General Info

File name

GandCrab5.2

Full analysis
https://app.any.run/tasks/67ad0960-8e29-445f-82e3-2e537b676198
Verdict
Malicious activity
Analysis date
4/15/2019, 16:34:21
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

78efe80384fa759964c9ea8bada3ac8d

SHA1

6300dca046dee2d99f8429bdb9b5f3edc4d5ec1c

SHA256

329b3ddbf1c00b7767f0ec39b90eb9f4f8bd98ace60e2f6b6fbfb9adf25e3ef9

SSDEEP

3072:UKwH7Fxw0GQi8SHa0jNwriVcJLLfO1MYU:XG3wq70pwrimxLB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
GandCrab keys found
  • GandCrab5.2.exe (PID: 2596)
Deletes shadow copies
  • GandCrab5.2.exe (PID: 2596)
Writes file to Word startup folder
  • GandCrab5.2.exe (PID: 2596)
Actions looks like stealing of personal data
  • GandCrab5.2.exe (PID: 2596)
Renames files like Ransomware
  • GandCrab5.2.exe (PID: 2596)
Dropped file may contain instructions of ransomware
  • GandCrab5.2.exe (PID: 2596)
GANDCRAB detected
  • GandCrab5.2.exe (PID: 2596)
Creates files like Ransomware instruction
  • GandCrab5.2.exe (PID: 2596)
Creates files in the program directory
  • GandCrab5.2.exe (PID: 2596)
Reads the cookies of Mozilla Firefox
  • GandCrab5.2.exe (PID: 2596)
Creates files in the user directory
  • GandCrab5.2.exe (PID: 2596)
Application was crashed
  • GandCrab5.2.exe (PID: 2596)
Dropped object may contain Bitcoin addresses
  • GandCrab5.2.exe (PID: 2596)
Dropped object may contain TOR URL's
  • GandCrab5.2.exe (PID: 2596)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:02:16 13:43:25+01:00
PEType:
PE32
LinkerVersion:
14
CodeSize:
70144
InitializedDataSize:
30720
UninitializedDataSize:
null
EntryPoint:
0x58ef
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
16-Feb-2019 12:43:25
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
16-Feb-2019 12:43:25
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00011112 0x00011200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.61634
.rdata 0x00013000 0x00001648 0x00001800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.94323
.data 0x00015000 0x000056BC 0x00005600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.67086
.reloc 0x0001B000 0x00000628 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.59251
Resources

No resources.

Imports
    WININET.dll

    RPCRT4.dll

    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #GANDCRAB gandcrab5.2.exe wmic.exe vssvc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2596
CMD
"C:\Users\admin\AppData\Local\Temp\GandCrab5.2.exe"
Path
C:\Users\admin\AppData\Local\Temp\GandCrab5.2.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
255
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\gandcrab5.2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe

PID
3908
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
Parent process
GandCrab5.2.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

PID
3536
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

Registry activity

Total events
76
Read events
69
Write events
7
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2596
GandCrab5.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data
ext
2E007400740073006400610061000000
2596
GandCrab5.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data
public
0602000000A400005253413100080000010001007F822A70A8392723CB36CB4F4396897A19791FDBF3CF2BAFF6A78C564B0FCB270C7156E5E634AF4DD87D566F45F712630A107CB73C456A8B3BDC912C4E428BBB4BDAD467D245AC48B80A3CAAB111BD54F35599C1025B0B0D300741D632EBB85103AE24F96FAA82814180BC0C8AE1B5C238CC679BF94E6D91980FD742CAEDD67F3355FE4E44096AA27C9F7D3FA9C1875B21F9E4FFB9461B73AEB7ADE7ED03E2DAD0815F8103A67164DC590C1C5394A0C695A2BD4DF93EB98BB69FCB15DF0CC99F3921EB276352EC05FD4CCF27337B462B93D361DD51D0D80018078B08F5923CA7466717DA6802E853EB01DCEEC044446C81F8A71D8082215181DAD9939BC500B5
2596
GandCrab5.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data
private
94040000F774EF15873477E6165B4B32FA345D95C6B5140275B577E0748A8436735ABB4116109CF8633A5E44B1708CF418317E53489A53711F72C1D71476AC9D478F247D8E5755E8D3ED3F414FF6F89411DF2A6F49CCDEAE59ED891886C1789701A5AEE85E241A9C7B400DB76D1691D3FEA465B1365775C79754E9E23CC80574EC180BCCC1A65486808728A7BE3C3D9FD0634D16D89D15096312E4659D9D6A6B62158DE3F896B802594C3C229D9FBED88CDB8542C8E8024B6B9D3AD35E615D14AEE20978F2FCDBAF87A96C3EB4D51BA9770C02B41781E7DD48B5792C8317C6F760F4A61F68C8F3575C814C3DEE6DBF45DE60C57AD877144768B4392CEF49FA553BDF4A980D20EB4A8CEADF75BDBD5C26FED4B98897A3F10A9E71908AB8AD3B6DF512D7818EFB0F4946F73DC694C435FB6A5D7D858A5088C3D4090768580526CC1D21A7290A71D81069C551FBE5DA5D387FE48EF697BF8B319559A4AA3BFBD0348C783E955CA21A820FA8BAE031CB8ADB322B178AEE070F908660C5869E1215B8D44AAA7DD01845047A1EED9C2AA591EAB04E2CBAAD99D434B91E24422E8253A50967D6EE0994E9D5378FF29EE8B9B41F92390F2203F6AE21E6C5504E9DC0B5A3A719E2A2A3B4BC04B4859DA01A07E6A6152E482FD92EB20505BD39C1B0DBC3B66F2BB11EA82F18A5B5CAC9279B32FC7F4D2DDF31B84EE1D87B25EF310A795BAE14182F853E4B7155412958ABBC24345A21F0623643B8271BE088F615FED060AC2D9FFC267F4E2B02F17DDB8F358E70144C75259E4FE6BF52D94FDE2F3C44882D4CED87BC5AAE9480BB09D3E60D7DA1770D215DF0BFF247BD6D7C8535A883665C9DD9F7C54C7CF8CF3D7CD0119D4074D1072518174D47D3E498F4255203AE4BDC2CDE66B9196DA4206D49290AB6D1AAEF97D37AABE7747AB19B7F18F0287AAF17C63D364F9FA098BBBD692D4EAC509550E423D4B3D162366AED4E8E5547E7F84BB2695FBD92C76A35753FA75AEF9D24198B3F43697A6D2358A7B4214B867A3CFC28411AFB59A7FB094198E080936B85719273B23161B51E4D06894BCD3C05637744C2AFDB9481EB66219521ECF093CAF13E907123177DFECA43A29248E580747DA58F4933CDCFC35C235566E2C536BBB67260EA9C357056D3069E1BD5E496ECADB5712045FF2A66620025135BBA2F205529E0B2AA15EFD672F65F7E3A5EE12706E56EDDF52D6ED7DEDE181C4B1B441C05D9D76FF21F3E39D33D5345339BBC718D69C1EA38EDC9EC1CDB97316F15BA2CA174D41C64AE37A4CCC451B9CC3936DB75398770D214E638968D476AFC134FEA39238879E43F08F9B9062048AA514D59229825CA8EAC8A14ABE1EBD656827576D6A5645042817583ED28F410788B12545645B877770400E107DA579ED80D8A32F4AD90F8BECF2C5C6CD980DF305D00FEF67410C2BDC79665361A6740A82CA5EE64CB62CB361016EB33DD2D97941125E883C656A3710B7407FA2F85E8C9D277C94989C45846ED913988B1BBD2CFED3FE0A7597297546A868B22BBDEE2786B32099E5A8F6B445261643DB0F78169327BA5BA8EDA5BE5E5F5CEF091EB20067B29BE07B87C74C341B5962ABAAD71F10A5DA0D11DD2F3582186E450AFB2A7CEE6E943D8A6E9A392594F2A0C9F7D0AEAE1F89023354CC0BD56CCB466565974F62A25A017EB15F86F910F34ED2BC5A8DC1188F159283DAE660637D99BEB08B0A8882B9BBE5F3EF7891D94B6E88BCE47903FD24D73C40FD47C938F9A1A221E256DEB25748781C3A588243583EF7F48C5D0D37BD0748E2EE10CFBFA15A2CCCFC007F72FEED74E7E3F5DF01F081E6276150925662CE9E1BC08BF3BA462E84C4D77F4EB90D89C46202378F02B6A30269169550322E281B9F9C8E02AA7AEF2383ED6B1027917AC786D3A18C32115A3B2B74588F3E062C73F07620153FF495A0F48A1EF90E89E1AFF1EC7507F39169F44977DC288DCEF146048D26D87FD43CC9CDE059667131674525C3486D713EB914512E47E878C4BCAE202784B6FE8CB3368642783686B0EE85C8346CAA9C8A467F6D45CD9FF96E2D16B92E71E236D055E6472C5C2305F9A67EC38B6E0254E15CC9EBF788CB48D4B1BCF9F51AF867BA371042B909C694072AF26CCAEC287649C2CD657DF8940D86037579A4D21A356F9CEA0676813F3FD59E26C9F1F844C277EE5954677F77CF4799EAECCDDB5B59FEB97E88164EB206A1D96431ADA510C83099F40910538F9CEEFE9EDC7F8AFD866DA2EF2AB8B19184AD1D1547B7EE9293F432C65DB0E4DDD6B65AA697A2CC822203D7690CA63B0A81C42F371C5E9F3AE7296916F240908B62B923F822999A6744774271867D4F69CDBF4436F8104B884D46AE7
2596
GandCrab5.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2596
GandCrab5.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
0
Suspicious files
412
Text files
317
Unknown types
19

Dropped files

PID
Process
Filename
Type
2596
GandCrab5.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Videos\Sample Videos\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.ttsdaa
binary
MD5: a97a764f92485325cad4bd9241e7ddb5
SHA256: 891a1ecec49ee59b15a6f087a375b0d80ffdcf98305cc423e77bb51d993b3752
2596
GandCrab5.2.exe
C:\Users\Public\Recorded TV\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Recorded TV\Sample Media\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.ttsdaa
binary
MD5: f30c31d8ddb7888f1fb270ace631174d
SHA256: 6f08cad17c128dd3d0739767a31d6d111659a7b20ef29b655e14840b046b6112
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.ttsdaa
binary
MD5: b0dfc4ee26a27fab83f193e049057e99
SHA256: 199e385b0cc5b8c509ea461a1d8d60665eb5a102fa6422f49a356c0fa3966e2b
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.ttsdaa
binary
MD5: b57b45dcdfdb166762659492756146fa
SHA256: 29e5761caab85a230fdc9d573d573b34af93f9bb112dbb50ab3e3d7ae91d4325
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.ttsdaa
binary
MD5: aa13186e86fac52565b1acadafc35d01
SHA256: 41d10d5896ce40059c0345dded1c854abe4cace6aec423e9627a240024f063fb
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.ttsdaa
binary
MD5: 25f0bb0015b22c69fb6b969d05cc4440
SHA256: bcdffbaf224dd8c55a7c73d8a0924154c6d27825c22284b6d11ace64c8423468
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.ttsdaa
binary
MD5: 975678910268e27bc956733b85f49cc4
SHA256: 1c614dbd5a26c42b6e742412b86285b70a7f00fee66d78235bbccc4f92688348
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.ttsdaa
binary
MD5: 9146cf4b047606233f791f2dbdbbce65
SHA256: 5e82b85ef9081f264a9acf7e86f6c79c7c226ed42982cf009a9cd1e6e322d6d9
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.ttsdaa
binary
MD5: 5bc158c050884d48e72abb7bfcf2fcd7
SHA256: 6f08d733f9e97b6492bf9d67f882643d503e69f05f0f949c01fa070652250031
2596
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Libraries\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.ttsdaa
binary
MD5: 0f4efea81142d80a5b2404da0ec5fb8f
SHA256: 8d018470fc19fc2409c4a71054afb61f38b5e3e7273ac0c352f6ded762c88cc0
2596
GandCrab5.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Public\Pictures\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Downloads\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Music\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Videos\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Favorites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Desktop\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Public\Documents\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Saved Games\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.ttsdaa
binary
MD5: dc6d5e6732ea133a29e6148f21d089cc
SHA256: e6a3950190ecaff0a505f681c62245971bd5d3393d354ab364c149f121d68c42
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.ttsdaa
binary
MD5: eb459148d46bd413b7e48c4dccefbf6a
SHA256: edd3e0c4982d5a5816ffed102353cceeab0f2d32e69274e1591f3217cea475ee
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.ttsdaa
binary
MD5: d1191d3d77c40aff4cdd9af273a115f9
SHA256: 964b1717693d1d57b6840e8386f4643e52536431b102f3c327e354c0404c08a5
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT.LOG1.ttsdaa
binary
MD5: 9cba1c22e9a17100875fbc45f97708df
SHA256: c66d81600a886a6eb77642022feeae71cd3188dd74f709ec0fca1d775bd7b7a0
2596
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Default\Links\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Pictures\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Videos\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Downloads\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Favorites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Desktop\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Documents\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\Music\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Microsoft\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Local\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Media Center Programs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Temp\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\History\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Default\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Saved Games\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Searches\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\ntuser.ini.ttsdaa
binary
MD5: 8189d8747a6e0271ffeef8724bf7dbd1
SHA256: 202db5e022a3988552f12ad0eba9929c36117820cdc38febf29afacbbcb02d75
2596
GandCrab5.2.exe
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.ttsdaa
binary
MD5: 0cdfe0e704d55649df81548066e1db66
SHA256: 0906b202cf0a3f8108bf3872690eb720b86c5bb7bc1a3c3d22b8fd12e0d11f99
2596
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.ttsdaa
binary
MD5: 1a7a2598bc5d2d945a669598d2517c4d
SHA256: ff26f6d04ff84ac9f041de76c4aa1e755f9765ff1b2f52806ab7aacb49e2f312
2596
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.ttsdaa
binary
MD5: a229e37fa1d69a06dac0ddcc52ac6bc3
SHA256: 6f5eba65d69f9c9cf3c5b49e5f07ad46c7bd69639f2e0e0e8cb10870eafddef4
2596
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\ntuser.dat.LOG1.ttsdaa
binary
MD5: af9c20955afc47c2bf2b620ae96c69df
SHA256: e99c3e0242a2b4cf9f32febd1cf8fe65455c384981c61bbac8edef43a3b7519c
2596
GandCrab5.2.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Links\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.ttsdaa
binary
MD5: 4c9f551d7249372a53ab0eeb40dd2385
SHA256: 1dd8a6128cde6ae3ac257ef19ff6530dbb7f6ffd1a9351c377c8f8304047076a
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.ttsdaa
binary
MD5: 8299f2f714c18e09ba49b0da2dfda3fe
SHA256: 2a59efb27ac51f98ee3d0457827c4a3eb6fcde8785657dc9e65a1188f1dc5c2e
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.ttsdaa
binary
MD5: 6112d2d005f806c1a1dfcd9b1f2e629e
SHA256: eb296c0641b564fb82b7c5ea4a1f92bf4ee95da295174b4c8f70ecba5cae5687
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.ttsdaa
binary
MD5: cea9f6c89fe332fb04841d8de271fe81
SHA256: 7262c1a6caca1397e42bb505b12afae6ba0af0c872421e41a53b14e5f84ea525
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.ttsdaa
binary
MD5: 622c8dfa3f157bb86929a20f8626f61e
SHA256: 94411f8ac0f23652fb39a8c661c451cffb26e604bb7389f530d9a7de5a5b563c
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.ttsdaa
binary
MD5: a76655263adaccd08de8ede715dab26d
SHA256: d14f6f8b831b4ea0f25a10985086374f5a4f0d2c0f885cc4fab98ee483969eb5
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.ttsdaa
binary
MD5: bd4ba8cc04e3d72b4ace1a7a0e8792b1
SHA256: ab8a2a5747955ed51b62ffc8ed017a7498c28abc370cbeda1ec9162e19d8ed51
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.ttsdaa
binary
MD5: 43cff7b3a7be78d8aaaaa10a220c2f7b
SHA256: 27b63fe3d1b99218500376df2689ee5f07db7110b63b85eca006b1de3221380c
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.ttsdaa
binary
MD5: 49d6e43575234795bbc4b74371bf9d41
SHA256: b31bfc069ad535f1c0e9f1f613f9742f37f6cab7c49e07fe30f5160b89637062
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.ttsdaa
binary
MD5: 72c4aed8c5e8b0e3a122110cc02572be
SHA256: c66e25f9ca06795daa48b7ca3d61b1aa1e48bae005478fe293e64b5c542bae8c
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.ttsdaa
binary
MD5: 415e3cd31e6a466e784ce7592fb608f0
SHA256: 8db8ba67c6e3b9acda47e612fba690560a31f7334101c145df094e35c5e311b7
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.ttsdaa
binary
MD5: 8a7f6372a8189ce3ae9c4bc8f582e30a
SHA256: fa52a579bf4f5da324d3ff2a457a8addbb51940f63ad80544f6656b439c76bda
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.ttsdaa
binary
MD5: 6a310ebf57c92f73f2dd37e495ebb2a7
SHA256: e2919c7b9915abcd30d1f432ffa899e92b6ff7d91209798c0b90e29207c272c4
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.ttsdaa
binary
MD5: 24207afcd8b140e33879d7d818ee4334
SHA256: 8d24e1d520ef56a079d65b899b6cf5f8311d8f695b9b641d15f99b47c3cf6acb
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.ttsdaa
pgc
MD5: 72fe892c57e30e81ad5b470e783598ee
SHA256: a00f1a07a067b5920273108b75f007501a748c6c1b14f4c50587aa08fe7ea656
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.ttsdaa
binary
MD5: 05c0636641fcb587cdb9e2f49706190e
SHA256: 91616a7cd88f5594a0f0477c5b6049af188d480aaff77641446704204bb43736
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.ttsdaa
binary
MD5: 5e37cbe44b891489d130bed75ab932c3
SHA256: e52ab554abee0fd4e2dd99c572cbd952e5136a8e218d5e6817cd08efc83f3c09
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.ttsdaa
binary
MD5: f1b5387f4067be16c175603b45621800
SHA256: a47cdf15d714b00ac05e3d718bb9f368b5e6daf1f739eabd9c9b0186b665e66a
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Downloads\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Videos\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Pictures\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Music\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Documents\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Contacts\Administrator.contact.ttsdaa
binary
MD5: e8a5c5be08a1e13e43c5b08f344570d7
SHA256: 86747bfd1476ba24295d94ee1c82183127f166cc906c101cf1134a33f17804be
2596
GandCrab5.2.exe
C:\Users\Administrator\Desktop\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\Contacts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred.ttsdaa
binary
MD5: 7f7c5b9d25914ef21c43f7439c2ee4a7
SHA256: 405eba43b2df3312d7eef76ca42952f5aa3b20e4e90daeaad5cd23cc6978bdf3
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156.ttsdaa
binary
MD5: 1b2a533697cc21eb5e4636c7516fdd40
SHA256: b7c5d4ce1efa5c1a921af29c97caf4afcf46afa55d05bf09a60aed83e0c475e6
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST.ttsdaa
binary
MD5: ad7733ffd620ef00cb6eb2445cff1c24
SHA256: bb1567a4f7dbe8c9389ca450fb82d03122a076ade07df96f541533d888f83bfd
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Identities\{BA2162A3-2F32-4850-8D8C-B3C9A2AA9D43}\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Media Center Programs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\WPDNSE\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\LocalLow\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log.ttsdaa
binary
MD5: 6983179dd9fcc335b2ef8a1b03b8bd11
SHA256: 5d01f47757085ffc5a9cae4eb20d6d56c48828054f2981feeabe2750f717f3e0
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Identities\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\Low\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp.ttsdaa
binary
MD5: bf355b72fa5be8049ac019f0283aa7e6
SHA256: bf4b0c1a902ff59582df36116e1087ba639cc099d63c3706d6bed524a8028ce4
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.ttsdaa
binary
MD5: 99d551d1779d90dc67b791bf635c7ec4
SHA256: d2486409ae6af24cf56e58a9ba0581da32dbdb71b98bb126f2983f42dbeee612
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.ttsdaa
binary
MD5: 07c9df61cdf4d2c9da46379c85f2122a
SHA256: 28e55522bf0b3e9b712121ee8424ff3f16d78e8cfd04feeb4ba6d4e49e1cb5b1
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.ttsdaa
binary
MD5: 64e56f200062ec8a4d97a53e04e223ad
SHA256: 8915738386d07c2b70ad0f0cad7ea244a27ac8aff56dd0f2fdcdedd4afbabf52
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.ttsdaa
binary
MD5: 281904a3c76fb7d96bf95f77ed363dea
SHA256: 11da0b6e5828bdc44f0ae8b63205025a9ef9aef2422ecd8a5d248dd7a844b879
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.ttsdaa
binary
MD5: 13fcce11c21eb012eba0800a722c9223
SHA256: 0f2c151d7be0410163999487cfb79b9782e63f6885a870d1b968aa49d7c08da1
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.ttsdaa
binary
MD5: f3cf57c51a5eace5f8b5c19fe006c3ad
SHA256: 27b1b5cd77bcb0fd7700e9b9948ccd25e23be3a1cdf340498b0e7f636fd6317a
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.ttsdaa
binary
MD5: c364e6b08d4e090769c85175be4fc61b
SHA256: ab83d2ff5c91cd42509f35994aca0b4aa2268654aef6349f8c07cec56bc096d5
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.ttsdaa
binary
MD5: 8c1a153b73c6edc864bf198cb5348069
SHA256: a4aa7f2c010310a06441f28c5276d435cd9ccf7d86d0f5a99d39b397cc895bf3
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.ttsdaa
669
MD5: ba0fba33dadfb2cc4c2a70f0ac734768
SHA256: e6590eb6282e0573e9bf7a69a19f7c10296d6b056adf7e5e1fe49902c63e0ef3
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.ttsdaa
binary
MD5: 29b91d1f56bce3b34682536d28b83728
SHA256: 825a30699ab59b1866946d16f5c92f94bcdfaf3858651191ea131fb7641f675c
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.ttsdaa
binary
MD5: 4f8953b7bbad3c9e9f798cd7caaad728
SHA256: 5c953d5bd5a744df27eca03a7276ea4ef2f5ccdd05718beb9dc4bd3f2e456020
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.ttsdaa
binary
MD5: b57f6acc88ca14ee2d300c35008620c8
SHA256: 891b8b7ce83f4d44d667bab70dce32f35e1764457323b6624e578a7bb91ac037
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.ttsdaa
binary
MD5: f14c9fc0abf3254eab385bdb9ee9b2db
SHA256: 3e1a3eee5e4a773a27da96a290a81a0cdc2fe834eb43ff5906c93d01fe2d01a3
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.ttsdaa
binary
MD5: f9415468642574ed9c5c817256ff2ad4
SHA256: 92278a823057bcc388d11f8e0dd0ebea9fc7765ed47b3f3f9a7145dd97ee291b
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.ttsdaa
binary
MD5: 497d211f91a5c8229f0224a930e62fb0
SHA256: 4c6ab67074c87967081c85b8c93654212c98456dc147e4f9dc0646ae64352883
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.ttsdaa
binary
MD5: 607f293eceeae309c5bb5f5658f266b1
SHA256: 7048716ceae57aa725ec9c30b92b5fcd11108de1d832858d270d431de3c0f4b5
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.ttsdaa
binary
MD5: 64d10ef72929629c92dbcaeed7696b6e
SHA256: 9d4320bb29b49485e773cef69f579fe498a7e2c7e0ce33f8efa7285dc189c1a4
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.ttsdaa
binary
MD5: 24140452de7d6915efab4b5af491a426
SHA256: 33947812634db84c82fb34a32c9d4cdb37ced40f2aec8a5848b3cc8aa73d2fcb
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.ttsdaa
binary
MD5: d8e7f55a5e718cb6c025d2609dd0144a
SHA256: 8e2d82af3ba3c863fbef2f430b136a08cc28a6200ffa22604c903b9a4f44772e
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.ttsdaa
binary
MD5: ccc01a2478274390c77df6bab929ea93
SHA256: 7e774619597c56ea2d58b4d83715f30eb6cb94ffcdb9fda44350c8ff0965486c
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.ttsdaa
binary
MD5: 6b6e03aa117de34ba5858a138e74c9fa
SHA256: c3cbc73eb1e97de39dee1922f09cd42dfdf0cfa42ee6f28e402fc3cc173a1c46
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.ttsdaa
binary
MD5: eb1b2b5b56a9a5df62c52ff5fdeab7b8
SHA256: 4a6306a006ea3d4003c850b65554dff814213a23914c62143fe8d4433b825285
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.ttsdaa
binary
MD5: 5fa4ed58230f172c54cdbdbeec9a0169
SHA256: 41bb795d4dd19006f14c1c1432c04606303fa9b7dcab64edd6d60859b579f0ec
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.ttsdaa
binary
MD5: 506f6c16cdd46eaf4c2f504149339031
SHA256: d96ac0ee234e33cfb3453c414a9851908147a5d88157466166c09cd1cd5a9d7e
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.ttsdaa
binary
MD5: 7cf8507ff86bf120b962905ec02daed4
SHA256: 8d65e8b689603407bdc19727810986b269237a2b5d022f708b24b66ca7c93c4b
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.ttsdaa
binary
MD5: c501ffb66bd74069418f04263b68a8ca
SHA256: 074ba8a0a21057f91032b76667d44138ba7ee7002884e143fd21cdd964959894
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.ttsdaa
binary
MD5: b3b09a5ff4e55239df1d7ac7fc9fba45
SHA256: 2772f0d9717fba4613fb68c8b274ffeecab7a58b6856e58501aa96fedfdd7f76
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.ttsdaa
binary
MD5: 244db838cb12d57a6e5e1c9eeeee17f8
SHA256: 37fd74de97ee3920db045330fb98b2564f10aa03e2e4bbf266666d76022ff4f5
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.ttsdaa
binary
MD5: 80a95200c584931fa7fd4356168e4910
SHA256: f8666fb20616cede2099a686cd3b3e22d15822c4a0fa9ad6fec479836014e635
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.ttsdaa
binary
MD5: 7f82970dd53c4c7d470d3e887f79c54e
SHA256: 15c23de0a629338b2762e7c166e1614d2bc83f4bbcef5c84c9b315f04da5ae0c
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.ttsdaa
binary
MD5: 434862ace61e9c3eb45de261bd5619d2
SHA256: 8f50af63fb3375cce5cd5ad94e7cc1eadc69ea0fba5fa1b8ed0cf3ea74d3ecf0
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.ttsdaa
binary
MD5: 5edd5a5e446fdf4ccab0f38e9d25ffb2
SHA256: 276717230904cd871fd7ac526c9756969ebb65af2f7d1f200540a078fe7d4396
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.ttsdaa
binary
MD5: 238546858c29075253c32d1a70428e39
SHA256: 2f629190e8e9831801380e753f674e7324057a13a68639574a38d2db7235fafa
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.ttsdaa
binary
MD5: a35b49a7cdc5925ce4f9c337f2173b6c
SHA256: 4bf933b305d5178caec7bc1f4ddb33300a1a79a3d77c6f558a61ec6ccb63ef5a
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.ttsdaa
binary
MD5: 030e55867c95ee7269398555b44f1133
SHA256: f94f5218983097f8878725da2a57a59ff03e3389a7bb865e9e26af6db6d1e0df
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.ttsdaa
binary
MD5: e2dd0ac03796d12d05741f1088898c31
SHA256: 71dda811c7e0746237924825f44e3c57e666ef69242006be6e7415c9c24885f8
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.ttsdaa
binary
MD5: ec47d249663667a08ac54501ed8ad825
SHA256: 39a7eef19915e32faf40f7d0fa651d733835cafe8cb262f1e20865aad02f4178
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.ttsdaa
binary
MD5: cc6ac14f7b16e65951233e96c704ce99
SHA256: 60a1fe1244de3373caf99497cd7f7b23ac9e81a73f64437d7653a424ecdc6cdf
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.ttsdaa
binary
MD5: 17c8456debcf014b328e750d07ace93e
SHA256: ff63ddc9fe1a66aff36476e84a83eacc27884f0e44feb5f74ade740948d25602
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.ttsdaa
binary
MD5: 43b95696bdffcc8ac194365638a0c01b
SHA256: bc600e0a320eaa368cbef378e3a682ba295ecdc5e07225d095c29b9c09cf45af
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.ttsdaa
binary
MD5: af41d0d0c5796b9457ad9f43dd74a5a4
SHA256: e5988349f48a408890b917e6f43fea7c8588f030cabcc8e7713c5d48a2486df7
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.ttsdaa
binary
MD5: cac8be0c891295fc03fdb8ed49042caa
SHA256: d9943afb678b39a7de189af1fccf257e9af6ce1996014cdb8b077877151ceb72
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.ttsdaa
binary
MD5: 607d7d7d120e02ae396266dc8f0fa478
SHA256: 00192447ec8f6daccd1ece734fa4e6a59242702d74100f5956ca74bc3b6979c6
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.ttsdaa
binary
MD5: 98be17ea7de19cd398ed68be369e1048
SHA256: 1aa00e84bb925c320498089d744aeba63f40c683af66c67f96c7ee2793043b90
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.ttsdaa
binary
MD5: 609cf623d78e838da00cd97a5a19d988
SHA256: dbb6f7d20af6ba8c4c25c076cc0c9169faeca5cf636cf904c832e8a58696456c
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.ttsdaa
binary
MD5: ac39eaccaf5dc2bef32f724ccd57168f
SHA256: 41d79d1df7c78170bcb2a8aaf4ca58954edf68514910863ebce3bebb0a6667ff
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.ttsdaa
binary
MD5: 1e87ee2f13487045e3ab57501f0a6b15
SHA256: c7e2f867351d0c95eb6122ada3fbf150186211827b28b955f301831c1f8e1784
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.ttsdaa
pgc
MD5: 1016f33d07f0d4ed9deff539f1c927a0
SHA256: 0cd51237d79261e31fdad99a700e01b335610c3e3a7f08cf9561ec2c0a0402de
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.ttsdaa
binary
MD5: 637358e407e5acc6ff94d72ad93abd4d
SHA256: 6f21f8c23f6a4888f17b19027a38a1c14152eafd98782fe580f8c25f3a585d81
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.ttsdaa
binary
MD5: 29294182a403613e832d3cbdf9376817
SHA256: a1befd1005b2b53673f6e749e0b2720717444d0fb1ebfd5bf37b60baca8000c3
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.ttsdaa
binary
MD5: 1006c651d7e3480458752e6d228a24f8
SHA256: 3eea0ed2b63df1f9b621260b43de85a4a0a5e2c55435a14ae1ea283691e03963
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.ttsdaa
binary
MD5: 7e6ba2824f6085ebf544e8da55780c7c
SHA256: 63782e9e081979ded465c1808f64f3520de73d3a332daefe5995a46321d19ebc
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml.ttsdaa
binary
MD5: 3ba117b537ed856cbbd33e841dc11bdf
SHA256: f6b82c86cde38679ab927b0758a24f90034cc39add0da370761a3b982b7dc32f
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.ttsdaa
binary
MD5: 0360531ae4ee3159427bb69e3c5bf753
SHA256: 539f59c03013dbf23f8d7af4757d271fe0d4e1b921913672ea8cb5f707965157
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.ttsdaa
binary
MD5: a552b12e14bffc0d922fec6958f4d5b1
SHA256: d34dc30cc0a3c0a28fc91c1f168442bd6158507688d0dc0a3a83198166630396
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log.ttsdaa
binary
MD5: 6371955cd1e3f95739af9432ac521dbc
SHA256: eb532e3a9eefab2158cb2bac3977938dbe57f3830a506e15899ba3e5f50120e6
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log.ttsdaa
binary
MD5: 84cbfbee6dc80e43859b69911426d6aa
SHA256: 27acda5554135512c811f617d2f728d4978831d9c7420b11930fc8083df5a27a
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.ttsdaa
binary
MD5: 799b4db267e67706dd9727217cdf902a
SHA256: 00359641431ced04aa8a77b12ab1336712ab4a42c25d1eabf150515de3063bd1
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk.ttsdaa
binary
MD5: 9d2df823b849f435e70de0a9a4f87a46
SHA256: 4d76ca1572ecf0a1562c516019a5729e1ab6a6fb6da9a2523d579960a0f5af39
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.ttsdaa
binary
MD5: af869603a1b238eecf5fe681d1718584
SHA256: 78a06070e0d433aa17938bec08ee18b0972aca51835673f5ff6826870c3d303e
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.ttsdaa
binary
MD5: ce6b9bb2e7a2b8df65dc7ca4ef70b4ee
SHA256: 76c7da9efb4aac2109e51d5f578b98d17ae1088ef9c4d1e6c45f39fee997d5c3
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount.ttsdaa
binary
MD5: a9a7b32b2ded325936dd261b2eb405ac
SHA256: 5a869d56ab09a0c181e61cb2ebcdd9cb41bc0e1dfe96a9a9be80856f66e53c8c
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount.ttsdaa
binary
MD5: ed398aea4d3389ed5eefad0c4953d514
SHA256: cae850cede581de10423834c82a3c6ba424aae7009d03dd52c6e169274ebbba6
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount.ttsdaa
flc
MD5: d0d25fedfa47abd699040c4ef78204f9
SHA256: ed46b4845c61fbe730686120d32230393121988a45fa5ee5e05406c44caf85ea
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl.ttsdaa
binary
MD5: 1df9a1fe7e332ad80a7986a5ce7e1047
SHA256: 04e5dce50bfca2c1cf5f88b9f963b1aa1d36adaceb6cf24c2f5793f70ecc4978
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl.ttsdaa
binary
MD5: 6a13527181d2df02a9efdf94d9618078
SHA256: 484fc352583eb8a4c8391771f22c7f14ea65ab8046386b653076ef85d47f258b
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl.ttsdaa
binary
MD5: bfbf9bf1ed5eec901727915070697017
SHA256: ce31f232086888d7083d6e56d8c4cb957cb5640023c8b7cd597fd171bdae0437
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl.ttsdaa
binary
MD5: 669aa0f6347fa96e79b6124610b171c8
SHA256: 026f17b97207d49e3c827c8fd02d33ad6a5ab54dd8c4340129d76f02f9053b54
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl.ttsdaa
binary
MD5: ae976acbae732b42b4da991ef62b906b
SHA256: ea0c472fe49ee4b4c243a9487e2a935c0811d1196135b4a499001a647adbc0c3
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl.ttsdaa
binary
MD5: cabd1a23ab12e65169bd8b293dec9a83
SHA256: 29725855a6e178e1aa7e15fa653e48fa905ea141c7154b7f44fa49121eedfa98
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl.ttsdaa
binary
MD5: 15deb855d6ec358d3735ecade21f46a8
SHA256: b09ba81ebb230a65eded70bf5e002abc20227e9480cb070c620f218f23e2a39d
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl.ttsdaa
binary
MD5: 160fd5219f455f973fd060f327e1b762
SHA256: b913355383a80e3653151bd2e15a64583f6c34621d1a4b2826ae121b39dcad63
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl.ttsdaa
binary
MD5: e22de3ed6178f5d182d90f9c8aaffdf3
SHA256: be3c73a8eac274e7c4c975afd401bae5291e0a7cd5030aa2f28fc2d488e7ddfa
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl.ttsdaa
binary
MD5: ae2b7a21576f0fa03e85c81e91aeee9a
SHA256: ff6a20e1035d66929b29b7d52a3c25eb746b985bc1e7162980ad2fa6496fe28d
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl.ttsdaa
bs
MD5: 512ebb86443e5b247ab1a1be21d2815c
SHA256: 00cc673f515ef852ac81910df5ca63e46cf23b57e5956dc323b39ebdbe52352a
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl.ttsdaa
binary
MD5: 5f8f99014d3392fb89d94d0acdef02fc
SHA256: 692ec629c4434c17e93f6cd2da484335e433970de57b374fc04a8d72144e9562
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.ttsdaa
binary
MD5: 4bd6dd9e63f330a14a8aa01e951bf889
SHA256: dec0c76f4c896b2e071b5802b5c4a2422a3745692a434125a705c6b092744524
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.ttsdaa
binary
MD5: 2fc5f3bba697a5a648264fd7fec9b231
SHA256: cd03252bd2c8ef872c700d800a998a5348a6c841ce82caca963bac3815b3958c
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.ttsdaa
binary
MD5: c559bff5e687e8f2f4aa3200ced69a67
SHA256: 250e789369fcc791b6e9001e262ea3f98b4ad408b35583437d71259c37a5d378
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VM3JD5NM\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat.ttsdaa
binary
MD5: 5ab5a3313a19d6180fe7694b85cb2706
SHA256: 956e82dccadaa1945d8145397109b148daa0bd3c04c157335171cc1924e89e05
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\G4PHTCUR\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.ttsdaa
binary
MD5: 580306f4fef65edadf7ef0f06e6d9ef4
SHA256: bc5a42a2418c94d81a0c80a8aeff9246254b3a89a600b00080786e7a488bcf8d
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\HPSK10OB\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\9RI45C46\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.ttsdaa
binary
MD5: 2190bed17dfa4fb4c13d2fdffd8b41e2
SHA256: a4dd0b10aa1007e576ee3b9302a17fe45993a61c0d44e0cb1ff6ad423b9c8f5a
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.ttsdaa
binary
MD5: 54fc57e980dc4b400e4ab7aaf0390b3d
SHA256: 40c446f0743320f66a383bbd6049a518b5b30d235bb3182c0c3aacc112d7fd9c
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.ttsdaa
binary
MD5: addfa62d487d63b98c63b6ddeaaafd7e
SHA256: 32effe5427b911e6832da610ad6af75c56bf18b35dbadba03bd15061bfd320b2
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.ttsdaa
binary
MD5: 40fafa25ecb17c45284e8245edae428c
SHA256: 8a073e9e7a2e022b98bb66402663daf9cb84da23f33d5858fed92bcd102d8b60
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms.ttsdaa
binary
MD5: 7ba60961c64bec164d152418c2b21c77
SHA256: 53898281b0777fec8d54bb8ede3da43ba1c8384ddce0d562bab9ee4a397101c8
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.ttsdaa
binary
MD5: 71b39a4ba3e3c2af59b32ef76c206dd1
SHA256: f54e3e70fb66b3362deda46789f9f04b4882f39c97f32de98895c8492a6bb0e8
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\Administrator\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Credentials\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.ttsdaa
binary
MD5: acd19c7819a39f8b3bf8698192df5d11
SHA256: 887d7dd4d2731b35878c9f674f27c8338578ebac3dd672817db06e9a36242ca7
2596
GandCrab5.2.exe
C:\Users\admin\Saved Games\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.ttsdaa
binary
MD5: 32e482db827cba5c371f68a7706d90c2
SHA256: 8744902639c3d06611f302748f8d88ca5eed0a317db63f34750dc314772fbf6a
2596
GandCrab5.2.exe
C:\Users\admin\Searches\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\riskaccounting.png.ttsdaa
binary
MD5: 75063d4feabcf7e835ea65a1bbb8c0a8
SHA256: 97d0942f83eea42b33f99dc84f0efc8fe13e5bfe3c5f18ddb62181459ef43f07
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\springlargest.png.ttsdaa
binary
MD5: e3eb329fec7b8617c971fa42f72552d6
SHA256: 0f26082236eb796216cb513fe0f754a90674a0c8e2169f755b1807d501b7d556
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\parentpoint.png.ttsdaa
binary
MD5: bf4e8d9526a8f843c10f40ad718855e8
SHA256: 4d3168a16898ecea74d26d2ce4fd932507f552a65001b02dcff953e11742b5b8
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\springlargest.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\parentpoint.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\riskaccounting.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\letsec.jpg.ttsdaa
binary
MD5: d7b090eab851ffa4af19a93c1431bd10
SHA256: 820b3c5862ea46e740fad306a871c7b9af12e975bf68f144dd9e3ce6b7b0a294
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\letsec.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\askedmuch.jpg.ttsdaa
binary
MD5: 9e743463fafba082d294dc25444a986b
SHA256: 58601fd56e7ad2d928e6d28ff5140ae9b0c5c8d3a8941c116e4f432729d2b175
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\askedmuch.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\ntuser.ini.ttsdaa
binary
MD5: 8be71ddd132f6950a90eec5c37d8ccde
SHA256: 3ca0516b386a681435c43cf9acb00cd44affac682c760316a40abe5f1c739c0c
2596
GandCrab5.2.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.ttsdaa
binary
MD5: 7ad041c71f3fd820792395c28195e60d
SHA256: 9970632a30a3a34f27d736c16c3311092c446731aa5f421b79b1a12c4c8362d4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Links\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.ttsdaa
binary
MD5: 68b60e0c00e843c0c02ca8633b1014db
SHA256: d88201ca98e081643863ef8b0c7a960b75b2d95638a80d804a97ca8bd3efd150
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.ttsdaa
binary
MD5: a1b0f33e659b7bd100277394ac3f5fee
SHA256: db5bc61c9da66f04093dd9e768f78dda34e64c3fe3c3f66c60494c094a15b974
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.ttsdaa
binary
MD5: f84f149a31eb7dfb17e3a280a193cf8b
SHA256: c540c02b301999d326d25cf258922efe102fa17a5b7efd21e1c7ba6bd10203a7
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.ttsdaa
binary
MD5: e04ef20fa3a7b56c88dbd3c0ab03291b
SHA256: b0e767c2137375170f82830b1f2f7725238934c0956bb8d4c6be66d12e7ca853
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.ttsdaa
binary
MD5: 9e9d242880a48b059a41558438b0bf9d
SHA256: 00e8a7b1506d0af9171890b977ea0d411e9cd7081304422e1ff2670fe4176d82
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.ttsdaa
binary
MD5: 5cd363b638ece2f5756020cd40ae999f
SHA256: db4faa8b6411d89eb4a602cead8b06e582692bcf1aa9a521ca9bbb113669441d
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.ttsdaa
binary
MD5: 669302f6eb6a7eeea45e08157787db13
SHA256: 07a71a7dc4e71cc39dd58c85e6a0ccdcaf8dffcec6f74c1dbbb527e25a7bb297
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.ttsdaa
binary
MD5: dc4c3afea9b22d66d2ad918991f17f26
SHA256: b76deba0e549fa5516e88fdb59527e7dbfaeecca725ccd7e724ff801a8141da8
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.ttsdaa
binary
MD5: 7c05ac5c618a66376b94bee9e477eccd
SHA256: 3ef7b7cc4894fc613ebd33b735bb6cfd45b1149fc3a171cbac08705e49796797
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.ttsdaa
binary
MD5: b485d59000c137eadbb4a769e940f86d
SHA256: 2da0a8cdf56918d7a5882e6fb555d48fb7087aead7199080a2835d87b85df980
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.ttsdaa
binary
MD5: b6e97ee5281c110d318f4e9dd17256fc
SHA256: 4752e6cba5b1843cb09d4dab2638999af8b220099a0e2ede0e09f80a86a48c04
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.ttsdaa
binary
MD5: 0c3bf7472c6fdfdef10624a6c980809b
SHA256: 53734c9ff9fb24b6cdfb34f81b09015f9ef32ef1605c5d624bd56c895dcb3263
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.ttsdaa
binary
MD5: 547d29d3383690914a307b993d2d3f04
SHA256: bbcc4649a5786b644b3e4aaf115429790042ce5df8d704192d9f4115617ae0cd
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.ttsdaa
binary
MD5: 85964faee9aef5f29a723d63adf1dd2d
SHA256: 8c397d96669679e09db7873d9a9db703c6f00ff389ff3b812172a7b4c9e8398d
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.ttsdaa
binary
MD5: f6bc8500cf79fdc26e458c22d4405467
SHA256: e8382ece175bf1d7d5aeb16006153de6034c19e0499764864512b59610129e9b
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.ttsdaa
binary
MD5: 28ba9e62ffe447456feae7784a59a4cb
SHA256: bc626be042c907f39d3347139e9a55cddbcb798ffa38919cec03d248d1b32b36
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.ttsdaa
binary
MD5: 21602ff49f42a226348597636a6082e0
SHA256: 39fe94ab8f0b292e0dd67629532645fd9fd74e1a9c7c16878baadad8592e7bd1
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.ttsdaa
binary
MD5: 8fa549796244d5edd543aa7b6544e17e
SHA256: 14d5adacfc6ddb4fa38999744c122cf10c5cae41004244c8b3763e3c15bf1399
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\programstoys.png.ttsdaa
binary
MD5: 92663e7444791f2a6ce42413defde235
SHA256: 1b93f930ec94ad4731001e7aacb709722a315b07a4c658f3f5d4c0803f8bc833
2596
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\percentlearn.jpg.ttsdaa
binary
MD5: fb7b21b3d02bccf410911a277d2c731b
SHA256: 31a972ae1918920ccad5646439af79d460d2fd477a97cf678c2589022974b994
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\percentlearn.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\programstoys.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\boxseries.jpg.ttsdaa
bas
MD5: da522035dd0188919529e9b1d55b4bef
SHA256: a9dd33311bcaa5da75a8a6c8648b4c237bed5467074b08168bb0b81e7951e7aa
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\ensureability.png.ttsdaa
binary
MD5: cf9a6998ab44e985b76cc3d89a3c966b
SHA256: b83b30cddc91d127ff825dc63b002ebc6e74b400fc17cc89315f759b97f6ab53
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\boxseries.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\ensureability.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\airportedit.png.ttsdaa
binary
MD5: 4934827c93e33142a22bd48e45a96831
SHA256: f3390ac4f848b1ea0a34c32f22b11d99effbc01cd521358447169e70fc6e1b4f
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.ttsdaa
binary
MD5: 662649b9dc5661e8412511ce871bcd50
SHA256: 3ba22ff163220cb592298f5f98f680ddef97641bd86ab0788b5c5685b785eb53
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Documents\recommendedfeature.rtf.ttsdaa
binary
MD5: d83c91813a1d7fa3f27fe312ad0f9e5a
SHA256: 65b3acf80c49d63e799c5dcb7d1bd955ce60f6661fdf129d6a4f4d4a7719c2cf
2596
GandCrab5.2.exe
C:\Users\admin\Documents\recommendedfeature.rtf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Downloads\airportedit.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.ttsdaa
binary
MD5: 4a6e812196c5facb2cd08cef15c3f807
SHA256: a906551792dfc5515def53cb5a198ddf6595754f1a73bcfa4f9a3bbfd9bb0949
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.ttsdaa
binary
MD5: 6febeb887fb3ebf3f5ab5c287d786208
SHA256: dbc0e299be478f164c25b3ed270e4ba3260a06181cddb70c9758cb15b3a91462
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: 91266f258b51a9a34e65c409b2bf1e35
SHA256: 0e665b0fcd877b097406c85372b9ae818cdc6171bd42a9715a2888f7da36fa37
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.ttsdaa
binary
MD5: 40b91e3ad97a5f46981687f429a3bb7a
SHA256: 2a08a9218af0389e772547f80bf226bec8373568c2588d1e5b504bd6c0b4ead5
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.ttsdaa
binary
MD5: 87617ad35291fa7aa60860455178b8b9
SHA256: 2e50e54a105ac076aaad05fd53881836045f10b4eac6c1734983db3eead1d637
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.ttsdaa
binary
MD5: bef6645bfdbf43a5258a86ecd041878a
SHA256: 93fd91bbff74b9fe40183c97a764726ea062f44951cbad916cf66f9ad7310eb1
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.ttsdaa
binary
MD5: 9db9ea8cea4b49fc7acd7ac979f06a35
SHA256: f98175414ca2a414a9241a58d42ac623c840ad6295041b7fb29effbc7c069ced
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Music\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\usefulnotice.rtf.ttsdaa
binary
MD5: 4be89cdd1251f5e3c4d4ab318775808c
SHA256: afdbbe92aa0cdfab5ed5de43d3750ab1016d9d450f153e914e5e9370c347b556
2596
GandCrab5.2.exe
C:\Users\admin\Documents\oldwater.rtf.ttsdaa
binary
MD5: 2f1051016f0fafcd6ae8f586612eed2c
SHA256: f0adeb467b7c2b61bf51eaa943abac3ad01ac99a312bb6840cae3c085d746f1e
2596
GandCrab5.2.exe
C:\Users\admin\Documents\abilityjun.rtf.ttsdaa
binary
MD5: d5927666fda168fd16c72c14a3234d04
SHA256: ad0ecb183b997c2935ab62f29f8f38605c0ebe53d8342f8df2d01a0fc52a0f11
2596
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Videos\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Pictures\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Documents\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Documents\abilityjun.rtf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Documents\oldwater.rtf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\registrationcame.png.ttsdaa
binary
MD5: 210e844cd9b4fcd4e45bf266c67777fe
SHA256: 1f7f45de8bb6009c2d4b36e3e4e50cce3a141f051018b1b6affd34dd8e2424ea
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\usefulnotice.rtf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\registrationcame.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\finalthrough.jpg.ttsdaa
binary
MD5: af649d336ad09d193b4867429754872d
SHA256: 1772db4d4f3465c8cc2bf9d238e947b46c2e3095da510907ba3b179e24b12ed4
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\fundglobal.png.ttsdaa
binary
MD5: 2cf588bb721b3f94d3a43e6586c5c3e6
SHA256: 6a46f6e6a17e35079e777a05aa2ca334d35cdf09dd146394694ff3bee26acc5f
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\creategear.rtf.ttsdaa
binary
MD5: 46bd48388997069db8f218fde4d80137
SHA256: 4ecd8f5eb9fc77c54807711c854e47901232f73283ae52c71c7d94ae41eb7262
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\loveinput.rtf.ttsdaa
binary
MD5: 9fd97256dee222acdd950c87f5d13617
SHA256: 8c9f227425c25f7057795a588e97e02d05bc7b8ded7a32207d2e4ac1c8fd39ac
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\finalthrough.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\loveinput.rtf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\fundglobal.png
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\Contacts\admin.contact.ttsdaa
binary
MD5: ec9af6fba058e18f5efb26a3b87beba6
SHA256: b6a243597046542024fdb6018354a09e3747fc9bb37f5a0b060308ba6c040acd
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\beginningenvironmental.jpg.ttsdaa
binary
MD5: 7137186d7360b8fc08711877f20db47e
SHA256: b184b2a24d059f13d287bbc0cc3eea285998e4828d4d23e093b5c240a2fa21c8
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\beginningenvironmental.jpg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\Desktop\creategear.rtf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.ttsdaa
binary
MD5: 5e852d9257a6a26155a6fa7fdf672da6
SHA256: acb055ffef3d88ac1e2564304f2b28cb5a1ad9772b679ab3893e4ccb1775b5a9
2596
GandCrab5.2.exe
C:\Users\admin\Contacts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.ttsdaa
binary
MD5: f8d6e5eb69421ae27ab9def0b0c30845
SHA256: e42d201efc85f07fd66aa66925c4a85221b1fb517bf0ffd5c90a005139f4be2a
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Sun\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.ttsdaa
binary
MD5: a1cf8f09e5cecf9a09d06e4f84f592da
SHA256: e75fb2e438d6c7c83f8b495e23e23d9277426032f4746c1a46d96d3a4dff3dcc
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.ttsdaa
binary
MD5: 433ed932e2b05c1103a49d8b519a3139
SHA256: efd3b1e26198abe002cbf696e911c937bcd65eeab387077f09a185533737ae74
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.ttsdaa
binary
MD5: a08190eb37ffe00e68ff8a4ea278190b
SHA256: 3df29b6024039f30e837c00e4dbfe0ff0dc4384f5d32faab85b6d4016060263d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.ttsdaa
binary
MD5: 56e01a50a70e4bf55128dad4ccc73548
SHA256: 92ae8876a9133984e3ee2db202836617830f25a704053d93b1b4fc9cb6a308d2
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.ttsdaa
binary
MD5: 9d8906a5340ab0565627aa348a746b41
SHA256: 3cd6722cbb6453e02235c67a24fb5a988efbdb846408392eeec236134ecf043d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.ttsdaa
binary
MD5: 0acfff7e9c8a734e492e9fa167b293b3
SHA256: 1479555bb14fb3a8205df5fc2332a68b572cdf29194f615846714da970957d59
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\logs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.ttsdaa
binary
MD5: aa5c8d51133a358774543c7541b28fc2
SHA256: b7082896056924e5c3e88c6bf42c2d8d5e1b33eda312a20dca43febbbba8f4d6
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.ttsdaa
binary
MD5: 7ef95721ac207442ce251d4ec0e2d795
SHA256: d3de192e693a2722c1224955e6b9d33d9298103862072c32ee87998e08bf20bb
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.ttsdaa
binary
MD5: f5b9a19981c458c89cf5404bf387cfe6
SHA256: 89ea66017a5d686f4a24acef251da31c62e3d98076bdc39208fb961637c56832
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.ttsdaa
binary
MD5: faabae9c8f743ecbed42de6e63786e7b
SHA256: 83b054e49e2b7e95c176c0f3bfe278483fe615a4528d1ea2bcf426e884c543d3
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.ttsdaa
binary
MD5: b386eb16bbc5203779ea5a53be9dff52
SHA256: 3a1fafd9a3d6ffdb775560b4176159b6576aa642d567cdea1a452df8ad2b7d84
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.ttsdaa
binary
MD5: baf6ec812287f47168cdc9f0d3bff9cb
SHA256: ca01e0a40b7b3a421e044e350cc257cc3b72165ed2c3c791188cbf782d4fc76e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.ttsdaa
binary
MD5: 3f1e22939bc0eb684a6eb015f9f1f15f
SHA256: b95011b7c1bda2b4a62da659cc11e151b1adc0407d65f789619ef9b97d79d501
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.ttsdaa
binary
MD5: ec683645c5857096ec7369ba8561f24b
SHA256: b8bf45fcfb1632a1be613e8fe079a4ed3f4ab6771e90b0d363d9f184121dd4e3
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.ttsdaa
binary
MD5: 73140b636e6d12f254495fd9975514b6
SHA256: f35d68a81048668645c6eb047fc6b459991540dfe0f0599c8b6c20327839ba16
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.ttsdaa
binary
MD5: b4cdf8df912ee0ac5574a87af5f95ce8
SHA256: 415e44082e15c78bf5f52edc2c54da51f327a89d58bb304e88a5e3e8531205be
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.ttsdaa
binary
MD5: 7c9e950d6628b5a1a3f07e6ae3fda86e
SHA256: 7e6e5309b5d93ab70d17c241afd9cc39f5221e6c99f18ab280e99de87fe563c2
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.ttsdaa
binary
MD5: 8e2f6911115384b731f41e71b19af4e0
SHA256: b0e91056fe9c36484b998b8a96b13957f30d5979443c74faa14929d373813eb4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.ttsdaa
binary
MD5: 101ae99dc3677f6518aec07e71cd481d
SHA256: 2a32f2faabb391542f221fb98ea750c96eb063b65e9599e59093a300f4ec2ad3
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.ttsdaa
binary
MD5: 601c554be50fcbe94422913c3d090220
SHA256: e5fd1a25c5acc3096108ebf5ef748e4927acd8e3a6769e246cdb2f62623093de
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.ttsdaa
binary
MD5: 70aaba910513d0d5ce38c8db0afb0753
SHA256: 99cf3dd14ba2b0d8b9eaebae7615df52a94e533ab31f0132bb68d54bb14df61f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.ttsdaa
binary
MD5: 672b6cd25a0e5f6e811fa9f8db377383
SHA256: d26623f8819bdee1f2e3082d9ed8c46a7566a1380bdcccc4b3d6edf9f645856b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.ttsdaa
binary
MD5: 7860d0d66a7c49ef23ee614c17201c80
SHA256: b15b890b671415464f1adafd3585b90a41c58f448324594d60528ce91be89624
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.ttsdaa
binary
MD5: 72c5441b53f2fcacac334d1168ee0d47
SHA256: 43ba025de719f1c96d03edc556e22aadb469eb5c16c86755bd690708b59b4514
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.ttsdaa
binary
MD5: 61a00638ffa7bbe299ed36333a769091
SHA256: 40226c5ca19ec6f28aa5f569d24f6909b1ecdfe65ac5ffad501db0eb141e86c0
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.ttsdaa
binary
MD5: 96cffe557351f71277e9ff9e54928a0b
SHA256: 526645b6696e08dc89ed702dc20b634169f1731d28df456cc2fa834cde5ec231
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.ttsdaa
binary
MD5: 2c183ad882ab1e29c19fc381bfd091bc
SHA256: 923a1c9290b9d85ee5687cb7c49ddd393736ccce423ef58b385022f34face41d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.ttsdaa
binary
MD5: ea8b449500fdd4e951cabcee0d7017ba
SHA256: 58aa6f27fed4d6b0c3d6315a1178f3a7c76bd57c12483e63a9d5a587222808f8
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.ttsdaa
binary
MD5: 6373d284c536f05cfb1a1ebaf04d3fb4
SHA256: a874c1f5704676b5194a14fabff08d5133abecc5617ac60e40fe70d57401572e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.ttsdaa
binary
MD5: 74e56850867ec6ed8142ccdbee8b97a0
SHA256: 3d18586afe1fe855350f56cc1df66d8ce2e0b93d55c92d4c933285f2071f1289
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.ttsdaa
binary
MD5: 699c5cc61ce70c9a23b745be229dbfbe
SHA256: 195f461ec47114cad65917cae9433b7675f597321133774bc6e25aa9f62350c8
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.ttsdaa
binary
MD5: c388d6709ff258838cdc937c8022dd17
SHA256: 4849d124b24ab45230b8945481137a801520f079387e03a5c30206e931c738b4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.ttsdaa
binary
MD5: f02bc4ecee5ceb259b0f628d57f1e390
SHA256: cd2325614d6e39198c245027715f9bcd109cc5d76b4c8f2e11cffc8a22275b2f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.ttsdaa
binary
MD5: 26552beea047d740cce5a0f59ce2a1ed
SHA256: f528d34e68281e87783ea1db2931d165163e3d68f1a49fa4e09fad88ade89299
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.ttsdaa
binary
MD5: c88aca884243f50f29d4ca7441c54cdc
SHA256: cb92504176516d062fded5c5d3315b80cad954ff5a4cf6fd1154ae137ab364c8
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.ttsdaa
binary
MD5: 44fef3c59fe0ce1bc1f6a096d8cdbb1d
SHA256: a8a076b9a43314e9fffb08b745bebb59ac5a7ddbdb6e59932e28aec06872179d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.ttsdaa
binary
MD5: 21c8de03507d33910687caa899e16cf9
SHA256: 236ed8abdce8ceb6a3877544e7e513262d2e5a7b4b13605b650c31c2090eb7fb
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.ttsdaa
binary
MD5: 1181c99aba94fcfc7b3299c800c79e4b
SHA256: 65419b868eb08091d3091250f36d8cfb26dbff18fc6d04dbd428dae969c4ce8f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.ttsdaa
flc
MD5: 4e8db9637f77776c99c9ad8e684dc279
SHA256: 6d1673ef218ba721b9b2d91163251e03ebf2b9494319fd7be6b1a5d11a539790
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.ttsdaa
binary
MD5: 641d67ea0fb5e75fe95317e159438c6c
SHA256: 90f6ea3cc938d658107e765c63fe48c4f7e47b33ede6d458cd0c63fe6badf7f0
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.ttsdaa
binary
MD5: 944afd5f12a1a7bfeba8215fdb7ac14d
SHA256: 2fbd775b5c3b8a5bf87c5ebfcfbe912c53c50b3cbabf62847692090d7aaa4249
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.ttsdaa
binary
MD5: 238a4d4d006a069d8a7bdf4c8cec5c66
SHA256: df87236a01b7396801703292dc63728c2124dd9245d9923a21286c76279c94a7
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.ttsdaa
binary
MD5: 9604942dc09812e6f11c1be9154ea378
SHA256: 70e69406f661c2b2d516c2438e6a895e54572c05455520b54f55cab2cd90c0a4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.ttsdaa
binary
MD5: e8caad6463924f348b7e8f5c347605d8
SHA256: 8b2c68b745d09cc50780c768e333e1eee2347a9500ffe33c20eb1fffe4c043e5
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.ttsdaa
binary
MD5: 4058e229b277372568ae90e26f271a61
SHA256: a6efe0370c35477524c633d18c222b28061553e3fb724ed2f13e20790d19665c
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.ttsdaa
ini
MD5: 6714393ed798885bae3f843e3301c208
SHA256: 6086d03ec8f89de5f071e00de076ce8a840a99402e1ac6b9de0b834694c23390
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.ttsdaa
binary
MD5: 8ee893451f93d77eafc1d7091ba0d2b9
SHA256: 11504494a5d61c2617084fdc07dfdd203cb78d6e563195eba76ef28a9f0f61f0
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.ttsdaa
binary
MD5: cf112df8be709cdb280522d6cc1971ce
SHA256: 854e6aa6dd36e438c0c05533ff4b677e01f934d3e33907b3cc3ab744d7d75f4c
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.ttsdaa
binary
MD5: 3176b782029ffc9553e5bfb7036cda1f
SHA256: 83b5ddc7d43a1bf2bf6715ef3b616845066f6f3f62173f1b40e9521018501439
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.ttsdaa
binary
MD5: 85ac01dc3e621acef109571c069958ba
SHA256: 56ed01085c62e2970ae3970c6afcb7ab852ed8e5e4a518029d63dfa2832d39a1
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.ttsdaa
vc
MD5: 593cebc1ada378cdca5d2b56f270aa66
SHA256: 4f888ce2ba29a8b118374a79a8875db128040558020e31a350b49e22710fc88e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.ttsdaa
binary
MD5: 8c6d75e394f02aeedd6400ee8cfd27c1
SHA256: 3ddedcee5373342f56f1fee9722ab39eaa4e5e74c516e4da5ca1361204356598
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.ttsdaa
binary
MD5: 51d7793c729b4532019f358a5e3b72bc
SHA256: cb51f9a4c81eefab7d5faed247f8b4b45b4e9378ed6444294443fdd056189296
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.ttsdaa
binary
MD5: 2186769f748c6d3bb3d130ac55f4047f
SHA256: 1cd11cef29299cca77658ddeed09df41bf42a4164f1510da04725b67f7a2ecd0
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.ttsdaa
binary
MD5: 6b568ed0ed832657fb14ac7cea5d5f64
SHA256: f75f8281557b1aff9be00463e4c23fd7dfe13fe25afe55d472d3d0077c84be1d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.ttsdaa
binary
MD5: b88ad73c5fd376eeff4a62381477d520
SHA256: 4ba5a07180fdd62343d69b31bdc842e78a63bcdae48615659bdb131d5285e7d4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.ttsdaa
binary
MD5: c453bf7cc14e5ea41ad134f89fe799e7
SHA256: 8533635d960b6738c86d87d0d7771ce1be0c5b5bdfb6d1177484f370c1f9a58d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.ttsdaa
binary
MD5: addd224250324ab3a0f2858316b4b3fb
SHA256: 98b649fd37a891bda8bb24982b294b9b94298e0bc8e044c3b8b40199a3ad5fdf
2596
GandCrab5.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.ttsdaa
binary
MD5: 34b2b2df8b4ea8ae3e6dfb74511a4678
SHA256: 026e36c0e318ec592a802e56ddbcecadc377f2de5a02b592100b9879e1b01ff1
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.ttsdaa
binary
MD5: 5bdba9b434b8bb59556c885556734880
SHA256: 1016a46dcc2317a0726ea5368f9c68e3d0a450c5dd19e68626739e1ca8da6687
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.ttsdaa
binary
MD5: af8075621f0104c523ea7f095b5351f5
SHA256: 25529ea8535ebb117c80cf0dd81c2342c384a9ddaa429f80739d97a2822529ea
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.ttsdaa
binary
MD5: 59036de48a76eac1b6de63aaaa9b52f3
SHA256: d97bfa5ea65e6c7c38ae12a467ae5c25410b08f16c6a9ec54a303f3a23be5f09
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.ttsdaa
binary
MD5: 9d93630cf1164fee05622b53524684d2
SHA256: 51a0057511df63073b576cd4e417cca57503356481959b3f11509406d3020256
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.ttsdaa
binary
MD5: 547b02cb097475800a19fa8b50d8a077
SHA256: 0c2214a019777ad8c00ca9f85dc3d16e1b77a91d8e8db9a7c1b9406f5efb7355
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.ttsdaa
binary
MD5: 5e7df012e1dff142473ecdb860ec2ce6
SHA256: 2e6975e1c2f6bf60bde47cceb6075dd31c68c6146d81967d033ede59212e4f10
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.ttsdaa
binary
MD5: a4b164a8a21b5b7b8361b48927b1a938
SHA256: 9426f45998cef85c078c30bb47a8b4a3d94dd41099c6bdc4da41fb535c7ed198
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.ttsdaa
binary
MD5: a2c3d7fcc539a4e5d0cb973f18bfcace
SHA256: c14832f7837692c60dd6f6b044fb748bbf609da8d0643b4ffcc9d459806de1df
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.ttsdaa
binary
MD5: ad93658b3ece5b9a47e78e013a13eb4c
SHA256: 54915113c00b94dc4a674387ccb8eb67d7cc0f2c8c43712d238b41a7678bcdbf
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.ttsdaa
binary
MD5: fbb5eb4914dea99316597e11f06210ad
SHA256: 21b7234ab439a0e58edca2f1352349360cd42087075d7ac8f154562d2b6edfd6
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.ttsdaa
binary
MD5: 832d5258de30a827f605dbcac7651825
SHA256: fd3ed16d03bcdeae4922df87d02acb7d53fa3c7c2c33cdf133c5b3da412f60df
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.ttsdaa
binary
MD5: 1022eeef8508c02802654e1fe875dae1
SHA256: c8b9708adbfcb6e608833a1a410571d4cf028c936dcb2562a9adb1d2009b27ad
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.ttsdaa
binary
MD5: 6b2163568d781f2c8769f1517f78d631
SHA256: 1e2e145662f1debbfa78b8092862741940cf18132ed914a32badab4171509ae2
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.ttsdaa
binary
MD5: a59675ea92c7a138ee694dfc2a13006c
SHA256: 9e9ed8f37f56c640b31b99f1c845797e0ae3a1a63dbdc661724bb5b95b8349b8
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.ttsdaa
binary
MD5: 5b79c1a76e4058f32c0fcdb3a35d8506
SHA256: 371b48f12672dcd28fd0f50760356cd9f0777f5133aa5f4198d758a09a743216
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.ttsdaa
binary
MD5: 22c7834b3b31a30e76e1f4842d7a6873
SHA256: 0e9e29a7fc219597207aa17c6c9b18c6ce66e57fcb0dc552e81d5e6d793a92bf
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.ttsdaa
binary
MD5: 6bfac6a17d9c4a167b60f03c1124f96a
SHA256: e8df28e5f0392a721a1ee944cb08022e926b30eb2ae2b6789110b1d024325468
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\journals\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2.ttsdaa
binary
MD5: f0f3c56ebdd35f1647beda76f395e5e0
SHA256: 406349cb7a7caa51bfef4f3859b0c53ca403634e7fa1467f55bd244cb3355b83
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.ttsdaa
binary
MD5: ed11921a0ff3415c6a997a20455b64b6
SHA256: b5b1de03f831331fe0b140f18fad8b0bb6111f79e79cf805350d754ad766209a
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.ttsdaa
binary
MD5: 2a33d3437cf208a04ba83797e405eb87
SHA256: 4c390b87e8d9cb45376ec22cfdb447fd83d8b3a80945ea6783c179cc1a3ca377
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.ttsdaa
binary
MD5: 74a6f04e2e636540a96f6c0dd7e59d82
SHA256: 78ad51aeddf7af3b803f2bcb9412c562434393d3bd886ad9da407548881e489f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.ttsdaa
binary
MD5: b54dc3cfdac0b10c89c13bdabf013ff6
SHA256: 94c77f689fd78f776172ddd9ad4835f0828f95514d976ded59c071051c2852f6
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.ttsdaa
binary
MD5: f5a97d16fb31e295513e0744a6c73f46
SHA256: 44e7a5be0077d4daef7c084bb3b13f761e3d3277a3b56662eb9a6e069170772e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.ttsdaa
binary
MD5: 1d78eb5cd0f2f273f2765a91394081d1
SHA256: f9fedddb16685e30e8b897b02fb43c823f0856b8f8ed40164d8fba7b89679b3d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.ttsdaa
binary
MD5: 76096e566ad4df5defc33b83836616ea
SHA256: bf21a3d01d3abb29c0a4239cb8c69b4e4e925627e36deccfa9243e31ed9c6d4e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.ttsdaa
binary
MD5: fb1eb4add74cd01ba0ff8c1313eb10ac
SHA256: 1c0dfba3973d54d834d7c9680c5d0eecb3fbda14490ee702e0eed1609848ffee
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2.ttsdaa
binary
MD5: ab4bfa8014e514b64e349e02cc13753d
SHA256: 75301e75bef6bcb68a73a2254a160c176656bd9e7df87a02f35bcd4d8efbda86
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.ttsdaa
binary
MD5: b8bd1576941c57c953697281619ee72f
SHA256: cbdfdde64d0d2e5bab333505fc802b407b07a89d73370ffb028c1aebd0773abc
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.ttsdaa
binary
MD5: bd824708c569839523893e6fc30601f1
SHA256: 4e5bb73fd839c0adfa3d1126d71ce1e10bf7cfc2d6903622c19796ef33dc5f61
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.ttsdaa
binary
MD5: 2330c2473fb3da180e24d912eaf2c58b
SHA256: 8b66d50bcd0a12504a1a7c800ee5c2d9f499ff2e98bde29c12c7c75cf3916848
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.ttsdaa
binary
MD5: 9d240ed2f7ef96e6114a9a07fe392ef1
SHA256: 85d8b10993ab0cc94bfc59c01c492a5890db1b6f26f381cdd61da1251c492694
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.ttsdaa
binary
MD5: c07331f35f8a8700e7b482e2cd5e2bc0
SHA256: e1352c212eff157e64f25f7d6c0e300383c53cdf282e0df46caf6d12d2a3379a
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.ttsdaa
binary
MD5: 4a24bc116ff70ba007c7354911afc072
SHA256: 74d174d514620e778ad3adfa075fb958d9e434e652f5ed02e951a2c46400a1dc
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.ttsdaa
binary
MD5: ef0b0adc1eaa3fdf5d3576fcb1080068
SHA256: 3d18f76aa393b93319fac33c6153e026095acb1de1b796dbb81f2bd28515c5a9
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f.ttsdaa
binary
MD5: 7cd6b6f2117b0ead741a8e9e424cc2d0
SHA256: d77ee9916c4db76d906fafad6b9ca887e0bfd3dd8b98c52605c08d7e766c5972
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9.ttsdaa
binary
MD5: a703ad0b20d8ff85979ae4bc22ea44ae
SHA256: 27d72dc101f47b972ad83d8308155231778a1adab5dcad08bf12a4259d550e2b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\3385f807-8392-4197-af83-7cd884348d97.ttsdaa
binary
MD5: 7a9c05ddb42ff03eb4e41404965c6949
SHA256: 5b1f9f23fe9ca419eb923d2abab5d91b10927b47e4be3a0c81a2da13310c09e3
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\3385f807-8392-4197-af83-7cd884348d97
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.ttsdaa
binary
MD5: 94b9bcc073e0f5476f43592ee2e6592c
SHA256: 33513b944796f7589a008599c80277436eacf9049f013dae4309d110b8c07da3
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.ttsdaa
binary
MD5: ecbaa675eb7cb8a4747bc95f35006559
SHA256: 9dec336965d919d630db7b8994d0151e8f51961db70ba11ab3f8f5b690f0051f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.ttsdaa
binary
MD5: 4ed68d5fd314910c055b63a04395896f
SHA256: bfd664bf48e132a0989aa18ef86844f7da16bd6e42439826ce9caf547bfce42e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.ttsdaa
binary
MD5: f94f76f514a0ec38c0369306187fd744
SHA256: 378e992e28b71a559ed39f2ed75a9e2bdfbed29539503348ede84c3751664e43
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.ttsdaa
binary
MD5: bb3e8e98ef92cf591fd829984c6b1c43
SHA256: 56f27f6d5562d088dd6d2bc7de3da7314cc6c58c56f9c1dcecb717c7579b129e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.ttsdaa
binary
MD5: eaa595daf05e9216e6692412f4f8492e
SHA256: efa405ce922af4d3c568e13fe6b3f20a155b30b497513837f305046ce27f4043
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.ttsdaa
binary
MD5: 0f8f3a818d9c09b10aa4d0ebd932cee8
SHA256: 2b90c6ed95243633a05c7d30a11fe5c8b5ffddd03c39c298e74bfe1f94191cad
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.ttsdaa
binary
MD5: b5bffb36c4663df2a01b799790eeb92e
SHA256: 4086bac701b923db2104ad062bd44297421f0c2770f78e7958f5f860f2e23937
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.ttsdaa
vc
MD5: bb99f3d921ee4c2d541600d6644ac15c
SHA256: a637403da3e667d3b6face48a758f9a1ae2cfa3567a5cb07f5a0d9a95475f3fe
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.ttsdaa
binary
MD5: 478a0400d8871c0c2d52a05169d04f85
SHA256: 9fa67d2b5ac833805335dc0e43318aad44e6c142fd6a534c80a6cc5f16e43f53
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.ttsdaa
binary
MD5: 7600980b745374ab8bdbe9a1347e5319
SHA256: 09c2c81dd64e9b2322b23e65cc110197673e67c99e06f205367f8ead1b2edfb2
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.ttsdaa
binary
MD5: 194b349245b7281e67d9ad86db780515
SHA256: 09ce054138dd1b4812e08f8d5e5cad7d16b70497a5e0aa6b2c190b4763f2a609
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.ttsdaa
binary
MD5: 2fa42c13bda11f3e995b213c4ba5f270
SHA256: 2673e561e5abbf4805cf303cb101002eb2920247826b815541f92c1b77b30fbd
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.ttsdaa
binary
MD5: b3b67a3c360545179a481ba4e0e22117
SHA256: 89012a5393d2c89922d0953f4f18fb73d47790095a1eb9bdd5d4ef935feba60a
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.ttsdaa
binary
MD5: 86bdfbb3c7b720744807caa451656d00
SHA256: 6585ceb2b3db0da34a43f230d54be697c98f913d09ae8d4ddcfa2b1a8739415e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.ttsdaa
binary
MD5: 9199a6cadd5424e1da1ceb44bb9cacbf
SHA256: 30624cbcef3013c3de3c64421b21f277f71f4bbe60c20bff5ce4d3c06506dfc2
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.ttsdaa
binary
MD5: 9388170ed3cd6d8a96e9fd59181aee90
SHA256: c1ef0a8fdf979de7605be2870711f65e1b75f9d25b3b24db7c319dd4ae0e3c11
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581814.31cfc09e-97b0-4f3b-bbfa-28179d760902.health.jsonlz4.ttsdaa
binary
MD5: 8ecd8e28cb35e66938dd932353f8697d
SHA256: 00a3fb4008c3a11eccaabe72e21e6d2957882c2e8e0a12d22ff70d058b3a6483
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581827.d57f8e85-a9db-4480-807f-44beb4836c33.main.jsonlz4.ttsdaa
binary
MD5: 4aae075c42177627fd5e6cd463fb172b
SHA256: 7441c1e8ed32e6999bf4d121c418f32f14dfb7609fea9e0e81a8436c4f9aa480
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581814.31cfc09e-97b0-4f3b-bbfa-28179d760902.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581827.d57f8e85-a9db-4480-807f-44beb4836c33.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581794.3385f807-8392-4197-af83-7cd884348d97.health.jsonlz4.ttsdaa
binary
MD5: e9862931ab064f0cac610ef5e13f1224
SHA256: 8cd12614bf4259d7dc6dbfb5dfece879393cce72aacb545ba12daac048d36944
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4.ttsdaa
binary
MD5: d401e4bb84f169b33fed2222d9cba0b5
SHA256: 26c01b21107b33baf9749fb9027521d202a93aa5925ff962b516215f38e90b3b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4.ttsdaa
binary
MD5: d9a718c6fa30bc45976ec3aa3f92e8a1
SHA256: bc744ca5766865d3dd3bcd9dba3fad6911c786647a466ea801f152eb3af32ec5
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581794.3385f807-8392-4197-af83-7cd884348d97.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4.ttsdaa
pgc
MD5: f0eb7167674a9f221fb417817a89f055
SHA256: 64b908132e8d4e55bf368583dc1b0d91952f5eaceea957222037581bee55f9fc
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4.ttsdaa
binary
MD5: 52e0d0223920ffe4792b3a529dd65f93
SHA256: 5264afb1b00642f1a5e00030f1f1cd3bb31dfbd9120240be95b80b63910c565c
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4.ttsdaa
binary
MD5: 7be601611ddf35438a01945dbb3d9f38
SHA256: 1d5ce74f10b9de3d1f6e99e7cf9bb8292e993cad48d9b882d6d0fedd08cec3fd
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.ttsdaa
binary
MD5: 9630accc23283eb564d37c5f340f7b5c
SHA256: 6ad24dea8451d43c01b887c49bade09cc408e263e2ed4f5285f7a38d96894719
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.ttsdaa
binary
MD5: 464108a99ad4cac638b6c03a090398b6
SHA256: 0c8a6247c36d2528b5d14722a1c780157cf17b06bf795d169f3e6a5670bf3c53
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.ttsdaa
binary
MD5: 05be5fd72574c353f314eb0eb336c175
SHA256: df5966837ec164b9a4d05d8c34884438102984fe77da530ebd676c75d1ae5e24
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.ttsdaa
binary
MD5: 1dfc43efc2247fa9cf4d4d9c7228bb50
SHA256: 3a8d3b9cea9f03d072f45faae046819dc50fcaf20a70ba6aee874bb5f6dc118f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.ttsdaa
binary
MD5: f3e25c32550f4ea1703087bd9c07c2b2
SHA256: f42695e734d6e765dfb4fbdb3f3ac61e6914b8299e802359027a8248fd4c4f54
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.ttsdaa
binary
MD5: d3566fa24a02763acc4685141626c79d
SHA256: 3d19db4d62b6291630d16db41024de8e3252689b52e7698fe68d8e455742391f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.ttsdaa
binary
MD5: 348b2154d4ccdf001e8768864745c926
SHA256: b8c65a229bc3cf74795f9ba8857e064627f5b7c0bd60a52bfc15467e10e7a189
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.ttsdaa
binary
MD5: 5d06f5a44264fb893121a519ecbecc56
SHA256: a03e4f85700b60221e77b9a2575b496fc37e49d97cac8844f68fd0625c0f6208
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501.ttsdaa
binary
MD5: f00bbc4b71cd4fbc6626257c7b50f3e4
SHA256: 84184b400cc9b5835be6e481d50b6ef990b52e9054473b3494be49a9a485d4e6
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.ttsdaa
binary
MD5: f55b93d6b15223218b2b3a82eee28972
SHA256: 02231997f3dffa9c5cc0b12f5096292081c31d1a3ca078b8bcc9391ff8a2f937
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.ttsdaa
binary
MD5: 90ede56b9af01becc47858a22f3582e5
SHA256: 445840be6f3af991e3fc5dca48f99c2ba568611ad7f43a5d0d03de4f91cba8c4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.ttsdaa
binary
MD5: 177ee45fe2ec22ec87e4162d7e0b7082
SHA256: 826101f4c6b7ca304bd24a174b85385cb602e4ab0f5c2fec59a8c496bb27c5b1
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.ttsdaa
binary
MD5: bce2a23bf21799cfd0d91f265924aaa0
SHA256: f9091d3cd89cc407b3f88e8d8b5e545c2f1f093028fdc03c9f3609e97563c19d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.ttsdaa
binary
MD5: 5e52121c3dca1192bf3e9f923415c843
SHA256: b1e94a876adb7bcceafdb25bcfaea0e4b807aa95210923c4c25e0a5bb3e456d4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.ttsdaa
binary
MD5: d2cbaa470c585e8e20a0454ab33e61cf
SHA256: 8071146a75544e7ecfe8d779b85e7c380e675d8decf948fa01fe4f04dfa89a25
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.ttsdaa
binary
MD5: 6c187e03099331ad1fa9bbaedb4dc867
SHA256: 5e77c703f3e18995bd07b4867f04d180401eecc91ca567807a1d3fb4deaae2ac
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.ttsdaa
binary
MD5: fea5af07fce68008a911b4f9a4620164
SHA256: e5969783c7cf60883ed8fbc30bfc772d055986fbebf977d13ffa7a9d71d83f68
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.ttsdaa
binary
MD5: 9cf1d82b468a0a5aeddd8db3823c64e9
SHA256: bdbca660f73481ec8c3d32255494be41116cb87babb2c36313484cc1eac22d53
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.ttsdaa
binary
MD5: bdfc558ba7deff05f9c89e61e32d7739
SHA256: 232de00fc440dfaf4134c256d105c34faea5d54005be0e6195bd7b914bec0e36
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.ttsdaa
binary
MD5: 7d787cf375860c7edf209da64fa8669d
SHA256: e2e3fc2c1d3851fc95b68cfed6bb61e64c036ce1d708ffdac96d06cc92a7462a
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.ttsdaa
binary
MD5: 0752d3d7d846b7f50b8a5fc4817f8141
SHA256: f69c5662635694fe8fafb19d5289ac684b525e202076312fe4aabc4874394980
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.ttsdaa
binary
MD5: 823b57abe9f66acc7029804237e69311
SHA256: a26ee8995f47d5c49cf366b01aa1f6c8993dcabab19f433aa0d07544bfb95d76
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.ttsdaa
binary
MD5: 021b9bf59dfd9e35936eb3d3d77affc8
SHA256: 3ca5f35df881fb1fef0772ae7330d3e1846b3dc7dade98d6683f8ff0dac3a6a9
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.ttsdaa
binary
MD5: 29d213ee0fc339cd54f733e292cfeece
SHA256: 6ab3e051532d7b6d1684279f19fe42f2867b9279cfcf2eb016add596575629eb
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.ttsdaa
binary
MD5: a85c24eb7d1a7f94103bc4a745061be0
SHA256: 48744e5775856327ee9857700fa55a8b1c14d00202cff287cacf71ff0ba0880b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.ttsdaa
binary
MD5: 4e1ce1f20d23d99ca8f20472175fb755
SHA256: d07f01f20b43fbd59ddd5d07b580805feee3ce5d2f959d134281539856f4c206
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.ttsdaa
binary
MD5: 483e648bed311af637468a9f1569a90a
SHA256: 2f8877dc87bfb68819eaf17ce5fcd6148834b86c1f230a3b7199660fc875ae9d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.ttsdaa
binary
MD5: b4ae779f66a60b1e043f0b8ff9eaf03a
SHA256: c66474c4283dd996e64eb8aedfc7e03e5b80bb3d15322f16c74cddc6c4d3349b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.ttsdaa
binary
MD5: 524c878570e19a9c5718c974640d94b0
SHA256: 0f46d2a2850f3a31f5ff8b56aa5fb8f55d747ab9941f19b39d5b788f96094518
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.ttsdaa
binary
MD5: 930015ff5973d56029880edc5222dbed
SHA256: 0616480e79dd30652d6c779a175bafd38641aab1207e5ccc532dc600ad4aa29b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.ttsdaa
binary
MD5: 2f505d64e3927c594b21f4140a8de230
SHA256: ce60e092473366b7d913c7c568b42403cf56a27e504873385f8860ec38b63445
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.ttsdaa
binary
MD5: 167fa3b4ee20a8a74f517a27463015e4
SHA256: 7d82a77ab6d532c067e25d46748c28b8275556a3539549656deb278f33e8b5f5
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.ttsdaa
binary
MD5: 0e1166c19a740158c4653ef64ab52f6b
SHA256: ed6ff511c229cc4463b20c003c0c7d6330152e534c9497ba7a15ce358586b622
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.ttsdaa
binary
MD5: 9c66cb8b26d0236b694a48a9a18ec3f7
SHA256: e30310116fd348febdc9abd75775e5e2555c49c3f5b943f81f0264aa67d73e18
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.ttsdaa
binary
MD5: 8fb116c34252bd65dfa987588b8b4bd5
SHA256: 13cfed535d2c2741246cc27f244b6631372a0dbfcf754d905b4daeee4bd3ca8b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.ttsdaa
binary
MD5: e9bdfb4c7449c044f50638bf1b96b375
SHA256: 740175ef63bdcb54892a230e8001154388d278fbfe81db1e9de4775c027d5316
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.ttsdaa
binary
MD5: de2daba2406a6300563c33179bd02759
SHA256: 2bffa6aa0aa6570699383c16b6005e81bbcbde9f7078c2284c9548709c591642
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.ttsdaa
binary
MD5: fe56fb0ae34a5165f5d49735bc7a9a11
SHA256: 1b4b28996bed0fecb20a3016287aa913ab597b1a092a79decf72e363d1b34508
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.ttsdaa
binary
MD5: 335065f8edf0872a27580a84d7c65d3f
SHA256: 94b5420b94eb973d58e2a220ecbd1a752f7068db5f8a2de3b12996776afdfa54
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.ttsdaa
binary
MD5: 0ed3f1cd1f0b42be9214e356fa4a3851
SHA256: 17e49a846f808eeec4c6d1006d2b9dc360e11295e23ba71ea58f8a5fbe00a193
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.ttsdaa
binary
MD5: fe56a7bc2ae81affdb69ada609c6ef71
SHA256: ea81944aba0238c56fd93ee80d5d0581212335e5804968b7b4ab3e1fb1ff3ffe
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.ttsdaa
binary
MD5: 19f8fd74cfb434038057f8a213262afd
SHA256: 779e4e2459c0e93791974c98034bfa81a5268ef80ebc68e58342db50ca51d538
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.ttsdaa
binary
MD5: 356e49ce1b5321ae9bd1816668c08b0b
SHA256: 04e10a12f47d07e0297d9784a786f4ecba9b646c9ab1f4c6620d27f632b36581
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.ttsdaa
binary
MD5: 8b794204a93a6a539fde649cbd1ad37b
SHA256: 4706cc59d5a49f827109c33851cfcd48db634e828ff215807ed0b588f84986b8
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.ttsdaa
binary
MD5: 62243df4f79d3f95a0f3385bd6be1070
SHA256: ee2fecdf3d95eb58b6aabb4a982f6b909ab5b83ed7e9706b40e418be134b6916
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.ttsdaa
binary
MD5: c9604408deaa8a95d8da8c7510482640
SHA256: 3ca919037b11c8956ce5bff7c6c1f349c418ee04a0e199e88d282a22ed07be3d
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.ttsdaa
binary
MD5: 37a96f225c79b51a262cd5f34135c0c3
SHA256: ce5d985d3ec3143d37f2975897910fda2e6fc462d0d441e9fcb82119bf70ff16
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.ttsdaa
binary
MD5: 5dea3fbec03413c44fc44b2ba3c03aca
SHA256: e6e3a3168f00d0919255c36e4d730794589a52bfc12d1fd22773e84d77d84f81
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.ttsdaa
html
MD5: 963fa972605cb210e0a1f1a88f8841bc
SHA256: ef2420877ef1e75dc520c4f5ed87e328d7b558cb6b0442972dc2257e9670b6e5
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.ttsdaa
binary
MD5: 920a12fcbc9d5423a9978169a8a1cf8e
SHA256: ed8387b2efc9e39eb27690db74d1f55515dd7edb78cca5416c21c4c5371c2255
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.ttsdaa
binary
MD5: dfb76f4127fb807879ef78d565c625f4
SHA256: 8b9f97df24ef28ae7d5695dc7ae81d8c862e8afd8895a5b46fea22310511d780
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.ttsdaa
binary
MD5: 2cfdf67016c24c407d4d0620e0c31ced
SHA256: d672a0acc8cbff7ee417408df9c75815d285942803b26cb8a3ef3039c477b382
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.ttsdaa
flc
MD5: 273d7cd544c321af9db03ad92b306705
SHA256: b2dbc2585f80ceb5a65657d4fd9bed80df7c784b82e8ddc9e107bba58f674539
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.ttsdaa
binary
MD5: b0f1c6940f5530767b6e3a9d46542a05
SHA256: 78a1887939384fbec4be304a3394d6375c671d08687fafb799a7e4a0caf7e4b3
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.ttsdaa
binary
MD5: 35a85bfd174656fc6c36f059abd21c7c
SHA256: 8cab694dc373a32e6e732b67362fea5e462ffb3d9f1e551633ae934cd0ca3cdf
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.ttsdaa
binary
MD5: 8d062ebc1d78bc5779ba40992b8bffc1
SHA256: ed2052f3dbf7af6e29ed16693c41c7cb0db1c89e4f3c6938b5ce138424bbb047
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.ttsdaa
binary
MD5: e703ec1bc72191f1be8343d9c495d0c6
SHA256: 4e36d51571d22b771c2085009b84164f67224f92bec341035ac3da31b1f3f988
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.ttsdaa
binary
MD5: b9d0ccf0ae2e15a7274364de955fcfaa
SHA256: bf91e6e14c6110a780c78a747f81a67a055ababa72cec83ed06567189306d6eb
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.ttsdaa
binary
MD5: fe46c3c76bb642aa796940eac6afb102
SHA256: 1d97c08bc34160b4b926757e0d280b6cc994ea0a7f30f1dcc8ac4410c81db973
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1.ttsdaa
binary
MD5: 06d271f17b27a50ee5fece483a6e2086
SHA256: 20b9617d6d6f59dcc43a814afc74394e5d66e2928d238dad52f046b6ec6431d5
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.ttsdaa
binary
MD5: 9d1d04b53a185cb9f2aef2a7523e0fa5
SHA256: 99b57112d7400b8f95b1a2923e0a606cacb6f1a27b61b2e5629e3b5991e89b9c
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.ttsdaa
binary
MD5: ef9ba050def85ff351ca66499326a368
SHA256: 32183f82b92e090b193c90a76965254e68df17d9a782a009ed57cdcf09ed5ad4
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.ttsdaa
binary
MD5: acfd1bb25324e4296ee09d99a49e2515
SHA256: 97be661842061ad9f7cec80c8b7bbbb9ce62db37478756a45094817a1bec7625
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.ttsdaa
binary
MD5: 6dcfededa4a37b8e090e25ce4195d8ba
SHA256: 1fe8bcedea97db3716ecb71ac475015814eb06db0ef57a053cb6297d0b3c4b3e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.ttsdaa
binary
MD5: 7541dde7f4a47e9305ecd14fa1e0b8c1
SHA256: 879875a0f0acee86a41118e18042a97c4b7dc3496074c7bc88ffd84bea22f284
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.ttsdaa
binary
MD5: 9072bb8d40011822214ed2b70ca9465a
SHA256: 6606e2985fc589688b67bf6a5faef67b955e6eb20fb5d87a107772bee3a013a0
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.ttsdaa
binary
MD5: 32ff9de4db60f8dbacb3ffe416f66618
SHA256: af9c1ccf9194f36abec3a75be0df62dd501942897ea49fc272b8cf1fb65d89d6
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.ttsdaa
binary
MD5: ce8df59a2f2459c5a46f2970f84e5249
SHA256: 500668fd47888828b95b076b153bed72ffc97440ab3fee5e921cf76e563b1536
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.ttsdaa
binary
MD5: aed5c7e37ee18df136f496ada4f78883
SHA256: 0b9cad3a9ae51cd3854affa955c8671378198ef6241f4ac6175b008c41c1a99e
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.ttsdaa
binary
MD5: f2643daf5023718f6fef48602fcc13c7
SHA256: cc651d1fb5f875a9e06f68ffd9b8b146af5e8b1d1c2a0efb07cc5df5a1b65425
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.ttsdaa
binary
MD5: 25bd32d9b66a9b6022da356aa06bc660
SHA256: 15f13b7cb24580eacb1cb6b408aa9b62f9f3ae67f4af983ed55270f16904c2e3
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.ttsdaa
binary
MD5: 67dcd0fe796ce2d6b2c8c8a57dcecaeb
SHA256: 8d27d40fdb43b5eab6e5a03cc2b174bb7145c054545ebd3fa3e1a6d44592fbef
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.ttsdaa
binary
MD5: 06e45a8ad97b145578a951f202e64972
SHA256: 8d7ede14bb67e023dc3f3008f334758f560ffe3091bb4fe9f566da5c054802ac
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.ttsdaa
fli
MD5: e15ecb31327a0315a5171e40963a67b4
SHA256: 42b67799a0bf61e9a805ecbfef8d118292c08dd34a0d5aaaf30648242d87a177
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.ttsdaa
pgc
MD5: 1eae73a0008608eb34308301a81ab987
SHA256: 559c1ba761bc4da9bcd2a0a2c2f4aff1f1a187aa048e37491c8c4ed8ce343b4b
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.ttsdaa
binary
MD5: 2c8ff853d171c01c0f7cd73c280a8765
SHA256: 35fd38249be81dc76d80932bd85f68038609055f43cb7659de375f860b84f321
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.ttsdaa
fli
MD5: fe4f7a40feb28c17bf44b847c021ed95
SHA256: 8a18a3168cd7d373affd1d1514a32cca35ff9dd9465d0b88cdf293e1898fb2e9
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.ttsdaa
binary
MD5: 2a88fd62e28afdf89a1a1f9e49c52b78
SHA256: dafeea8882ad2e9fdf4188f2e32eaa410b1bd8efd1a733161d0168342cde6d5c
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.ttsdaa
flc
MD5: a1c529d330d2e050e767327fc827c85e
SHA256: c91dd2394d8d587bc3ab482001ca7408035798e319cc059b2d13449ac806203a
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Identities\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.ttsdaa
binary
MD5: c486ebe55e43a389497cf51577b42bb0
SHA256: ceb411a5a85db36abd82d9a5e1532270af8964c0b4d8b134234a85c498261c80
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.ttsdaa
binary
MD5: 1e4531cf0931af092b22b070563e6f06
SHA256: 6d9412ee49b77c047425a3149667b22acc77b0f8994add3850f38e41e1415a8f
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.ttsdaa
binary
MD5: 2d4ad649d66f6eb867e088afd42339fe
SHA256: f45975d3e4c72b4f1a96b2e3e7cf4f9f7da5624877811b37b5563ed2034fcc9c
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.ttsdaa
binary
MD5: 62a505da674f95c548443d05ed4f93ae
SHA256: 2f057177ec2971138c81162f88ee83dc0c503f1a0a24835126b3f8a3d00460ff
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.ttsdaa
binary
MD5: 53098103e2ff6b704cbce83a56c001cd
SHA256: 6e7666fcef0fc0344a0fc0a1c122bed5cc0d811c1b6834133ef970a94bd107fd
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.ttsdaa
binary
MD5: e84d6eb36cf3356e055a5f255ce29f6c
SHA256: d3634f6abf67bb96b315d661d64e6757c9ce510714286216210481540b2dd10c
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.ttsdaa
binary
MD5: 292837c7206c482c88fe87390039d20d
SHA256: c3527dde12d80eebda8cfb77afc6304246d34a342f74afa6cf42f036cd5ddb91
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.ttsdaa
binary
MD5: 5252b1b6979656c63f691319f381c051
SHA256: f6e00a7ae0fc2d4d925a145a9d912bc48f6d4007106ad3560a5306a17a6f3672
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.ttsdaa
bs
MD5: 0f5da270999d7eecfbdeac56a3b2249c
SHA256: 9d091b839a166f4c0b36ca7112092e0adf3b462212ae838915acbeadba5f6cd1
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.ttsdaa
binary
MD5: 1482e160f35392d0a826891873b089d8
SHA256: a2ed32f3ceaa1be0e836629f1fa769ccf25296a0150dc5802e5135577902d6ab
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.ttsdaa
pgc
MD5: 4f02b304f7a68fa413b21003fce310c6
SHA256: 382daf1bb1d6032a60a9cf81159f4bb4b0373051bb3419bf37c566133aba1016
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.ttsdaa
binary
MD5: 8880b5791ba11ca922714b86a939fff3
SHA256: 874651e16a179297d135eb27e188e04dde96cff87d25d95946aa5be46c6d34b8
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.ttsdaa
binary
MD5: a45f366de68b4d6b7769448a8129e885
SHA256: 31f1b39bd9313d1b9f2c0b0fec217e894562110e5d26712924486129adc2ee77
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.ttsdaa
binary
MD5: bb8b21eb1789f5e6ee7aa06db2db3d13
SHA256: da7d9979ddcdf3037c06eb4e986b3ca16820067b09e88fcb9a0a49eff5f74cfc
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo.ttsdaa
binary
MD5: 5926faff029837bae6e1d1f2eb4cdb00
SHA256: e77bae6c3c6b70935f4ce5f38932efca64bfae4099a0eab0dcb644477f5e5833
2596
GandCrab5.2.exe
C:\System Volume Information\tracking.log.ttsdaa
binary
MD5: a2d67b23cfc012e43351b89cd4058574
SHA256: 78528790cef8626a02600d7d829cf84e4422dfa97c600bdc2bcd8d6b61531d25
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo.ttsdaa
binary
MD5: 1682ee149e9da4cb842176f81566e79d
SHA256: 1ffd8d2f9c6a124110f23b6661778bae56bbe77be924f0bb836f4545fd96083c
2596
GandCrab5.2.exe
C:\Users\admin\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\admin\.oracle_jre_usage\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\System Volume Information\tracking.log
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo.ttsdaa
binary
MD5: e5404359aa3e426348abe53b327ff73b
SHA256: ef21dba68bd57fcc5e5fd8d766b6c9d4c8df7af92944369dddaef2756ed1a119
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo.ttsdaa
binary
MD5: 9322bc0ab4fbc81177d3ae7ed0d812b9
SHA256: 74b5afd63bee1fde8c956354d212aae9ff9a6b8d02d8abddcf0b727ac628a03a
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo.ttsdaa
binary
MD5: 5864e85d0fda6ade83adb78ca4476004
SHA256: af3bf662dbf4e1fb50e00ee78dee29e28c3c899d64db77b714846ecc1f6aebd0
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo.ttsdaa
binary
MD5: ef3f38cf11c632ade9dbd1a1000125e9
SHA256: 65657b8733bd3dcb1ab1596d8636d3ddf588feb19ef53dfb0672b3e01f053b2f
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo.ttsdaa
binary
MD5: bac2f3097546d05569bc46f9615a016a
SHA256: 744d37560b5499dbd5a98381446deedc7788f467904dd6a6979e174412fca1ab
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo.ttsdaa
binary
MD5: 940acbdfb4b3967202d36b824558839f
SHA256: c6830a37bb81d4eebcb3508a7e14145eb3cd4abbdc78dbd092fe4a06bd367d30
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo.ttsdaa
binary
MD5: d8262a629687ef20b002225b9a288feb
SHA256: 192b2fd4a8476806a317029763a579a8bd89e8c597fd3adc3462a2b0a382ddce
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo.ttsdaa
binary
MD5: fdc4874333d63997e65a3e3e8e92fc5e
SHA256: 5ccd9e2435a11108de1436fdccacfbe7ee48c9e8bd8819b423edc1ec99e1d3da
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo.ttsdaa
binary
MD5: d280e3db75509078bc80ddafd039758e
SHA256: eb2de3293b92e7dcb52ed4ecc7fbf2722216f14e0c320c9c3d15889d4271d841
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo.ttsdaa
gpg
MD5: 1aea14d1a2df820ae1ecf6de5c441440
SHA256: 992132fc68f2a23cea52032f995a8c0d7a81aba1d46b0207fa31f8e2f4fa0af8
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo.ttsdaa
binary
MD5: 5eaef94d62137a6fc4cad5d4f9f50513
SHA256: 5e1efd0b2775512067e95e09f94ae41c84db2e2a651b613469f7819408245a58
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo.ttsdaa
binary
MD5: 33432c963fa8cac48e2c0844ddb2616d
SHA256: fd73e41dd4d818f555d5544257da130469f117a57164b0f22d523463e258cbb8
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo.ttsdaa
binary
MD5: 8f198311ada5f039cdf5bf906483a663
SHA256: 66b969baf3d77bf56d161d311eff818b2cac09e807f61e6f867b2d71de7fc413
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp.ttsdaa
binary
MD5: ab3bba1dc3dc7d7ac38ead8817a76b73
SHA256: cebf0c99b321add9519819bd10f183adc15d611a66fac265322892c29a916078
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo.ttsdaa
binary
MD5: c562f0ec9608d65eafefeff033625952
SHA256: 8afde4eb9ca0a7ba42049c8e8f164e402aa498a0761bec449afc65257a863449
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppCbsHiveStore\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp.ttsdaa
binary
MD5: c13e0941e47fdd2af34e12c154d334b1
SHA256: 7aa5b4ee098c4393fad849ae303213d3991f957b257a8f35a9531f9966f96b6f
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 9cd8e9872e7c6206c8b585e51304fe3a
SHA256: 939866bee3bdc5c27418d4652ddcc5b491cb0de33b03cd4a022df186a6743e01
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 67b19b96626c971319f68b0378975e60
SHA256: 9401ae40a5e1c8a414947f1bfded35382121e9f79b926d4cd91813e78a5fc126
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp.ttsdaa
binary
MD5: b2e8eb27eb2ec15b7881e7ccbc98dd0b
SHA256: ab56422fd22d7998b4219db98977901a3d033fb844403661180d2c099dda33f5
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp.ttsdaa
binary
MD5: d6d040ee8d24e52fd190d83016580f0a
SHA256: bee962359dd6d1d9db228a7c7f2bea05481b40e1de9f6d06057d77828c414c41
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 4bbaa0e42d580425f7ba928ed7815e07
SHA256: da333d1bdec2378df60462963cae2a2cc3cd7dab30f6982c035cd49307ad71e3
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp.ttsdaa
binary
MD5: fc2e9db5673bf306fcf1c3b281acdc04
SHA256: 652abcb5c4e68b592fe299fb4375c5db1d17155ecba2ed8340da18931a4901c1
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 6b195d6739471fe6d5b2f963b69ae7de
SHA256: e9f05f1842a2a8b29b6f89ecedfd2389e809f42ed3f642ad43768afb6acd0766
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 41d37a4b77dda147fde827798d4ffef4
SHA256: 6f729001b2e2d23f47f53ae1588d45b6c0472a01ef54d17d70be3072ba15166c
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 6c7d41ccc896ccb45d0dbd421bd61668
SHA256: dc8dc5e1d48412592faf6cc4efd618c9288e56590b693d46375b7a8ed6504549
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp.ttsdaa
binary
MD5: a4a6a50f99bc00ff2310ab2184d59aa4
SHA256: c505edb18e4f2c972898dad0e32461f9fb23a9eb97d1a98628fad9879473b4bc
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 28395b80844166a4b3984df806e535d7
SHA256: 98428e949d5bc1ad3a98f708209367ee4a8cca6a1aa22aae7e1dd190e3093415
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp.ttsdaa
binary
MD5: b24e190f5895a11057d70b90c39b03f4
SHA256: c961e8b4968b2d36236076920a9966d13deda1a59eb568689648abea4cb0523c
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{38e8535f-27d0-4352-aa3a-ce4178930102}_OnDiskSnapshotProp.ttsdaa
binary
MD5: 66f47435a5f5943cd43bb68a9c3c392f
SHA256: 1402ca87b2c2120c63fb4b4c0208206e310ca7e8e5ef354c9b407970db6fa701
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{16d74681-6bc3-4c44-97f0-8b8dfefe2355}_OnDiskSnapshotProp.ttsdaa
binary
MD5: ab9c1b0e6391358adc627021c3d59259
SHA256: 9a7973201d18c7b0529f1d35dfb5da3cbe6a75f3e20c1fc4d4ee96ef3ce7907b
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{38e8535f-27d0-4352-aa3a-ce4178930102}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{05ed3515-06b3-48f6-8cf2-bf24b1bf0727}_OnDiskSnapshotProp.ttsdaa
binary
MD5: ef7d677e7a88e3d65368d3f5ee8e7a77
SHA256: df10a29b77869a4226c8542528de2f4b94cb06773b588a7bea2d509be07b360c
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{05ed3515-06b3-48f6-8cf2-bf24b1bf0727}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{16d74681-6bc3-4c44-97f0-8b8dfefe2355}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim.ttsdaa
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi.ttsdaa
binary
MD5: a2aa9bdb9562bb2bc220cf905ee0731a
SHA256: 24dc7968e7b70025c1b3072095968c5fc138befe2b77b2dad94c82541c1e5cd1
2596
GandCrab5.2.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi
––
MD5:  ––
SHA256:  ––
2596
GandCrab5.2.exe
C:\PerfLogs\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Program Files\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Users\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Recovery\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\MSOCache\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\PerfLogs\Admin\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\$Recycle.Bin\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73
2596
GandCrab5.2.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-500\TTSDAA-DECRYPT.txt
text
MD5: 5e05abb144a6159859869ba419ea512a
SHA256: 1acfa37c31ee1200aeb40f3119324c7f2e1b2eb3431a3792b7697886624cad73

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.