cd-a061-4eb83e3360d3.shield-study.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564489010911.182cd932-ef00-4581-9f85-b7d7c67e23da.update.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488890786.34b7973e-79df-4cf9-b43f-e66315cb6e28.modules.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488717154.f4d74e79-28d9-4b33-83da-e607069bf534.health.jsonlz4.htypp
binary
MD5: 116675d4bf1ccd982d631bcee64bf445
SHA256: 1e1ce660c0d2a10732a445cb3818f2e0438955ee0ebbde99fb855ac0dfca9b69
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488638334.d86fec5f-6877-414d-9df1-62f73d84c019.health.jsonlz4.htypp
binary
MD5: adc0996f11d7a4d06649e8b7fe380636
SHA256: f0ddc841c70f91e9f148d0452fb5e7dc10daddbe1346be412205ff129408baca
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488717211.098e82d6-cb9b-4c2b-a1ba-508693b17b43.main.jsonlz4.htypp
binary
MD5: df8220d003cffb96bd968ddcf69836dc
SHA256: 29a19cadd293386c2c332a1930f1380d0b66f2bd6c9d00299998d5ce111e8970
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488772011.bc363b26-d4aa-47b2-9f2c-09728d0ccbfd.shield-study.jsonlz4.htypp
binary
MD5: b87e802204aa02356c969da98179ae52
SHA256: f59e757b31690198ec70228b7de7907f1622b93e4f86f51241b9ec47ed060f56
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488717211.098e82d6-cb9b-4c2b-a1ba-508693b17b43.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488638334.d86fec5f-6877-414d-9df1-62f73d84c019.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488772011.bc363b26-d4aa-47b2-9f2c-09728d0ccbfd.shield-study.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488717154.f4d74e79-28d9-4b33-83da-e607069bf534.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488331980.5c92012e-2fb9-4cea-a2b2-5f3d67d807a8.health.jsonlz4.htypp
binary
MD5: c35a551cce128500b2e3a032150543ba
SHA256: e5350af6e7ecd2e80835d540f678e8b3ebcdc2870c48277bea0d27a50f6d712e
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488332017.2d973f32-d1ac-4938-bc70-32bbfa9339c0.health.jsonlz4.htypp
binary
MD5: 9312fb239f97039335775ed5d56140dc
SHA256: 2f5e965dca89042be6e2619968d5e397a6d1ef4a33540c077f9fb12501ea529d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488332028.48960396-b872-4de9-9242-7e3ccb6bf75a.main.jsonlz4.htypp
binary
MD5: a47e05f80a6c359bf9c99b6333d7f114
SHA256: 581e6c282a429d8cc8c0320931408ec99623bc5a44e73c87fd558b909670218b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488332017.2d973f32-d1ac-4938-bc70-32bbfa9339c0.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488332028.48960396-b872-4de9-9242-7e3ccb6bf75a.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488331980.5c92012e-2fb9-4cea-a2b2-5f3d67d807a8.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488326995.493b4ce8-0b50-4e70-bb3c-ef7fae356825.main.jsonlz4.htypp
binary
MD5: 5b250e7a7f386a735c045734ab6fc6f8
SHA256: a80f0c60a22de6c646af75739cf87fe40c54cc2cbdf34a72d0f62422360179a9
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488326987.0e5bb481-b7c5-49f7-b38f-8d19aaac0efb.health.jsonlz4.htypp
binary
MD5: b13717b47d99cbe61516e8722aadcd28
SHA256: cb17dc7ee2615dc1e1d11bd466ef444d90a8bf6616f66f5359c82ef560460781
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488326995.493b4ce8-0b50-4e70-bb3c-ef7fae356825.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488326987.0e5bb481-b7c5-49f7-b38f-8d19aaac0efb.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488314138.85453178-caec-4152-bf1c-f6cc6b4b10f9.health.jsonlz4.htypp
binary
MD5: d45662a5cdd467ee2aa64cf25fd22db6
SHA256: 8e662dd0606ee43430f9b5a721b2e5047311904b10b8b4ce7e94d0811b40249d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488326977.f10a154d-ac52-4596-adfb-0e86dcf049be.event.jsonlz4.htypp
gpg
MD5: e6a14e990ff89795d2b370f367d99d1e
SHA256: 9ac895ec91d0c8facc4387487d8a5348b9d7286e20a92d07c121eefa34e24b0f
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488314138.85453178-caec-4152-bf1c-f6cc6b4b10f9.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-07\1564488326977.f10a154d-ac52-4596-adfb-0e86dcf049be.event.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.htypp
binary
MD5: 163ee09a99e6835f187fea9f6ab46eed
SHA256: 4e19aafe557512dd5363c65453dae43f53df6dc3d6ce4fd1617d224c3e805a6b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.htypp
binary
MD5: b46c2b1013b654e19168695201177f6d
SHA256: a7cfcc7b57e4834ea89cd33cb7db320ba992ef388bfaba3e79620ef2212a09b5
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.htypp
binary
MD5: c13d1466f580b3972bf3156d55afa54a
SHA256: d57a031e74c50fbeeec6d40cee79a988b2056e11d782760c7486d34ed3029d2b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.htypp
binary
MD5: 5d4d515e9b4ce1eeb642c5876194ce65
SHA256: ad3ddb87022f1755eca8e1ee584f9c8bf2b3d6a2aee793ae80b666683e686815
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.htypp
binary
MD5: 0c14635c7028504e0ec1bd463a2cc111
SHA256: 3e5d54add7af97ccdba2520d66cb82023255fc4d86c2a414c0183cc3f0bb9008
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.htypp
binary
MD5: f0f93157e26b968a80ff1b344ae85168
SHA256: 27e6f9d84c19e9705618569053a34bfc7c359ab70faace57f9b68c8ddf901321
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.htypp
binary
MD5: 3d9c218323b953cf95aacf2a55eefcc5
SHA256: de979b9b6a6bec9604da445cf227c13fc517a3558564e2a3bc4e0a8a55dd3215
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.htypp
binary
MD5: 9f1bcce1d06920367738085c2def061e
SHA256: 38a299334a27ef9505757c1dd60c5ee14e9cc7c2472244b42ed6da75ae572797
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2019-07-30_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.htypp
binary
MD5: 4c1d8b83616fa217dcc1d7101dccd5a2
SHA256: 365a21c6094696e8b81218bf99824679542dadcd51f94f6168dc3ebe96ef41fc
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2019-07-30_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.htypp
binary
MD5: 5ccac5133e972c9adadb181dab647b0e
SHA256: 8fbee056b9a36f524ad70b80fcd7cbb62e4ff1cd047ecbd4703e6b8560f08bd0
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.htypp
binary
MD5: 920e4fcc3cbe5f648c145984f6b549bf
SHA256: 47a20649e4f26ba211724018c766d4993630fdee7c47bf18279320cc7ea9e29d
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\installs.ini.htypp
binary
MD5: ca130c6e53194b693ae2232ec99dc110
SHA256: 536a684d0bd9f74e5920108173072e9a9ae420fd9365575764c89dc18eabac16
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190717172542.htypp
binary
MD5: c1cd625774154ea7628a2bbab1c90d67
SHA256: d6ff32918951cfef6d2cc5acb802e793a84dd8b666011195af65871aec7496d8
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\installs.ini
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190717172542
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.htypp
binary
MD5: de3abe1dc954acfea1b62103e8bd4359
SHA256: 5d6335e6c5859b7c5483be2edf44cff3b0ee1b8d1309350d1a7b8f1bf995148b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501.htypp
binary
MD5: 318d9878ea641f8baa752341ba74a6be
SHA256: 79c25d5b2cd090c7f23336498b162870ecb10729278d2d2cbd9e98ef961afc76
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190619235627.htypp
binary
MD5: c3cff662dbf01fa2fa9a7b760d5cbaf8
SHA256: 33f3f4567e6bb601fc8688d5ce421b59e5938306fdaea695d16965540d59b52e
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190619235627
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.htypp
binary
MD5: e76a9fec6891bbaab2626f5771e247c6
SHA256: 2d4f57c59e4e76a26f9b3b3dc3a79655722e723650f08f69e260565cfc42bd0b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Mozilla\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.htypp
binary
MD5: 8b7bfe4589ab4290cba4cda7e8c954c7
SHA256: c0458b0714431192872d173e160144d84f7a3b3a2c6c27e34958e944ea3d1acc
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.htypp
binary
MD5: b5dd269012ae095dc98ffc3a17237c72
SHA256: e297a382e3c093a0ff3275557418995efcf2f149cf51572c728c159014800e06
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.htypp
binary
MD5: 90d9f185e20b6747138dad503f15e51e
SHA256: 1a3ec217586dc2814d82ac2a609c3c189e132c9f8efce5b78505a6a10cc03ea7
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.htypp
binary
MD5: a3d210afd353143ad08937e3eb36e422
SHA256: 7cd45f224ab1a91f3c5aa5ccaff4322e6c35828becc1a2a38506da2b990b73a0
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.htypp
binary
MD5: 8a3d4f4067f46852fdc690e4e30460a9
SHA256: b4092b75001922328de4945fb00d4848c115e4fc171bbcf11825a8a20cf6db01
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.htypp
binary
MD5: cbb34cfcfc9a74056ce8259d244da18f
SHA256: 68135d54be99e868489cf828d000cce78778916bfbdf0b7424bf320ddef347f0
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.htypp
binary
MD5: c4fd5bdfec969ad99c491b9c1331c6a7
SHA256: 788341d724b619fd5e68f63dd1c084db2e3e372b5ef28bc9ffd67300ee854b3b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.htypp
binary
MD5: bb5ca19fdb74a388794fe03a638d67bf
SHA256: 984f666c546f33cd06d6a37672c4dbb33e42470a4cce3cda5a7b2a562cdfd7ff
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.htypp
binary
MD5: 0fe75959d7d7c325efaecd251e372dc2
SHA256: fe0a5f4a15830c9f144b9c858f9ebb5933608ce7ff2aa439738030b6e3ec2fc1
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.htypp
binary
MD5: c518f2c785dd7dda6b263fbd0b380669
SHA256: e6cd371e89b010caf91c3fe18bb5db443cb109aa6b3d30fd2b6686a4ae536ede
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\HTYPP-DECRYPT.html
html
MD5: e3a1c9142a943d97658980f4679d11b4
SHA256: 5d79b2fdf177a8f8bee5f33ef0ea232b53826bbf68d9d0ef70b0dd3b3a2ba46b
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.htypp
binary
MD5: 2f8f916660e10b16efc0be1376cc73af
SHA256: cbe330acb67edb4cbe9336f5eac71dc6dcc0e2aadd1c7063ddc4d2de2dbcb6ea
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.htypp
binary
MD5: 0c5b19f92f4b66cd171151294b245e2f
SHA256: 2580e5a03dd58834169f85e202fcbf4b8acdf658f8090a68822d195577754172
2740
GandCrab.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.htypp
binary
MD5: 02a55ab06c8270bf89c1edc2397dfd72
SHA256: 9e6472bf08d13355660507c48ec1f5315418b0a53b9d6685442711f9761d8e4f
2740