General Info

File name

GandCrab5.2

Full analysis
https://app.any.run/tasks/e9f947fa-deaa-44e5-9106-21049106f78c
Verdict
Malicious activity
Analysis date
4/15/2019, 16:31:55
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

78efe80384fa759964c9ea8bada3ac8d

SHA1

6300dca046dee2d99f8429bdb9b5f3edc4d5ec1c

SHA256

329b3ddbf1c00b7767f0ec39b90eb9f4f8bd98ace60e2f6b6fbfb9adf25e3ef9

SSDEEP

3072:UKwH7Fxw0GQi8SHa0jNwriVcJLLfO1MYU:XG3wq70pwrimxLB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Renames files like Ransomware
  • GandCrab5.2.exe (PID: 3072)
GandCrab keys found
  • GandCrab5.2.exe (PID: 3072)
Actions looks like stealing of personal data
  • GandCrab5.2.exe (PID: 3072)
Deletes shadow copies
  • GandCrab5.2.exe (PID: 3072)
Writes file to Word startup folder
  • GandCrab5.2.exe (PID: 3072)
Dropped file may contain instructions of ransomware
  • GandCrab5.2.exe (PID: 3072)
GANDCRAB detected
  • GandCrab5.2.exe (PID: 3072)
Creates files in the program directory
  • GandCrab5.2.exe (PID: 3072)
Creates files like Ransomware instruction
  • GandCrab5.2.exe (PID: 3072)
Reads the cookies of Mozilla Firefox
  • GandCrab5.2.exe (PID: 3072)
Creates files in the user directory
  • GandCrab5.2.exe (PID: 3072)
Dropped object may contain Bitcoin addresses
  • GandCrab5.2.exe (PID: 3072)
Application was crashed
  • GandCrab5.2.exe (PID: 3072)
Dropped object may contain TOR URL's
  • GandCrab5.2.exe (PID: 3072)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:02:16 13:43:25+01:00
PEType:
PE32
LinkerVersion:
14
CodeSize:
70144
InitializedDataSize:
30720
UninitializedDataSize:
null
EntryPoint:
0x58ef
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
16-Feb-2019 12:43:25
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
16-Feb-2019 12:43:25
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00011112 0x00011200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.61634
.rdata 0x00013000 0x00001648 0x00001800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.94323
.data 0x00015000 0x000056BC 0x00005600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.67086
.reloc 0x0001B000 0x00000628 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.59251
Resources

No resources.

Imports
    WININET.dll

    RPCRT4.dll

    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #GANDCRAB gandcrab5.2.exe wmic.exe vssvc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3072
CMD
"C:\Users\admin\AppData\Local\Temp\GandCrab5.2.exe"
Path
C:\Users\admin\AppData\Local\Temp\GandCrab5.2.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
255
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\gandcrab5.2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe

PID
3500
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
Parent process
GandCrab5.2.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

PID
2948
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

Registry activity

Total events
76
Read events
69
Write events
7
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3072
GandCrab5.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data
ext
2E0064006400730068006C0061000000
3072
GandCrab5.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data
public
0602000000A40000525341310008000001000100451FA7890C61440562FADD3C47F299CFEE2D87628DFBC7366B6280733CFC8D98DC0B203864262D54B3B10510C08393007D7E21B70F22F3CF833DFE67CA3F0E1B3C95C4B09BF17738F8386C0925258D1492D9C34C2165F548980C8B3FFE0034B9C71685A3FDC555FC5C7DA7118F0B1F32CDD3E105B52B4614A944F92F14B490445C2B8A6DD6C9F055297466313E261F9F8D4E6249B9B9FB3CBB544FEB5EDE72B7366AB6DC0CA39359EF7455764BA5415904100B94870A50DA8C5377CFAA3A277BB80B6D85EBD5CEF62B440A84C4163C5CDCB7BD577EA103527F367366437DE5FA756F675BAF7F8C46F4CBD8F2E41C921D0446857B5790F14E7ED75B74C66B89BE
3072
GandCrab5.2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data
private
94040000309E7DD0F7FA8157DD25C66440FD5650274CEA552F109C66C1B1E54C9A83D06964428B043A245C204075D9358EB41EB6CB6C534928A72AB13841880195E91CE98E8F93C9BB979393E011730F530C97A486D08BE43CA2F9E2D57496148E635D7E37C95D2A8783B8D0D23EB5572E6E7E191158626EF099629CA721CE497937D5B430E5BE8F6A0DADAC5101DA6F6E83E7F0E15B76906EA17956EB6067203BE221846EF65057C48B838F47D8C425F004F94B7D7673FE00DB41BBE6FAC566E1EABD6CD20E3F34E9ADB87FD892BBF6A7BECB933C29F2119634C5DE9B4AF103CA04640CCBE5A896DF2D8B88F1A50E23FAF9D64F0457EE5E5250117CEF17DE8D4D1867052EA1B54F132568BBC118B7D6C710E740FEC1F1D47CFC7C3BFC900DDF898ED8FF10B8EA1B70A5DA72E2E0D3E48D84C3030A535FF3EF1A17EB668ABB86E880237722AC424925A81DE1326DCA1A5118A79406F6839C133009D8F6DD298A1EFE1D1D94A1C7A21850227538F4EB59575010D99790D5E536B65FD565A1EC3E5CAA3D193EC9AC77F8E216EDACB5B0CE6ADBA381EB3CA4C2DD91DC102D43B7C86197A9EE60CF6B563E6C0B473B5BC293C379C1F85C52C624C7E2E02FF3B1BE99F94CD97783EBC12B11AA6AFD63BD7E38F079E1CE0630370BA1321D6717E56C1C5DCA4F6FEC55BAB2EA5E2E104728AA6F979619B1FDE9CB87A95E86D099235B8FA28E7D01071EF527BE9BAAABEDA077A31DE1B190E0E673BFC1A4A09D6AE347AF394BB970CD0E68414F68D6E81E53ACD36B658A809F9AB43C74478CF1282ADB40341F961E465479DA7885B16F2DE0CB3920675F1917E63E09E0E4E18A30C4EDCC982FBFE1EEC829FB830DFDD6C6DB5C6355C0B28F5CA5F0DEC9F44E63E51DBB04BDE8E040F2B99436665597D50600C30767C8EED2C602C755B0BA94FFB497CD2DC4E460C2D0EBA00F23127C05CC4DD9949DDB8023EA63D259F13E9145F970218868D2B374AA540014DECE234F77D03E90613C5FE123E7CF53E70394CFAAC289996E068549AE82FDBA0A08EE9670AAE913E630A8132C39FEB4F0703824BB88C3C3F47C1B06DEC2C77BD3ACE313D39648B3DA4D78FF54BAB1191F2F18C00CDA4FAB4A7C6A29E041360C6CECFD638F00485A150087E5AFD8E9D90EAED3FEDE7C1A344F5B320092DD4255C03BA2B0FDF556F4455A1017EAB89733F7A55CAEBC8D24367D5868DCFE8817EA922F03CA94B3AC5D90151AE4EE6D2975449391376726F5829ABE65AE205D52C4F51413850F4EC46AA8F2B2D909A5270739215DFA969C1FBB3C296A734446F844E7822FF59C9CD61D75FD082B498B0712FFBCF89D5F1B2E594FBFFE840F2BFCDDCDBCC10484DE55778F72C143AAB592F44AE9C4FFDBE2C9C53F336EA5EAC6BFAC2CEC5B8F0E2F09293410C0A05E377838D6EF42D4F03B8D55745F6E67C7A7DE8DFA3D0092601E3DDB92D4049D9842AD48B999CD51041C055936729A2EC95F352F49A1654A37E701CC9DC34934D26C62D7FA042DEB0C67230D032AD9714F9D21CE2EAC19B637688EC4EBFD6A8348F395BA4A4B42F52B02F5315C025F0A12788D2E29DA306D07A5DBFC625197DA7A05FD84F2F7067784D5AAC699B549341928A1BD4B077F13DFBD345A35228AE538536311AC3B67BE284B25CCEB9AC2474C565CB7F43590294ED53D649127354F767FE4BC03E8F01110711599E794CED7E9F65501194D65AA4C6D7011D69DA383945E80558850DA6CBF3A26FCB28D8A8D2C26A45BFA81E8AAA4DF43F242D20F00EF17EF94393AA8521D6711E5A539D45418CACE0232DE3612F1052B855ED8D8EBC6C71796752351F63D6A4AE96BCAE9DCF30234259E077A8222BA739C3ACCE40CFFF281E9795C2FCCEA3F16C2D14168E7513306E2BCB10AD0901965C440CF9D644F69B7BDEDD3D1A4CD6C9EFC3556D8238A8DDF6CCA4DE3FC6AE3B4F01D76BF635DFE384F43B9F110CDA2EAD76C8E584D9A2B5857F2BF7E1C6B0E300272172880B32AF0A9506DE79CAD410CD545A7B82418E886237BA144F57B50E061F038D6E2300F342F0C9C409318651A71A64DB6D9F599121C71977099B0EDEC47E2AEF8DE548AE2067D9C86A1232FB2A9CF510FD869D39D2CAC3EA874547DE3883CF6CBEB54CC88FAC6F68F27B21130B51B806DDFF55A2E6EB9BA5C46D8C4EF3EEC87B056448996D2C8ED91B4C1CFF33800C58CB47C404718CE9DF7B438F1E5276FEDFF75DAED709EA6EB1F6AA2F1FEF2887D46CF0D173E31A0E7EB5C5BDA23F4F934BDB187EDF4450B91DC9F57F4CD7A495D1B17EF90718E023302DDA158A64AE958277369E54C54B746D8142C305A9544F43E8C52E20002C3C3B9D8BB3205A27E188DC173B8C841
3072
GandCrab5.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3072
GandCrab5.2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
0
Suspicious files
423
Text files
319
Unknown types
11

Dropped files

PID
Process
Filename
Type
3072
GandCrab5.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Videos\Sample Videos\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.ddshla
binary
MD5: 076fc0adf06807725464e85938d12f55
SHA256: 5663df6a62022bdec6e214a2688941c769f0336447bb87860ff7d112f8edaf67
3072
GandCrab5.2.exe
C:\Users\Public\Recorded TV\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Recorded TV\Sample Media\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.ddshla
binary
MD5: e3f50f4fab78783df63c361f833ad5cb
SHA256: c412c17442bd1177cc9659735afc30711cc9f26ccf1d893659f35838f3bcf5ca
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.ddshla
binary
MD5: ac809afa4b5942cbbc4903893046bca8
SHA256: 03c29c81d83395b04c125b49617d42f87a9e186d1b0797e6d0229fc2718dcabe
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.ddshla
binary
MD5: afff98c63d2be2d9350fc1ced863e0fa
SHA256: f8a504a539b7c9d20a01d0bacb6c51079e28ee1105256a004b4fe437c4c88b65
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.ddshla
binary
MD5: 431d7a29de2a0b2c7df412e9c714ee37
SHA256: 9b79997ea2ac67f94b0b3330ecb7d1a07177799c2264bbbf77d3318994a0c407
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.ddshla
binary
MD5: d7194836dc736b05d92d296cdd9c2284
SHA256: 75c71b29bd100abc65a75e1fc49b73cb34e99f21619dae099d164f51ee0456b7
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.ddshla
binary
MD5: 75514cce3a46a84ce927a262f8450ec2
SHA256: 3eb194560dcea0e434ed5d94cef55eef656b5e2986faa657cf01c5a69c63385e
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.ddshla
binary
MD5: cf56e2298cb56de009e6b35143cdf2f1
SHA256: 6e40d3df6f0945e114ac64dd4cbc0d8834b4cffe00c69171c462df50c0169926
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\Sample Pictures\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.ddshla
binary
MD5: b0f0052e2aa7acd7117a160879f3ab2c
SHA256: b6dab6f7367bfbe451835e1634c6aa9427e5d0f916653e86585419aed08101c9
3072
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Music\Sample Music\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.ddshla
binary
MD5: a581e23efa22724068186b69dac542b5
SHA256: e4c7be79579c47345461838d07ac7d8129890b64808d35c2da02c1202196e9ca
3072
GandCrab5.2.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Public\Libraries\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Documents\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Favorites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Videos\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Downloads\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Pictures\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Music\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Saved Games\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.ddshla
binary
MD5: 859f554ca953f9d5dfd78681496c85e9
SHA256: eca2f3633f955b9df37c75ff518cda8c22f63d37ce5f8ebd1a7d7037f388d4cf
3072
GandCrab5.2.exe
C:\Users\Public\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Public\Desktop\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.ddshla
binary
MD5: 747768f3950e821561c599666fb3df7a
SHA256: 98a8409aeea6e5ec1e3b957691ce69c0730868d6a22d11d2528ec116343c8b2a
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.ddshla
binary
MD5: ab7095913a081a857bdd114af1836b9f
SHA256: 5561bf24c931f76921adddc7307aab1a59dab90d8ed7d752a1b21ca98efcac43
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT.LOG1.ddshla
binary
MD5: 5ef388ff97ecc77d4f58068758db5b78
SHA256: 57cb84cf58fe01ec3deb59b947760911168360775bcd5f5b7a2dbdcc793d3f3b
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Default\Videos\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Music\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Desktop\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Pictures\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Documents\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Downloads\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Favorites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\Links\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Media Center Programs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Microsoft\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Temp\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Roaming\Microsoft\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\History\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Searches\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\Local\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Saved Games\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Default\AppData\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\ntuser.ini.ddshla
binary
MD5: c11d8b723099d0b2d641f203fb50e5e2
SHA256: c3c15432eba77ba2ce39628f5b1026842dee3e0a3ab23c969f70455c3e4e606e
3072
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.ddshla
binary
MD5: b8e9f61141c05f472a73d6eb4da76d58
SHA256: 1117764a178df44de27d6d48ee76cdabc2a2fb2c809183f734883c50d14e9a88
3072
GandCrab5.2.exe
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.ddshla
binary
MD5: f326aa63b7feb891d2235e19daac22fe
SHA256: a31d35de2a277bcfd0f5b49530e251cab1f03830c4d498baeb642ab17ba82900
3072
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.ddshla
binary
MD5: a16e7e7f472a4cb2afffc1321e2324cc
SHA256: f5ff03f52c99880ff59ffae243736445622c684fbab1a66edcd33832d4327f75
3072
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\ntuser.dat.LOG1.ddshla
binary
MD5: ef77628e361f93f5266b15c13285a644
SHA256: 4359830bbd2b218869daa349ca1633f91ab0449c98e47e27142489ae7a80cf51
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.ddshla
binary
MD5: 36e5ab04f8daa7b6773ccaf94dc29370
SHA256: 7d0189ff04728f74e40446345004141d7a67b73b0a5f630b10188830e8665bba
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.ddshla
binary
MD5: 334411357400253645fad35fc82e1fc3
SHA256: 673ba5baa7ac543da6c7d6ae7e7e822aa2b8f7370185280287d86632a1b7ef54
3072
GandCrab5.2.exe
C:\Users\Administrator\Links\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.ddshla
binary
MD5: e6344e0f209e18d6e6b67b85a7ed9639
SHA256: bd1e153eda1f93d5e343faef012ae365a18a37a486654e0b6b31f20b3bca40dd
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.ddshla
binary
MD5: eabc49854b91aef1ac1fa95eef6ab625
SHA256: 526abaca6460d18d8ebd15df9e9b38fbd94b01792a50d5065daff890638b1cb3
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.ddshla
binary
MD5: dc6227a870a1f38580bd9a446162299e
SHA256: 8df71d90881a759aadb2cc7742850848ca82c13dcbb4713cee7ee6b31cb1ddd1
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.ddshla
binary
MD5: 467e67319ed99ee1a7bc611c6e1f37e4
SHA256: a6c062a45238b92d4b7c1efc4ac95a14cd502a1f8a9ab48679ae365049f06c77
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.ddshla
binary
MD5: 5abc8e7b2eaf488c8292e93b4ce5b891
SHA256: 7be8aa4de2e4f0cc82c6877180563a8f901c9c93bb7771cf892a463258d8dacd
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.ddshla
binary
MD5: d38cf76389a766ef95b82e9ceb2566cb
SHA256: c6fba395a0ddfb99f551de62b70ddd29aeec7302527400f771e7c8812cbfeea7
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.ddshla
binary
MD5: 76f8f4788ae18294bd937712684a3b3e
SHA256: 5180f69ae867074db154ea13c822a8d56dca9c9f434dbfe2ff6d7913ddb24531
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.ddshla
binary
MD5: 4ecedd05c0f5e5ccbbfdceaa104a0a22
SHA256: a4b8e3d2e6dac53687614ebb1d87d593476e50602445ff210334ef568e1687e7
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.ddshla
binary
MD5: 770a2ee846a494e34a6583d03de29e98
SHA256: a0bc2c188e90b788a4f4e66598de11343eb853a566d646f05f578cba78bf4e0d
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.ddshla
binary
MD5: 120f847ff432fe66217a6ac60d59f1d7
SHA256: b4790e0cfaf6449e7f3c20d6f90c872bd48382baa7b828a6d5e08ca9f357c06e
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.ddshla
binary
MD5: d581bbd9d5b8f17c51ea91f450a8bfbd
SHA256: f28cf698baec219e6a1da446a1d1c9a60b57b4a10435de4a7d1321ab078e7c20
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.ddshla
binary
MD5: cfa0375c78a29da1e0c581d92544c887
SHA256: 1d66345bcc6a664b4cffaad1c129c0d7b3db16b8a289d06df73c4ad4c319eeae
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.ddshla
binary
MD5: d1446b0f6ef7b1d04a5442dddf975d66
SHA256: b42a1096d0bff4a63af90383d94d041c983145f1ec22ff5178cc4f3ff95cb85f
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.ddshla
binary
MD5: 5490385ce22321fa17b360d11f3059db
SHA256: 0bd04cd4e2e0fd8c320ea6f2b7b3e52244c20a70087d9bd690a6ad0ca292b91d
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.ddshla
binary
MD5: 1d0c3345f226db8507fbadaba116f721
SHA256: 06ce201a0776c866c317194c4550bca92f8bf0b791023cdbf6b2ad1bb1a4f4b9
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Microsoft Websites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.ddshla
binary
MD5: d509714450f5f177a1d857469a76ba23
SHA256: d0b3a4eda37e29dd23ef0ef5fb00c61b8625648a45b866927ec85383c156ee11
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Documents\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Pictures\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Desktop\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Videos\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\Links\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Music\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Favorites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Downloads\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Contacts\Administrator.contact.ddshla
binary
MD5: 65eb9ff933cbe4933bf47dcec0721a95
SHA256: 5a6d04386d9050da170172908751ee69a21e0ae09a14e8c9bce1004ffc4d240b
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\Contacts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred.ddshla
binary
MD5: 26b1f8d2f4797785dc0644781576f34c
SHA256: faca55e59ecc17825eea6ef27fe34e2d38ad5690a2b6f034079691240eb0b233
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156.ddshla
binary
MD5: da135ef23a0bb2cf7175ab1ecc500ba6
SHA256: 93d0244e9017c973457ea03155e1bc5756eae20a9c13a4ec3bb6f465037c3d5e
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST.ddshla
binary
MD5: 26cf27eae3482e0a75a6a44e0c9d400f
SHA256: 7cc5a119209ac169a43ba19621c5bdf8ff7f53e364a0a3a541a4d41ec33ae7ed
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Media Center Programs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Identities\{BA2162A3-2F32-4850-8D8C-B3C9A2AA9D43}\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\WPDNSE\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Roaming\Identities\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log.ddshla
binary
MD5: db2094ca0f659c6b22a4b762c3a312bf
SHA256: e23b5b81d33efa6dc07ca0e08f21f798439974f0163828788032de3828088960
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\LocalLow\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp.ddshla
binary
MD5: 359bd0affcc4b3da345d8b0b7cfc29f2
SHA256: 3bdef8b7f14209e32b9e6971924691a63a35de30cee4dec0cdc723f707cabb74
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\Low\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.ddshla
binary
MD5: 651af60b3fb4a57b07437713d3b62dd5
SHA256: 1916fa0dd83f5ecfb180fac387e00ee4aaf768538a480030dc36c42cedac63de
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Temp\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.ddshla
binary
MD5: 18b20d23172f53c4767199af674c7bc5
SHA256: ca73b732586a1a0db262afd8cf8421756dc6c4ee73c5046011af4344c196149a
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.ddshla
binary
MD5: b8c8f377b59314b9d7cb070e4b3acf4a
SHA256: 156317a8afc24880fcce052249bdc16f2bc78f7e0e4e451753839707c70927b1
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.ddshla
binary
MD5: 8d160553f203fc258d8f6e6e061b04b7
SHA256: e61c7ab67814c9e4c48139ec32dcb25264bcfdeee8f0f738f469634dcfa17cc9
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.ddshla
binary
MD5: c6dfea9afc22fee656dbd3c52e76f084
SHA256: aab767c65cd9a29a0285595a1fa16593b3aec0052fcda207dfc74b3b8e526e73
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.ddshla
binary
MD5: 7aef5abcdf3163cb61848299bcad001e
SHA256: ebe1eee04c5775f95a35b23c1c7721f5a846e842c93dac894c60bdad1ce028e8
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.ddshla
binary
MD5: 94ebe185709457478d6ae52f39250aa5
SHA256: cbc0af000d0f7153e6dfc5f6be6116a97a3798919345491a93d53e800d543f62
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.ddshla
binary
MD5: 28b82a4d49d8b6ae8c03f0077b8c2cf2
SHA256: b0c1e5d15b1cccf7f9120bfd1c7f4296d4a90ef5bd8cb5c73b644979880dd17f
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.ddshla
mp3
MD5: 6f138ff17572d88e6ae2a3ef0274add8
SHA256: bdedaf281827b2655e965b0de0bbd6581d13aaf0956cfca7812f95bbc079d5ec
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.ddshla
binary
MD5: 214217a1ec559c19ea216feaca15a5b0
SHA256: 9fbac663ba31dc176e18f2a51f7833ea725a38ac1c91fd5ea1b4da38f320c417
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.ddshla
binary
MD5: 148a3093716890d5b156c944502c669d
SHA256: 196ca3d3ffa4bccc3d959d7c1711f4c635bed41730b176ec0e7208bffb64baef
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.ddshla
binary
MD5: 7632e5ee9988b88c2ad01b3e37dbcc5c
SHA256: dbccdd2a258a28a813fbcf70eb09cbcbe28c0eaba0fb7113786a7d5caa05a21b
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.ddshla
binary
MD5: 492061fa008cb239fa01e72ce80b9a4b
SHA256: 5b461a7c04dfaa1bfa55efdb3d29114f4afad9114c26383baf8155f140cb25de
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.ddshla
binary
MD5: 69d6bb1daa54c55c2d4fd14c206acf52
SHA256: 9df46c9c7afd8249cfe6a18a0667c3f6f6111063785d4730946c677188ee70c2
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.ddshla
binary
MD5: 244e063b79c521a511a1a97e2d73ccaa
SHA256: bc208fe4c88bff1723f1bf8cb262e8530014bf697a27a88868e11e1043e83cec
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.ddshla
binary
MD5: 8baf4f7728cab356eeb907bb070fc9b4
SHA256: c22151c9ee3cfe3b953f6ec900713e1cafc1fad02ad11c6cf2303904f2f210da
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.ddshla
binary
MD5: ecee06fb212c793166f97605787928bd
SHA256: 2629f91276cd9652b7c138f2a523c91ce8ffce94b3212d8854f034228450c888
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.ddshla
pgc
MD5: 5f7a6174c50c753d229014d514c52b8b
SHA256: f18d2c6219167ae247e6caaf601f93617c11f927dc024070c0e7da754b71d7fc
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.ddshla
binary
MD5: 0a6f7f3bb34032fc1825f9a6b2145f20
SHA256: 520d5e898fea499d2b0b0d6ce6311d95da98481a48658527122a4dece8ea871f
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.ddshla
binary
MD5: 3b0cf2f3551e0b3cd3f3cb611ab348b3
SHA256: d5b9b47809c093831525081ee578d5f3709eb88a30cbbdd4c548d238781bbd08
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.ddshla
binary
MD5: 85692badc7c801a1ce8a271898bbc551
SHA256: 484df38a982e00b9b436bbe4045f83170a97790d0bd2a571ee62ad12300034d8
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.ddshla
binary
MD5: 1b6c72dc1d391c64d20a9b01a2ba6a3d
SHA256: b5a2a37cd469b6f02c6cc69d5a850200ed8884f8eaa0122bfda05c621288e00a
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.ddshla
binary
MD5: f5aadafc4733ea6907125bdb2a557d2c
SHA256: 573584e02fd785ef78c2b58659ce67221de112cadbb3ba2a406441b97f2a4fec
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.ddshla
binary
MD5: 5416d6e5dcd88637ff726075528f7410
SHA256: 033989b29981a2b0e6f2b004187c68745dc24fa5d6cba141c7883e1f79de1cde
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.ddshla
binary
MD5: c79fb8ab7b264dbc0a9122b6cdaecf95
SHA256: e63ac29245dc95f29fe8760cc04163ab3d0069eba98d9f696afdeca8f87f06a5
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.ddshla
binary
MD5: a30e089c1ac97324b241a9b332dbe576
SHA256: ba9f9e82acad608dd16685c69645f619863a34a5b0be4e4a04f3af6087d116a3
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.ddshla
binary
MD5: cbde4fd998629832822c4c41594266e5
SHA256: 5f05abd345c1a5dcb42a3f5aba7d5d83851407d2c5a8daa10b13e6cc4d9e01a6
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.ddshla
binary
MD5: 6ff454437287fa4552e55d664c77c995
SHA256: 9316c37a46745577bdee43b98501b1e78ce9054416b8f383917e689f45aa1618
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.ddshla
binary
MD5: 59693e6100182fe888e007a5cf0bd9d7
SHA256: 63d68876d93fe3dea88319cf0af40660cb55f441f07eb04e211871d3b50c244f
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.ddshla
binary
MD5: 4fb0e459d70369bb95f77aec76c9a4fb
SHA256: b8b2390bde0cd52a0aca44337b7315b8069a471a3748b8cb2dba9ceafcf727ba
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.ddshla
binary
MD5: 4e07eebfbc3487fa28e72e7beaf6419e
SHA256: 6f18494b4e130c0d42ccd54f17b77ac15765b7f3a856dc48641009a8c67283bf
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.ddshla
ini
MD5: ab21e5c1f53375bcb5de63f3c3597900
SHA256: 7808d11ed1d0d3e56e196762183808d2c80046e75f5b93ace731a098c2e3de2e
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.ddshla
binary
MD5: c200d55ae0fe1484fb0b74eb3fbbd3a7
SHA256: e8436acc813a6b255e28c8a5d66a3689272e05b3c6d2bf82efded8f0b3fd4cb0
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.ddshla
binary
MD5: db41937a1ec1d869824ba054a4d3809e
SHA256: 814345cb5fea7c6e9d595ec7afd43a4861c60fe346e181244e0c85835bdcc1b6
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.ddshla
binary
MD5: a149dbe6becb6da8eec5bdf0e5dd05ad
SHA256: 8c3a2f112a4a0ec47cb4f73e4c9d40e2117a4cc08c4fc1a24433a70bbfd24a9a
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.ddshla
binary
MD5: 34267336e61d49cb7e8048b0a1c1bbe9
SHA256: 931992958185a6176a643b0351d845b4203c16a07cf48ef337eea4e6a096aab3
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.ddshla
binary
MD5: afc9ef42f0967a98faafbbcfeee19ef6
SHA256: fb1fb1cc59e05cea3a61dd85477e38907d327d4634ce4f8f032171825bec7293
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.ddshla
binary
MD5: 962b5fac66e3588e401bfd1819737849
SHA256: bf4e7d5a064bd368228b5a0b15e48a2f3aa22bec7cb688eddb01a94c366212d4
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.ddshla
binary
MD5: 84fcf888912b13eff39b3b46be578534
SHA256: fc0492e93dc3dce11f040005bb5b8a2c7cf942bc7d5d0f946e1dfb597ddd59aa
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.ddshla
binary
MD5: e994241376adc5ab57967535f3a2d70a
SHA256: 430d01aa79fc2c466e9ecf5845ccc91993a35519c63ab46e54c8b6dae183297e
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.ddshla
binary
MD5: 95081eea0577be67891b44eccb301302
SHA256: 8a7358ab95f9bc3d8ae1a3e860df63d658296d8b13546270ca818d7d36ccc347
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.ddshla
binary
MD5: 6a0e1417b15f971c15c221ba87021a0d
SHA256: b6320777ff559e62a8ea39d8c7ea273fdec68314ffc313a871b378b522825200
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.ddshla
binary
MD5: dec6af9da650220b14e12a5589f1f484
SHA256: ca7f7a4ff4a5dd7bdd7ed1b8fc10f0ca418a54102bbf1561fe079ce97ef8f313
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.ddshla
binary
MD5: dd50f574935dce7dc0d7838656219c25
SHA256: 905bdf0c5d216104a88b6534a5b3a3a2803cd8e6432685336203c0e88fc766eb
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.ddshla
binary
MD5: 3c4b067209bfbed2b007cf7faf8cc7de
SHA256: 92d7a9847d57d926d59024219ce4d180ac02bbbc6c6ba8cd8d31d85fabf91750
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.ddshla
binary
MD5: 058d1041e7a22c9baf962237906fe820
SHA256: 0aad7bebfc848daafcf4032ea07d97ccbcb5fc1202c09e5ac4bbd9af82a11f21
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.ddshla
binary
MD5: 58754048d48196dfe07dff311dd25966
SHA256: b43a0e6bc352633b71da4dfb4b6a0f4060d7a1144babc515613abe3a4e84e20c
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.ddshla
binary
MD5: eca6e46bf1622d5d8f2373ee4f0e52c5
SHA256: d523a944d729f0dd9f439d246d79e05045d46505321e7f7239b9ec8a2ca0db06
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.ddshla
binary
MD5: fda64a7ac3cc36fe856fd3989f7ee717
SHA256: 4175a0a400a860ab9b52b1e6f64fbc3b6a8617ebe7e47561a5223db7c7ecf2a1
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.ddshla
binary
MD5: 29911e3eb4f3d144349883a3fa73c9d1
SHA256: ea0de8adfc6642fa24db8d936d381f6998f111ac24f78e53878db4433d930679
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.ddshla
binary
MD5: 48966004126596ca719bfe081960fbdc
SHA256: afcf6e9a4c70c496e3dda60b6b4e0c65244c8c511ec8c5a1ea62c3e494a46a4a
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.ddshla
binary
MD5: 56eab343def84a85bd4ec8c40f0b9e1e
SHA256: 4ea9edcdca3796b82f6797536d3063de0e88daa76464169c94635097c98adc01
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml.ddshla
binary
MD5: 4786a21e19a73031793c67858d197b35
SHA256: 63f71b1353a3cf9a6f2b447872f0100dd3215d93ed25676c96ceed769d225af9
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.ddshla
binary
MD5: 8c3c7baf3bcdda007524208390c174d1
SHA256: c8c04dfff9676c842ddc5ad2d7e2ef8430ca957bf736a8a8b5faa6f3f1cbeabc
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.ddshla
binary
MD5: 859859cd33128e5cc0a94aa75b26f48b
SHA256: 4b3dd7bcb36d244a7758bc21180f2e9643a1071874c1aa0011606750b286822f
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log.ddshla
binary
MD5: e53ca12f044514e1ca49d0b17eadd826
SHA256: 2e6ee9b9efa7c0704b2dc39bb49cb51e5079d923c3395425af17a2ca50adb68a
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log.ddshla
binary
MD5: 93ee5f863d2de0d4ca77643c2360b3f9
SHA256: 152f9f3ad6779fca6ff432cdfb24829dbb697d5202bf116881d6a49af6045b1e
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.ddshla
binary
MD5: 494fe22fc3371360cb731703d14d3a3a
SHA256: 5b8649496e8b1aa1977ddbc36d80d0028d9df48f77fea4a93935942eb16cbd9d
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk.ddshla
binary
MD5: f27791fc3a14bf3a43741a138f25c57c
SHA256: d834ce900d600b85d02a1a0e958b572e5edf1106b0bb67ef58b0593d9e1d8359
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.ddshla
binary
MD5: d7fc1ad45d0abe97eb6da6f3d050298f
SHA256: 1b14847d198f764a9583632e5af487dae3054371bc541ac2a494e12177110587
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.ddshla
binary
MD5: 37b46cb9376ea68c202e740512579d38
SHA256: 78261731fe03161eefc53040868f17f9de843496dcee087e31cc11f09f1e1c60
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount.ddshla
binary
MD5: a800385420caadd85d703fda6a2aecb8
SHA256: 7f6dedc5effa863b202d3a0e943d135a3cc89bebaefc4d550d4d75e20b222c01
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount.ddshla
binary
MD5: e28452fbc4c86e90ba108ae2297d5f3d
SHA256: 2a83d0e36bcabd00def9947f685cb72337c42a9b4d6278710e11ff32bdd3b9bf
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount.ddshla
binary
MD5: dd4d25c6edb2c6d5129cffd303538944
SHA256: 4855fd823b5fd5032f51086c919d912657764d0e0990435b1826e5bce132c6f6
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl.ddshla
binary
MD5: daa2f8300e9747ddace7297ab60fd831
SHA256: 0ad56ced899e38068da3c7eeb619a7966424567b085d5c29cc53691f95295bfe
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl.ddshla
binary
MD5: 9ac7e416eb6d04fb0f0f818710b9b49e
SHA256: 7368c9aaf6ed3d7debc3d78d8c52bf37cd8c7b56aea1ae9671164b7a190643a8
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl.ddshla
binary
MD5: e44933831f33e3270d1cc9790818176e
SHA256: f37a34a44a45df942a7c9f83da876c5b0486da2864d5969e8ce37d9320ffded7
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl.ddshla
binary
MD5: 086ab440eeec3de49777d682a78e113d
SHA256: 38f40abf42b441257b410afd5571c6d843740d1ed214ff778ef30e812345e6da
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl.ddshla
binary
MD5: d363bd23bea6287003c0f713e88f3c7f
SHA256: 73165048c1f022f14ebd25b1af2c8bd024b6cd885e68eaf3b09db7eb439d1df8
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl.ddshla
binary
MD5: e9439023a7fcada4904346e70068f83d
SHA256: 0c015d10d1f46ad16f4e757bebc5dddbcffe0d57857d13b97dfa80e09b5cf949
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl.ddshla
binary
MD5: 1fdb4761a90b8dafa4cdd92dd8d49c4c
SHA256: b3090fd308f2f64d237b5e7fed376f533d33f88caecc9db9e2e4fb98498af16f
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl.ddshla
binary
MD5: f89d89a43db904c3a2634dee5855f550
SHA256: e4a7bdee4407e141e2f4b3ab18050468b46cda9d0972b12429b01fac63fd5076
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl.ddshla
binary
MD5: c6ecc78d1e86d73756f2a33c102fd029
SHA256: 5fae5413b82a6feecb358013df1f226caff5aad34ab86d91aebc13cb5726a7df
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl.ddshla
binary
MD5: b64227001a62a8a4917c4c8fc374d7cc
SHA256: 4dfd21cda43da8f138559ebc1564d3248dfd2637e2b156f371f9eb5488444f40
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl.ddshla
binary
MD5: 183c53a51f90600fa44fdc63decd54c7
SHA256: 31eaa833936d4553e506055a04eeedf2e2cdabc68ea8ae067fdc6852a76dcb7f
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl.ddshla
binary
MD5: 0a2c30601696a79617b5949545f5dfbe
SHA256: a18c7b0728f5d0b9c66c9c1789b2cf5d4b08148bef3414b8c7da5ce6164739a1
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.ddshla
binary
MD5: bbe6fd197749e77fbe0bc5909e752fed
SHA256: a2f2fbcaefaeed87d51bb7e3829953790612599c283ecf55483c571c2bdf51b7
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.ddshla
binary
MD5: 717a212f3a7d4dcdb584ef136b784bde
SHA256: c23a8c2820b2525a26394d241e911286defc7b15bddff22aad42a76b517a9db1
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.ddshla
binary
MD5: 3215b8f1378f0068c85318020c5eb33e
SHA256: 6f46755ddcfa19ebb001ace0970afb5b120288fc4ca2cc8904ebf7c8d0aff6cc
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VM3JD5NM\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat.ddshla
binary
MD5: 0c3d266d397636c2e3b798fe02598eef
SHA256: dc26c1357f6d6c250d6d134088d6d913f0aad0d36d9f57a28eff27937cf461bc
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\G4PHTCUR\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\HPSK10OB\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\9RI45C46\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.ddshla
binary
MD5: 87d3089b760db38fced40a4906a8313c
SHA256: 60999caca87dd278468da9ca7089bfe2090502bd00803213f63c086f116f27eb
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.ddshla
binary
MD5: 64560f1694cf99386ad0aa9db45f8520
SHA256: c134cc4a8bd913bb05a256535495acd4fa1a3ba234881ead81457260ca9d8d07
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.ddshla
binary
MD5: 291ad8791b80b811d92219b785f734d2
SHA256: de49511be29cc926683ee3667369fa35bd3c6bec440718000659da243ff5248b
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.ddshla
binary
MD5: f4515120fe8135fb62872b2173726d37
SHA256: be6bf38f63afc914df97895612eb1f07c09e5f08b13d06c414d4f74c5fb71185
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.ddshla
binary
MD5: 830e2afb7e25a0a0b5d0f9737627b4fc
SHA256: a27e7b0da696530b28eb4d313f90a145ce8fe6d33087566af067a05f8c2aa832
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.ddshla
binary
MD5: 1549cec9043a483795c745a8c16be275
SHA256: 52b65dfc0039e49436ee37f097d89e3e0299db9324c847686378b3581335a5f1
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms.ddshla
binary
MD5: ef833e43bd04bf8ac7bd94a3e9d314d4
SHA256: ce5f39469236caf9e35492308e5ee44422a1ce390e6fb4918d868b54b69c820a
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Credentials\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.ddshla
binary
MD5: 357f21c9d0427bd9e5db7356780364be
SHA256: 078f312b4cb9ec03bc75528afb61e5c709affca995ca33e6f3999b220fb3eada
3072
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Searches\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.ddshla
binary
MD5: 898106ea5df3be3ad8a3c818d972fa51
SHA256: 67ee7a3e3c782402833feeb8ea9b348376d8d7ce59b6056d3f5f67d10d7a99c3
3072
GandCrab5.2.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\yourselfchildren.jpg.ddshla
fli
MD5: 21f7a32ae20872fcdad5d4f0f4e47d78
SHA256: 739c58e3d326219c3a1afc7c8ec955ce9f4b191c6a793802060673f2461af781
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Saved Games\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\yourselfchildren.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\wirelessinstallation.jpg.ddshla
binary
MD5: ff17fa5293a161ce0dbc1175df39a0bb
SHA256: a536517fcc3ae4db5699af9fa9dd419b1f678782c03d63742e0d8bbd36a0d7a9
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\wishto.png.ddshla
binary
MD5: 6fd020af5bca9fc94750142078ab8a2f
SHA256: af1001f09ace689112750bb71f3b4fc64f621910d5e253e010b9c59326e0f013
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\wirelessinstallation.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\wishto.png
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\watcheslooking.jpg.ddshla
binary
MD5: a1541e1d1bc5ab91405e951594bb9c60
SHA256: 77e95a42ddb16910800d1777a6a7b5a86ed12a257c88539c0b18ed180a0c94aa
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\watcheslooking.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\ntuser.ini.ddshla
binary
MD5: 99aa5c0d431adc4adabce7ffba40c426
SHA256: 0ca3eb44b3186ae570843e2237ee228b3000991dbf78ac924e56361a2ce7fc94
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\freeexchange.jpg.ddshla
binary
MD5: 4a97a7a8d3393d4d5941efa3ab16b98c
SHA256: e063d1bcd7e9ecb8ba9b5ad007c86f69fbc334b20bdfeeeb22dcd71c67c8e2e4
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\shopteam.png.ddshla
binary
MD5: 6d4f5e2d0678d98a11e60fbe732bf26d
SHA256: 05245c6247735cd5b9402ba2528169e18e80a4c56b08d13b48b1ba4c1db03c5c
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\freeexchange.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\shopteam.png
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.ddshla
binary
MD5: 66d56e1d26050c4bb49d78c1fb6b7485
SHA256: aa158eb47a5454bb6d2b75f48e0f72dc0933843a2ad6a69e96f443dce40de4fc
3072
GandCrab5.2.exe
C:\Users\admin\Links\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.ddshla
binary
MD5: 3c9ecc0eb6849b4b3d678e0b1c0d3fdd
SHA256: 8a6e5c97d143beb443de708154ec3e6301b6b377f4ed31df86e6ad60eef30ca8
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.ddshla
binary
MD5: 2d3c167b5b2c6d6cfde217e366a0b8e8
SHA256: 9b6c86f86e0ddfabbe844cc365773e1e75b31dd77f50699a63849d59a98fed6a
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.ddshla
binary
MD5: 7c00cbe3e6ae12d76e83e74f6b6b2d24
SHA256: 9b5c4ac2250f1fad15e668c8dc87b8d7ba48e92b54d0cfda99eba66cd9ff0302
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.ddshla
binary
MD5: 67eff8fae3ff54ffb41557d3b5067c43
SHA256: 3f8b85537443e4b4e4e3246be7dff344c8b1ec60d9b4decc54ac0db46a121c97
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.ddshla
binary
MD5: 21f13635d77876266f43c62dff496d4c
SHA256: 0ecb4fb52d93e0ccbe8b576980fb0abb84f407ccde7445de962bbc017af7af43
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.ddshla
binary
MD5: 0695f5018b900ff051b42c810435fd37
SHA256: 9a6fe5cdf683ec7267d3d3cbbe4a6763fe81d7f69a7e27b5fbb09e102fea7797
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.ddshla
binary
MD5: b494964a34863873bf8a8c991e218dac
SHA256: 97035698d83338e8d77f90e506ac646a0f4e48fb1ae3285de52c94f3e17b58c9
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.ddshla
binary
MD5: ca43bb4b72bd4ce47af89e10c6239d37
SHA256: ed0f5a0c9fd45873e6bdd4b2135ec4fb87707c420bf28ad3dd8a4021216605d3
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.ddshla
binary
MD5: 84eb49e87d052d1a1bf2bf05d820ebca
SHA256: 6f8f7ed9ba860d8c166fb7af5c70742c86108dd847148dc7e3922312f0625d46
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.ddshla
binary
MD5: 3ac248541bdbf21b18c7523b958afa99
SHA256: 3721c58b1cadc7739894e25afbf9412b81ae5628f314a65dfd4d3e44d609b6af
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.ddshla
binary
MD5: 4d33f587f9acbb4752ae279b28d35471
SHA256: 40814ca7ea4d5f8e32b63134d94ebcbe79162ff1913526db4f6a82433bf66022
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.ddshla
binary
MD5: a13197ce5f0f4426d08846e83fe87ba3
SHA256: 8cf71aed141ff1b4f89e78318e0518be08377b1e8724700521e2ad3ca6fd5ffe
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.ddshla
flc
MD5: 43821689dc932dd1e9d36b38d9a91ba3
SHA256: 14d622139e5a19921f4486d911976b744bd5be655fcf50838553457940e6e1b3
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.ddshla
binary
MD5: 19f7d291fb450f517756887761e64dcd
SHA256: 7099b020c2cf0cb248d431dd9b8331494e0aa3aef7cf2f966ec6239b1e060d82
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.ddshla
binary
MD5: 65170b93f30fed8fa59598a71447ab10
SHA256: 0b3947c4fb7400f1d29adfac40ef29213a5b5fd6bdd1c814e32253772e980617
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.ddshla
binary
MD5: f07bc55729752e5ae11d8edd179d80b9
SHA256: d48a9d7250a5a0c0b837480c74d23ba1c92eea558631243aa67383aa7b742b4a
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.ddshla
binary
MD5: 011888785d84c236003158013c232381
SHA256: 04ccc0e958b69e0641145ac5d9a1f94d9ceb30d802513c8101b15b029504a60a
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.ddshla
binary
MD5: 332c66210e62a8701c6f8bdc6074cffc
SHA256: 3a42066000f2d26c4c5ecd93b9fa82b93e6411bc9da276b6fdf6eb504addb6f7
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\ministerbehind.jpg.ddshla
binary
MD5: 389398f78871365055cc05fd5ce66bd9
SHA256: 18d32527d932f51db5e262d4f15f7c746be06d536f05562257f15ffefa952ea7
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\handslonger.png.ddshla
binary
MD5: c607955a6c76036c46f857f6eb3b56aa
SHA256: 39e920f9b6ddb1875ccc0fe508cf6069fe26ad8198914c22d92d4fd645bd77bd
3072
GandCrab5.2.exe
C:\Users\admin\Favorites\Links\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\tourhi.jpg.ddshla
binary
MD5: 72606f006736a3938384adc270687de6
SHA256: 945858f38992864211423708f84518f0c197a64f43af2037373c496c11122b07
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\randomebay.jpg.ddshla
binary
MD5: f083cd4f3bb65f2b422bb28ccb722be2
SHA256: c13c1b87f1787491642a23d418459f0c38fdf6b59352ca593dbdbc05b1bfa936
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\tourhi.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\randomebay.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\ministerbehind.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\devicesmaterial.png.ddshla
binary
MD5: fe87d081cd3bca54378927ea70d0271e
SHA256: a955f115c50653718f1c3402482f32f956ae85c414365ed1065d218c465bb81f
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\executivecustomers.png.ddshla
binary
MD5: 6e5bdfaa16b1a45974c6bfbd0fac8cb4
SHA256: 3b849b73dddad104c4cb75f08523d8447eeb5243f85fb0ffe5227451b07ec1d5
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\filepass.jpg.ddshla
binary
MD5: 0775560e369a9e5685e1f9f8bf91d30d
SHA256: 5e600cb9331c9b6479e2c3d53dcbd9a3f41e209a0eea3341bdd4d90b7b58517a
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\filepass.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\devicesmaterial.png
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\handslonger.png
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\executivecustomers.png
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.ddshla
binary
MD5: 1a733500a8bcbaa658bb35854f84a121
SHA256: 3abca064e790a6187eb485cd61b5a980ee0faf7fdaaf469f5cbccb5eb7cdca3a
3072
GandCrab5.2.exe
C:\Users\admin\Documents\tuejersey.rtf.ddshla
binary
MD5: 50732c70890a231d54e366eb4cb2de2d
SHA256: 0f4c0b8668f927064c9b2308f32bfb9d99d26fc386517f71a7f2db938b0c9ce0
3072
GandCrab5.2.exe
C:\Users\admin\Downloads\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.ddshla
binary
MD5: 1a5e24a1709785826340f4906c480972
SHA256: 84ffb5422718b9b5cf60cca3c2d6b7dcbf7bd7bb483fd9b654f5ad2f042ab2c0
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\tuejersey.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.ddshla
binary
MD5: 6b48e9da4cdffce3a2662694a1b7fef8
SHA256: a925f590c6963f5ffaf1d4223a81925b5b9441b1d865f4ba812d844a47d99b8b
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.ddshla
binary
MD5: 99c897581109d4b94f13de235c7972cd
SHA256: 8d174e84e4d0ac65158f9d1494a1c8e103bf640221f02b4a76394b624b851f26
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: 917cc553fad6df335320e5133562ea24
SHA256: 130f6016e67de5765c9992c1a80514f78b7ad11b157e73bbd3dcfeb7286af980
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.ddshla
binary
MD5: 66064f8d4a6a59af29ad9b162ea2aa4d
SHA256: 13404354728c52a1649215037b6638b07c069dafb99f9a7c3cb344266e8bfe6c
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.ddshla
binary
MD5: 4e82a7c4a56574f712cc56a3ccbdea1c
SHA256: bd2feb088f262661061172b46a8713e729185c065404d2cc9aa57ca5d151a800
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.ddshla
binary
MD5: eaa193fe586ff877f0515c84fb690c0e
SHA256: 94ca2242bb6312f2a85c6532d4480fc69d06ef0678786eddc4831f81523b7172
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Pictures\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Music\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Videos\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Documents\ensuregay.rtf.ddshla
binary
MD5: d380c505e04701e6734a0335d76895dd
SHA256: a7f2a82cd4d73370d37ec737cef4a823265e3ad6627a5f189485dd0beb01e8db
3072
GandCrab5.2.exe
C:\Users\admin\Documents\easyregistered.rtf.ddshla
binary
MD5: e88cbbffa75c68d3557527de03cffe83
SHA256: 92e01d37a0bd4c780083e976757e1a4213d99b5914bb425204bded7871f3b888
3072
GandCrab5.2.exe
C:\Users\admin\Documents\ensuregay.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\tomassessment.rtf.ddshla
binary
MD5: d2534b7cdd1eb4ae529cfd4f1cc2707e
SHA256: 193e47b90af7593af2027542fcabfd645b94eb3c517f558e6674a4ec256fd0dd
3072
GandCrab5.2.exe
C:\Users\admin\Documents\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Documents\easyregistered.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\tomassessment.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\rapebudget.png.ddshla
binary
MD5: 8b84697a46747400cc5e02e0411c8b27
SHA256: 2a0b0504361b1b2cbad4ae4259312af1a04f7e7f7a0a7049f051de34643d2c49
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\shippractice.png.ddshla
binary
MD5: 604b7fe0b0b07611c815e4129ecfe3e0
SHA256: 37aad50287aede2b2556608ee957af54950d5f2e856063132b9f41ad4888c4ba
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\rapebudget.png
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\shippractice.png
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\outsidebottom.jpg.ddshla
binary
MD5: b17332812a992d8fdfcce680a98ede5f
SHA256: 1b6ce99197f06ab7c469f681f40d5dfcf82790fb2aad1d13cad48d973dcbe5cb
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\providertransportation.rtf.ddshla
binary
MD5: 2c49bc31a3277641a79cd3db768bb97c
SHA256: 58cac2578a7c332506051ff1f9845b146b312ef992147a2add126d0de15e784b
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\providertransportation.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\outsidebottom.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\degreemethod.rtf.ddshla
binary
MD5: 2a0762e265063219db0b386b8926bb5b
SHA256: 9ce63c6169f0f1f3c6be7786e8d0b3b391f1eccaace56e2b1cca91aa5021758d
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\grantbecause.rtf.ddshla
binary
MD5: bfa3dd935e3f987d13a0834a653cbba5
SHA256: daa0cbb1daf1a78159224678c8a41f9d537672ff6eee1bcbe367db23253eceae
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\degreemethod.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\grantbecause.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\believenation.rtf.ddshla
binary
MD5: f48b49e1fbdbfb3001e53078b61690bb
SHA256: 1a9ba755a5178ab2deaf08f3e5c6aa56f3511217917fc5518ad65af3115a40b6
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\areasland.jpg.ddshla
binary
MD5: b98e0c1aae7f00c1f8538c82927b22d0
SHA256: 728f865c53e93e5d5778b3fc30c98d550ec4d9a1f31941934913a90ec55f0f8e
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\believenation.rtf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\Desktop\areasland.jpg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Contacts\admin.contact.ddshla
binary
MD5: 88f1ef10efd9e1384d6e9eea8088773d
SHA256: 4214d1a7d1d916187f63201f2650b0b3b5a9b2a75956a3083131761656ac06d8
3072
GandCrab5.2.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\Contacts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.ddshla
binary
MD5: 99f470bc765ee881aeb016bcbcc3be49
SHA256: a113bf6d3c88543dfe00adde31cc4dbd02649a646cc00de41b81431a16729114
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.ddshla
binary
MD5: 8b116db3840a19352b9eeaa5850566a4
SHA256: 5a1930d322e24200d40a8a4c49d44741c1715eca833786db81efcd6afdd35f28
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.ddshla
binary
MD5: 5641f5574fbf9ede0ab228718af535d9
SHA256: df9eb4ddab02f636b063e5bcd4d31bfe99222e5bf615300458f37d2ece142bb3
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Sun\Java\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Sun\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.ddshla
binary
MD5: 6e921b3f7308ffc1a71c53b674140f3b
SHA256: ba23b07f2378bf7a23f5222bd259b0eac8cf4c99d4a2838dc38717accf69d834
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.ddshla
binary
MD5: 9683798d6d55bdb1511931c47651bde1
SHA256: b8aee952403a532a7f78e5a5478b43cc745b1fd078924283001c53c2d290fecc
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.ddshla
binary
MD5: b3fd1c6536370e470366159795c947db
SHA256: 7723fa453331a59d51a93752a8e18147073d3ba7d398b73f03185b627e1b6188
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.ddshla
binary
MD5: c602d3959826a8b5407bc8b9767303e9
SHA256: 802e6befcf2fbac04762f2d5aff4dbb9773cd4e000fd6ea682be9b3772e47a00
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.ddshla
binary
MD5: 80993e15f646a442c1d5a133c1e147bd
SHA256: a37c338a54f76af3d0aa8fc7b8004d359017755cacc2d8ef450cbb22ac5e5913
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.ddshla
binary
MD5: 9def288251eee23bb65bb316bab2dff1
SHA256: a3422d86dd25c7e041abf4ef1ece66ac9f08d03195fd9de6dafdfc1fe0f546fd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\logs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Skype\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.ddshla
flc
MD5: c305a49c5053e50899e960547e51b6b2
SHA256: a202a8abeb423337e87d4adaea5bd4176b05aef0f462cbb26de9767dd34b623f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.ddshla
binary
MD5: d2ef2dae74645ceb1d6cccd9ebb43258
SHA256: 28064819c060e4599cd33ea26b977b846b641c5702876acadbca9bd6a1fe5c2c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.ddshla
binary
MD5: a62325fd0e06741425b74ef89b75f063
SHA256: 2ffa8306d7edaeea2cb04cb1c13f167c09bfa58384fbdf1a116a31815b04f517
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.ddshla
binary
MD5: cfbe604e46e5a9911aba3010aef008e1
SHA256: cbdec563a9f3dd130eeaa2bc29c22c728415561338cf6eb854332698f945147a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.ddshla
binary
MD5: 46e27cdbf851024ebce4124341d9692f
SHA256: 4ed5a6092b505ac3ed4f82d103e3cdd106354738d6e92d5e012cc15f2e790a3c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.ddshla
binary
MD5: 862d27db6e0eac2ecc9b154610a80644
SHA256: a0f633dd729c1462d9273c1a08f5818ddb1d14bd6d5d52fe2c3d9433ad522a85
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.ddshla
binary
MD5: f4f65e38c056e6bb651bd43fcb617f14
SHA256: f42c5b754ef87cf4817cc6e237056046261373623beafcdc840f405a032d2e42
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.ddshla
binary
MD5: c96acf1abc4e042ec56359092de57052
SHA256: 9aa48d6c779ffe898d9b362a276c3b39a052e6a898b2b2f26a3ae359ee158ca7
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.ddshla
binary
MD5: 3edeba9ce88b888316ef9d0fb04d7ae3
SHA256: 8fe0fb6f474b2a8d49c1c066063d84c98e864afbc4e16c567eb5ae6dd5f80945
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.ddshla
binary
MD5: fef32e77df68997a597c492be99380a5
SHA256: 6781c7835d03ed59a24e04e6d7865d943b0a21e7794152aebc20edf7cfa72d56
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.ddshla
binary
MD5: 89dd7f94bce35da7a7b3f0d01ae2cec5
SHA256: 075181d6be448bb9dc20c1b0852eb227735d0752420e1aabc8d521b6849fe27c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.ddshla
binary
MD5: 1d66491b0a8c4ea38b714552c4761cf1
SHA256: 168b994f4e32711c6c7698547347b39ddb0e51d037529174ead6c55f92986c38
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.ddshla
binary
MD5: 817990a3d8a5be2ff7abe23dcf7bac33
SHA256: 485a02d3ebff2c833c7f1242679173dab563a1988f3fdd85ad1b9f40e4715223
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.ddshla
binary
MD5: af1bca4600799f9021f9a262b0f81521
SHA256: 30f2d564bd451fdea1692d38559efd56c5922d102f58fc79b3e1e9f594a717da
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.ddshla
binary
MD5: 9e9cb6bda9a59b56d0fca99c2ec551d5
SHA256: ee6caedf9071341deba70984b3715914e465ea4d6b4d30c4c63ec0122ff93f3f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.ddshla
binary
MD5: 0f143dd6551d7eaea93a6ada791b26ce
SHA256: a91fdafcc444d6bbc2f0c5b380b57fa47806cd3c931c1de70eaa0a8ccf5f279a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.ddshla
binary
MD5: be6fa48f20a98ad2ab2cc5d50ee827ba
SHA256: c9e2375b05039ea6bfbb230a2a30ce1ea8ebd0d81b69d97df9d4b30786db5b81
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.ddshla
binary
MD5: bce57c60dc44f1fe67ee648b49f0a6fb
SHA256: ce290e8e171eac4ca3fdd51943cc496a4061620546ae52fd0ba99c67b5621fe8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.ddshla
binary
MD5: 570a2e44d545766891d7cab77e7bc3c1
SHA256: 2c3a7155620be080bcb0308b484d37c0c9cc4851e18d545935ab839832f8b945
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.ddshla
binary
MD5: 11f47b8f48e30f8be4593f48e54239cd
SHA256: 0e3539c01bfd20041160fc73dc74aa77243ed2064c43e27624e7b540c0d9bba1
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.ddshla
fli
MD5: 3e75b6a2a54d767c9f00d13f27032b03
SHA256: dd4931d0fd4ef8a5f9609a47b4989ecc4cece067aa3ef6ed724e8143e22a26b8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.ddshla
binary
MD5: 49f01eadea4eda81bb22d82207d4f656
SHA256: 0e21730d4d0b06b63c20d46530cabe6b10dde06004537909bbea94c6dd7b78ac
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.ddshla
binary
MD5: 5559ccf2a6d0df10f56f9810f8068bac
SHA256: da15fe75ff18bbccf1c1b0536a73beec585c0cad606cfa782db1cf57964b531e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.ddshla
binary
MD5: d0f668567c6793314417499dd024c57f
SHA256: d60b3775da55ece017b73aede1c39c7f1fc179627d75952297360f9ad727c25f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.ddshla
binary
MD5: 70c1e59ec24fa4d4da29b90f9c740d17
SHA256: 2bc9e682e535957bbe8fdecb28aa49002dfde2409c56a247b667e6d6860c238f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.ddshla
binary
MD5: 094640e390239894b26cea2736f34845
SHA256: b3d08b5200d0f715c8402134d4d59344702d14bb7bb276c928239e3969722fcb
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.ddshla
binary
MD5: 7a933ed9b6d019d5c7d15cde3b199324
SHA256: 44d9031e94065d1034aafa3dd86d6f3f2720f2097724bf5b25e354c8b2e873ab
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.ddshla
binary
MD5: f3dd195f51d1ce8b663a89a8042722cf
SHA256: 8b3b18458661fc4a7ce1f43ae898df66a084bfcb6408ad5c755de34dc6079f58
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.ddshla
binary
MD5: ff89f7e9f65fdfb3ad21dec5b27f5140
SHA256: 402389cf4c278e3208cfca806362b29497e5e29b049315a8884b636e10b9a176
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.ddshla
binary
MD5: d4ee22f1f91897b9045fb1b78f88b351
SHA256: f8d822dd32160120e6eaecba067cd2879920b63e01cca7c0e4d3670dbda003d8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.ddshla
binary
MD5: baf2b78c81ab8ee9d8cd5a2876ad27bc
SHA256: df309be7be140c6065a68cd2c8c3cc37ced2cddbdc9ccad5e7b3313904f1005a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.ddshla
binary
MD5: 25fb91a697800c432e8ae2c500a2905b
SHA256: 79d285316394ab0bcb5d8f68558713ba67e065a72a2d845c588a0a49235ffee9
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.ddshla
binary
MD5: 97304a533e402c6982d022c8a0b04889
SHA256: 9696412236fe89eaa4c660dac8ab165378d33410845945223f0e5a145824f7fd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.ddshla
binary
MD5: e0a9e744931aec5218ed453e94a6c6ff
SHA256: 97bd055e1b2e1fedd06188e5e04319fac1ad230c84eb43f8e8934b6aa4d01079
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Opera\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.ddshla
binary
MD5: 8f2c27d9f012854e9c18c0581cbe39b1
SHA256: f7b080ac46b7a4e6bc8c4b6d1fbbc2759477c883b300ceb3c61155c378075af5
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.ddshla
binary
MD5: 36e97c9dd27407c06e48255294516e36
SHA256: 430350a2d1e06d8ad2d76a114ccfca289b56bd20d3ba97b6b5aaaded6df4b046
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.ddshla
binary
MD5: 5e9c9cf5dfce07ff5aa89e4c471c29e1
SHA256: 9fbdb67c586d7ab95aafcd376ecc4fdb327da8e11ab47ce7b0665935e8b2b128
3072
GandCrab5.2.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.ddshla
binary
MD5: 9052e0ea02af006dd8db6fd3d98b45bf
SHA256: e9c1716e8279226342b4230ab9da1d58c7718c8b59f3a7cc4d056d35b293820f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.ddshla
binary
MD5: cdfe980b7efbe58fc198df1299ee027f
SHA256: d16e241fc4fea33808d4f20eb6348ad11959aa73839e185834ba64b4132539d3
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.ddshla
binary
MD5: 1091778e2f1a9a2646847984a914c925
SHA256: 4842ec0c585b4dd493e276de458b7c1f9c0a16c031addad14fedcdb197df2b70
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.ddshla
binary
MD5: 00822e7da7dc49b5dd59bac1af30e6f9
SHA256: ffc32bc9e38d06bd8e112957670d99a2a7b1c2ee43454baad5b9ad40fb666c3f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.ddshla
binary
MD5: b958c537fd4f079204e47042656bca7a
SHA256: cde04e7b53c29668cf42e678e48ad0324410602909fc23355b3ddc15ffdda47a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.ddshla
binary
MD5: 50c1f3116586bdc7d36c924425072118
SHA256: 40ec2b43bd30b5db7388af0064fed2e6dcca962ee167e3d8ca9021b0324e6f42
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.ddshla
binary
MD5: 83163d08b3c5b14ee1a8dcb7d91429db
SHA256: 09ab9dbb9edd0ff1c6f8942260cd03849c2268d49dc6b0da25f214713d4f4119
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.ddshla
binary
MD5: dd752b9ae580fb60e0796426360d0013
SHA256: abbc8dc1e6c3942dc188227fef3717638088d7cd2527a64b9177873caf04bd68
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.ddshla
binary
MD5: 2bb1d1c8aa0ba9559a8a76478a8b4f3d
SHA256: 8bdaf5c23f90c5156f1931b7b79652ed0e7acaa7c019f831e2326499a61061dd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.ddshla
binary
MD5: 5649640c86360294447c2fd9438056e1
SHA256: 08dfc08e6c3fe27e86fbd2e90b25fa5bb8890602e1ac73f614ff3670dc279f8f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.ddshla
binary
MD5: 82f17b40f35ba2f31e0c213669839f78
SHA256: 9559a03583095de07c74dd199789f9e43890f20fc462ceff41ef6ad1a958359f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.ddshla
binary
MD5: 3c9ae0c21b308601d571985461b7f910
SHA256: 8c0ed95bc2007c6cdd049312e00b1bcb6e33b6a2adf876d694a429061f35dc10
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.ddshla
binary
MD5: 357476c31870b0e40c72092494fc1b7f
SHA256: 9a871e5b2fe58929a14f46740225a75a9c833ee05887315b256f02afd2042658
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.ddshla
binary
MD5: a470befe7d78fa2a897dfdbb0cf428e2
SHA256: 79dc0ec19b156ae4cf9f4bece9f707be9757d2c6fde2e91e48571a6ddd76c4d2
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.ddshla
binary
MD5: 2be32f502c69d21dfafb21f0caf8e22f
SHA256: bdf1c47563190f59517d334567fcd4fbbdf6b109ee212efb0d66a5bd40f51d09
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.ddshla
binary
MD5: f23784ba5d6f2ab6287fe63480b9c0b2
SHA256: 1ad7974bb8b712dda54cac79ca102f308e4f65430334be8e65ed51e93409727b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.ddshla
binary
MD5: 0eaa556e99c22fb88644df1ee913814d
SHA256: a2c584b12dae02f5b5fc613840ccd89b49f8f0402a29f490953ef123d89d5550
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.ddshla
binary
MD5: 1e38fa77f914ef27237505a504cb3d86
SHA256: 3ab46b19992867e6f5cb74d48b2ecd9415142b4108fb3df7d4efa79efb99724b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.ddshla
binary
MD5: 61f86d302fa00a925b2d05400faca5b1
SHA256: d84bf813f07e3aa623ac769a309159cda6d2567fba80ec3aa97ce7a5b0cb8b42
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Notepad++\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.ddshla
binary
MD5: 9afc4178d0b8817593b17a38923380f2
SHA256: 9871a5e6fbfd9f327001cfce0fd66aa614c43b3bcb0460f681a6d2acd6aa6e4c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.ddshla
binary
MD5: bb85fcb1a5bdba176d3dc15700b5c136
SHA256: eb030084c7863ea6cc97734266c77cca727be0568340e82c8a6eff1d1a3c8730
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.ddshla
binary
MD5: 172fb32941194b7d808c2822f277c556
SHA256: cfd541a01ca22790d1fd787d1f405a3afea5e0eb8ff153a3f9ab40a82fe886f4
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.ddshla
binary
MD5: eb6a2ceaff05a7939fb44e78a0e6f1bd
SHA256: 5e906e53dc7da3abe38d33c64baae3ef6a47fe0bbebcccb870b410baaeb52c77
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.ddshla
binary
MD5: dd818c18e7532fe83219bf63eddcf986
SHA256: d8676308dcb16e52c01b64d346190699b3db05d55f697e5aba47ea05c805e9e7
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.ddshla
binary
MD5: d2fdf2cb76c1476c0655bdf881c2face
SHA256: b4d97fa56f056a14a347715eac7dbf66c7de4f6c09b20b5f3461c29b42f674a3
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.ddshla
gpg
MD5: b7862d3af379966de8cb983ffe1d1da5
SHA256: ff1fe19720e10abf2790db75323f3aa417240de335f08324056a516d9a1012f5
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.ddshla
binary
MD5: 27e605fe2e78b7d325bf88ee7449d237
SHA256: 41f00f9c97a1ba59df4e470471e4bbf7670f1e6b22cebb5e76d22c95f2c2621e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.ddshla
binary
MD5: 7e8bcf4777c524fc5260367cf858529c
SHA256: 64221207c13b0aeb2895037dd1d1a09f9dd14c4e3a6f151533062b902526e83c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.ddshla
flc
MD5: 22cd87e787e5d00a3d5df9fc4c738767
SHA256: d55c40d236e185aca69bf743282d166aba6ddecf6b5d964687b740fa6f968d12
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.ddshla
binary
MD5: 9222cb1e75a4f453e60068ef3dfc8040
SHA256: a5ca1ae043aa13914fe92c23c4bdd2d9ef52b7edeefea08da2a99ca6c935357a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.ddshla
binary
MD5: 73fe5b09b49ae8ed997988cfc2ebe7b0
SHA256: 3eb8267c24b4576d91f216219bf42d081f40ff425f9d09d04818bc4795e26fee
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.ddshla
binary
MD5: 87030ec601b7b9539264215f956a1cb4
SHA256: bf9b35ff3247105dfef74bff4dbd142b3a06411644f4b9b394f38eab6471e372
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2.ddshla
binary
MD5: 433177d3e46626e6f215504a7fc6765f
SHA256: 7bc466246825cfcb01b741bdbde9dd51c037134fc9600e269bb4d84036189be9
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\journals\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.ddshla
binary
MD5: 91189cb26abc110689b9cde1f13b9ea0
SHA256: c0aa24c6cffd19316a0e477565e9ea86a41be3a989fc387ecf27e3812038d553
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.ddshla
binary
MD5: 461d9eca7c0e17a2337be2b55e33a802
SHA256: 774d17dc2160cb004062fab8162c16cdf3417057b90a4a6affd6b5b3e77a8857
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.ddshla
binary
MD5: 36043f5adcbf0174a79f1ec89298a3ac
SHA256: e0ba2e9673a4ed79942deaee33c93215c62cfd414cb51f0df5c93fe722703286
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.ddshla
binary
MD5: 76ea4215105d44670148398b368ca020
SHA256: 9c511c8faf21a3bcbea815c80f7e5d007f0756d6fe9e0b8d92c60d45594e57f7
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.ddshla
binary
MD5: 26093733bc769d5d6386b14902e39098
SHA256: 19b710ea50dcda2780ce7e64aa22161b320339b1041a21e8480e63ebcb7d22e1
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.ddshla
binary
MD5: def37d6cc8346c6194ccbe4a9b10c877
SHA256: 0608f595161abc38c73333de0934ac9b910ee744f12e15d0fbfc9bf2c122582f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.ddshla
binary
MD5: c87cedd4d0b6de6a5b662ee2269b7631
SHA256: 5e6133a23727db61b1082d26eb6503712bf5d457ad58fb0eaedfe98b7325d09d
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.ddshla
binary
MD5: a48875894e22ac6346ce4e6b79b24d77
SHA256: 89de06af20c65217f63a28f3d1478f274f11c9f1e2eece543b58a974300f3b14
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2.ddshla
binary
MD5: 8bdf0bd3c4829dc76f480a4668221e59
SHA256: df6d5e67406e266f5383f6770f421efc927331923a12cedbffc68dc73882eeb6
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.ddshla
ini
MD5: bf4da9a059e143adfefe64af0ca9f003
SHA256: 9d5b275a3d29206fafc5410ebc39d070613c40372a4d5672d3fc553bfe38e132
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.ddshla
binary
MD5: 35b35b73bfe0a423f96e9a721338827d
SHA256: c4f263b18750139e00684177dd1574b582a9745019656954f1224ac7fef82a13
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.ddshla
binary
MD5: 5fa6b9094bfb44819644f97aafbfdf9e
SHA256: cd3cbb53d50337d020a5403e4e230298627f6a59e55d9b034cbc5977910d771b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.ddshla
binary
MD5: 44166cd58c8cfdb84a9f290a6660b740
SHA256: 24cefeb46183945e7278f8e68e78659b8788de394da1c879e932bb048d19dd77
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.ddshla
binary
MD5: 49ce5afabda370c60d93b445430a1c04
SHA256: 5217fd6d24226e81cb5884d60275662a25cc8a3f43021411c7b3ae31c9113a96
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.ddshla
binary
MD5: 5846a2af9ace9293de16641057c83cd8
SHA256: 09d3859a68fc17631fc0fc8a7ea66668802520658541aa532235e5129c5a8ce8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.ddshla
binary
MD5: cf69dcf0477ce390c18fd80707944db0
SHA256: c74f47e5d5ab8ba62e1d9e08c3b7c5e13e4191ca9d7bd5c508da3a976249164c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53.ddshla
kdb
MD5: 073b282fd63f04e26198537b321a4e97
SHA256: f9e3dc282af904ff574db7f010d8b51b09c86ce78f05df1bec83b71d7080897c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9.ddshla
binary
MD5: 5d58a1eef0750b7d52e3d13f57806664
SHA256: 52697430eb62809d7331071f5fb2eaf4403076f05b67f4cfe8c9c064c6b460cd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f.ddshla
binary
MD5: 49c9396fcbc80d949a812db7d32862a5
SHA256: 1e245cdfab6c84ba9020525b949739006b3d5078824ed9b1fe9803f4ca32f1f2
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.ddshla
binary
MD5: 42681e6d7650379a047e287f394ee50a
SHA256: 77e5ecaa53ee2b229eecae28570600aac20ad6d34e637457d221dbc047528d1d
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.ddshla
binary
MD5: 4d6ad00ffdfb89ef420bd6d7cebdb251
SHA256: 7fbfd7e3f3e6021023caf95d5b9c801a24c267aa2c7841ee8859a5aa77e9ac35
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.ddshla
binary
MD5: e8470dfef4192ecf3456ea7e267c41a1
SHA256: a90612d386c2921878667640092cb7a442db9e0cdd91f401eb63fd1f8908d21a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.ddshla
binary
MD5: 8739816fb48e32027840520c7424281b
SHA256: eebaf83338ef2ddfd686ad814f0c08f63f30541b04e94538ec71d390d1ed5769
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.ddshla
binary
MD5: a5c1943e56435f6632d01b3bb18f14fd
SHA256: e634989d0f4e80c839683d43770e6e16588382065c8ea4bf729a11e28c40fc2a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.ddshla
binary
MD5: b19706717a224f0e90834d567843cb5e
SHA256: cd441ad6350d8f0650fdd0ba0c8de927b6289792a01ba7d947e2a3a46cd76709
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.ddshla
binary
MD5: 83ab5c4a16ce3c1104141ece894bb007
SHA256: ac2243ab1f18bcb99aae6d816d0a049113cde9ece9f6c8088e484dfd6f49bfdf
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.ddshla
binary
MD5: d21c217b1c46b0f0d09eb1a5592825ea
SHA256: 42ba1543087751a1b06c648cd9add37e98c5ce2709d36e263cb78639f3256b6f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.ddshla
binary
MD5: 20512475b00ecf69f1d9a3a7e44de869
SHA256: ed3623139683aca263a288f98b4caff49f1e48bc8b314523e2d171f01c2d4d89
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.ddshla
binary
MD5: d310bbbeb7b51d580b6a076ce8d0e985
SHA256: f60ab21a07aeea3487cb7185db647d9ceac469c2f4f509cf53dddd1c88a45c68
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.ddshla
binary
MD5: 3f6dbe18ff7d6adba134e5b34a40cb77
SHA256: 617c45214fae27ecf31e9884229198f968f4124627e48a40cd4e4fc957a4f1dd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.ddshla
binary
MD5: 14beb37769195dc046fe5f9002a83f1f
SHA256: 8c40d83e1986f4fe68e4fb175f807dc132df451a8647dcef525efa976b168f9f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.ddshla
binary
MD5: c6deab2a75759aea1e2b7bbae9a6bbfa
SHA256: 9d521cec291864b09c582116927e396204789ee29dd294415033af0d81c86550
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.ddshla
binary
MD5: 53894e15ff01c0d5026f13a27c87708b
SHA256: dd64b0d2ed34739f3900a699bc2b11b2cdfe14db0f3f85c72c723663d24f5f56
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.ddshla
binary
MD5: e0417c382f4b016de93684941ad7c966
SHA256: 4500edf308c338497740cc346947fbd42ea353d7ff7d554f089a712f1c2a530b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.ddshla
binary
MD5: cd4e929b2d656b61e35ffea2e0d1d87f
SHA256: 9860e775cebef5fe25152e456e7902117e9c7a21c236053fa9b6899535e4d65e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040859.0194ec90-9aa2-412d-a21d-de074d2bda44.main.jsonlz4.ddshla
binary
MD5: 469b03183d5668cc1e7b73b5455a6df3
SHA256: 3ea730220ef064f485a20adf7bb4c5f25bf3b46cd9f55d114c1669910dacf046
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040843.64e19fd2-09c5-457f-b7da-c6beab032106.health.jsonlz4.ddshla
binary
MD5: 4dc2b4c4b6e1bae6e4d7cfab6d543eef
SHA256: 0311dac611c4079e9fae0bfccc6f46fb4b44dbc60c55000e0857cd09d9bea73c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.ddshla
binary
MD5: f546adfc5a5d77f7a6d03b739dbc1c2d
SHA256: 00d204613c52cbfa28c8b34dae0d98e489536cdf8ab7d36050775bdda1066374
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040859.0194ec90-9aa2-412d-a21d-de074d2bda44.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040843.64e19fd2-09c5-457f-b7da-c6beab032106.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040812.7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53.health.jsonlz4.ddshla
binary
MD5: 81fee123bcca17d19e2a08c067216b87
SHA256: 781e822b9b32e0c9b6d42124df76dd66c6f8414f0c98d356d8a2db776b946e08
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4.ddshla
binary
MD5: 16081681563e1cc857f29488ace7a832
SHA256: 47ab63c05304e684a0e1f49f7572e181719765095a06d2a825880822f6a1cc77
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040812.7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4.ddshla
binary
MD5: 5f5c16ab9db1df7bf2c3280bffafe902
SHA256: 5032aea939c1817fb5f7fb2be7cfbe7fc7f0e00a108bebf00ff9807dd21fc30d
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4.ddshla
binary
MD5: 263014abc34c7396c1523ea3e9ab4e28
SHA256: 8c4fc527f5909395dae39487994365f2ee5a75c9a6f73564bcb3c06a7c7fd88e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4.ddshla
binary
MD5: f9b6719cc857555cc0385a953653b93c
SHA256: 883af88df8af0c9b08e3b4e28e1a5d2e5e4b90510bda7c8bc2bb44252e8a8c6b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.ddshla
binary
MD5: 5c8c55a293bc602eabd27ee3f4fab71f
SHA256: 807159ad6922abd9934b09e98ad13ad9fed2d678ca7e1d178f6feae069f2d022
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4.ddshla
binary
MD5: 3d63538ea068a6446d2297b5c54991f7
SHA256: d463c0ab180b0de91ad6b1ba1ca7506f4bc088c806a0e35161b0df26e787bbef
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.ddshla
binary
MD5: 5afc8a3b7a3efc03c00f53780ec2bda4
SHA256: b38aa016744bdb97c9cd747d01ba921b7e31fdea1a5e6c4f29d101d6e00fc114
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.ddshla
binary
MD5: ef2770c4814589f304b48aa4e406744f
SHA256: 935eefdd9a29ee8820fd9fc9990edecc379bf2c133d1bee8ab75dcb4207558bc
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.ddshla
binary
MD5: 2e68dd8377af15dbce27a849706443b6
SHA256: 4caa6e8db95f9c56952f47152701ea062bea8f36c062dbda43c0704dc320062b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.ddshla
binary
MD5: 6ba3e460553f033d0be65dc371677c30
SHA256: 5e35fcd24472d254f5f19d81746ac6f55e268a11d859192b3f7847bb25ab925a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.ddshla
binary
MD5: 9f8232a8e355ce27f37597dfd82dca4f
SHA256: 9ff05d4674edff2bd27c526a14e9c8518325b671283796ea9bb6d8d966c14d7e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.ddshla
binary
MD5: f44cb55d19f875a3674e06f71a8e373e
SHA256: bb1379269ddd1378aa886e4433f85822fa03cabcb8bdd458e9b950f542c54532
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.ddshla
binary
MD5: 65bfccd28c3272cd6ed0e3109a5c135d
SHA256: 5d0965d21decf0ba00d1263cd0a3caf02480f03021810d548a08f575fb8be9a2
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.ddshla
binary
MD5: 59b949b9d615592dbc3c36d5a7b3cdd9
SHA256: 4de57d4092626652f8dba74d842a08b18a9fc66c8a2ae43b534bf0bb728d09ef
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.ddshla
binary
MD5: 7d36bb651194a8f14466b575a0e69908
SHA256: 6f8becf899abc41aa180fd3f82497b3017cb3cccbae9dea47d86177fc5c1429e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501.ddshla
binary
MD5: e475f53b3be94c67cb0e675792719172
SHA256: 140d07a6f27146a0e2a87b48f1c273a6dade2f4e9aee2d368bab611648b5383b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.ddshla
binary
MD5: 65f9fdedc60ee17fc9e4e85513ae205e
SHA256: fce11494becc6fcbb97ef18b28bc06534e8a6bf5d421662122fdf23e97388c2c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.ddshla
binary
MD5: ff65e76a4b1625dbc66c20fb2fc8d991
SHA256: e0e63fb607127696309fd6b4e0493cf63c16dd7ee50aaa9bc33022ef3e46cb4c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.ddshla
ini
MD5: 8fdc3a570d2dcc147fdda1c45cdf4dce
SHA256: 7870a22975afb9c19a4454645d643cdb9ea54b9175e795bbf375f36f4372c12a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.ddshla
binary
MD5: e0f740007a0240165942198311584174
SHA256: 213c158b357bf997a3740b3e58b744ffbc78ef0cabee046ac4944eb0c9557b9e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.ddshla
binary
MD5: 3b53a514c4f733c989d459e3be98a339
SHA256: dd6e3e7f5f65ef44584d6e71d2cbec26a8ab5c89e21a72c02fc6ad7b6c15031c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.ddshla
binary
MD5: 43145a67016b8237edfdafc1b773603a
SHA256: 94222b37b2239b4b1cd279c3b0ea13ff03361c67927f7e9cbc56e89e30e85584
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.ddshla
binary
MD5: f14e9cc66677991fd9b949f576d11abf
SHA256: 5259d6310956cc6f7cf48b2c38bcfa35ed6782b7933ae1c61328ded20fd9b4c0
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.ddshla
binary
MD5: a6495b5961425454266e48cd71f2bfa2
SHA256: 336e7e289634c9d5f652b81112159c13c01fce3df944bff0784fe97bb24cc735
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.ddshla
binary
MD5: 163395051f2ed3ba31ead6e886c586ad
SHA256: fed6612791973dcebe685fd0a050877abdd77961a62a85faec6406d3e4334bb8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.ddshla
binary
MD5: efdc6ff0280ce29e9e9029aaac71118c
SHA256: 53d791f31e50d0d32ecee19a3520a7fd2b3e5a8487c963ebaec6860a9fde0b71
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.ddshla
binary
MD5: 67888b6de570fe8965fbd8163ab64ae2
SHA256: df7d3fac7f1fa6912c630dec93a0c7b067df9a22008e83de307d509d4d8e7485
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.ddshla
binary
MD5: aa0f5c4c47091a77ffdd4c4b8b768444
SHA256: b6e7fdefba10a43245270d232bc3ec9359812cbdfcc7a7a2e9aa2c976fa1d9b6
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.ddshla
binary
MD5: 46629703b705afb1f832f5ea951e4019
SHA256: 9f525c67c13b626b18e242397b924cdd41f66febaa7f0a6436ff55e374c35c22
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.ddshla
binary
MD5: 638f64ae97c5d8aec0cca0339cf179dc
SHA256: 6e996c3110c79b6defd95a8245aff1f29be82bb4c969fba18eebef3b207651b2
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.ddshla
binary
MD5: 6decd6b59164a786c2e42249730c26b7
SHA256: c143d3a43423df84a23f7afc3dfba37f47fd61d801e9eb978c43f47fc887bb3d
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.ddshla
binary
MD5: 92a00487097ad68e7307d0c395780537
SHA256: ca158b14ef0a81432c757d8923f305890dde5eef903eb88dc4a3e3ca23060da7
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.ddshla
binary
MD5: 911e02bca37b61ad7245156fc8a9c411
SHA256: a6115e07a6c5ee7f92ae4363104a2047576596ee0481eac620a5f35de6e72b85
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.ddshla
binary
MD5: 3dae236496b6187d4c12140e8b1ab992
SHA256: a547cd2a36c0a658ee4e05648bf9b553e7f1c6ca0f749ace2ee36fe84d6cbcac
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.ddshla
binary
MD5: d8c5d0125c32ef5628772b073efa96bc
SHA256: 9ba442af80f77083ce217bb0c11b4c22a583ed7eaea6229b5fcb843f8450312b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.ddshla
binary
MD5: f1c2300bc31ee01a2230fd965f8233b5
SHA256: 7414c3238397a9768ace72befe020ac0f193937905d470b77e579fdfc06989fd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.ddshla
binary
MD5: 7686cffe00fd31c32aabb93e92b50dbf
SHA256: cd5b9464865b53b013252eba236c83d63312057bcacc075cf8e0a1fb1256d0c4
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.ddshla
binary
MD5: 6183c782625f9790fbf1383dd0ad7cf5
SHA256: cec2bc226e0f31a128f9bc165a84dc93331cada9d23f1e754e40cd621bc7e7e7
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.ddshla
binary
MD5: 3ad75e193de7c216fc90658eefac14c2
SHA256: 5fdc7a306c1b89700cfbbcc40fc79b0304389030abe77e70bf8d33ce6a0ddebe
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.ddshla
binary
MD5: 14ada77a217518876503cd95784a6621
SHA256: b007df53fdf62a3939b9c3c2f55790c53a4c2586afc2ed841feef02a53f1c5ce
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.ddshla
binary
MD5: a24d0bcf4c7be981a503c9697a2ae4bb
SHA256: 1dd2159af3396df224bb0221dd3ae80ee56e62e2f93163cdb206e4c1791a8e46
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.ddshla
binary
MD5: f5f0814da67a05d6e3d22a1b471529b1
SHA256: 587e8957c51627cc519e5391672be3dbe8bf3cb94f30fb513e334d7383f24610
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.ddshla
binary
MD5: 2c796a8277c445761bfd18cc1dab73c5
SHA256: 59202abdbf63d736b77b95c671ec9ac8410c1d7399882426333d6f9d6f181416
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.ddshla
binary
MD5: 064e27e57ca07fe8b999fc606ae31364
SHA256: c747871280773c24a44181515cfc18da5e4f9733d2caba4b3ef0a7998b073647
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.ddshla
binary
MD5: 4c368c6bdc0712d4a079ea1eec852309
SHA256: 4709cd9e7e309defa8f2ab774d84b3af01d6493cfded6dd4c329ee56a4135cc2
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.ddshla
binary
MD5: 82864369336333e4086aa5b3834f305c
SHA256: 04226bb8ef94e6a561af99ef4d2419c1b75c45eb340a7b2b16533607273b18b8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.ddshla
binary
MD5: a81877fb640e8bab396aea2a63d294b1
SHA256: 022fcf7b081cefb35d3feb1b83335a3827c4a674254ecc49ce6ef635f3ab0aa7
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.ddshla
binary
MD5: ab897d4efdcc19ec0dad962b70ca02a7
SHA256: 08e19c03a3826d38edd5f2fbdbb6f2cb9e3316c8174851af7e0c7b1a0042a3c4
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.ddshla
binary
MD5: 21abaa12b003258cd43d84a27c434f2f
SHA256: 4a84da27010153b4a3c2a028a895bf5cf7a0552857a53c409b1be20f92986e24
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.ddshla
binary
MD5: 82530315a7e0f5bdbf4fe2ad8f378575
SHA256: ef8633336cea6a83d3f1bbe433b0d2726bced7f5cb36416b56defc8db2e6ee0b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.ddshla
binary
MD5: 5d8b68ec57b23d9bc536c56466998dfa
SHA256: a911c7548112ffbd118bda7687b9d95042309e6add62fcaecbb0ac3257a1e6fa
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.ddshla
binary
MD5: 2192506415dc054f3b66ebc2399f2a9b
SHA256: 8ca5572b9a12a309218924ee21f792f5c87c3efcb694a3b95f18c5f1e44127ba
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.ddshla
binary
MD5: b7deb9978a2876081fda69a22a559df4
SHA256: 4cd1886dcce01fb3f7b61fe6ef98d29c90e67816048150e8de6e96abaaaba030
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.ddshla
binary
MD5: bc6a1c47f2872064402aa392b9318439
SHA256: d9c0949d428b04d44794fd9049004ff1f0ebbd219b6ee2061662c75dfc5bf20e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.ddshla
binary
MD5: 95df735a22b8fa12086b48862c205d05
SHA256: 8a854dc8a3a4092c216e011e96ee307af9fa771c11497dea4e7520022e94afdb
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.ddshla
binary
MD5: 3ec009e4d0ac221269baf01c02dcc6ee
SHA256: 9b566dabc7ac8105de894ab95dcbd664301c2f333462f6d5ae686ad99d370577
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.ddshla
binary
MD5: 5daf8f62f574864da64c568a4adc8d07
SHA256: f07fc3d7329a03392cc2bad0263e1a951d216dd5d9ca82855fbc92b72a7a55cd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.ddshla
binary
MD5: 919fecc3f6aab5ee8413a9a93363e441
SHA256: 918288d241633f970babb85cb90e3c00c20df616130a69d5e1de726c3b698857
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.ddshla
binary
MD5: ba2ce7f0962e920883c205fb9a9b5d25
SHA256: aa92704d07eef47b4ae9afee3fb3a77ea53b66cd8285cb8f10023ad400d7a4c2
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.ddshla
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.ddshla
binary
MD5: 0a48a8f56b3b1d1ce702a9a01c3636c6
SHA256: c8c83f5de643ae83153d99c00ca5a09e0ddd680f772c35c631764a18a6aa3bc2
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.ddshla
binary
MD5: 0aba11006958c85adbddfac9ef51d818
SHA256: cb566942db033ed2bccece9bbd98aa2157ea16dbde7bf42ab5b8386afb95c35a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.ddshla
binary
MD5: 3f310d59331e4a933c74357e8058c00a
SHA256: 0a1b9737b7d187ce96f2dbc8e624e9139c55834aa961fce0c37224b6252101ce
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.ddshla
binary
MD5: 1e08a0c21d02de878f536c3c663ad927
SHA256: 9af4679a929233a9cadf8bc49f9dde0146390fc6af233cfeffc4421967897d27
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1.ddshla
binary
MD5: 4efc870d6282a78060a9def4b42c98ea
SHA256: a3d767b490435553dfd9a9741c0e120175caf2b0ecccec95886dba9b96edca0f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.ddshla
binary
MD5: 482fa55fd0e57820d7c116b787527e95
SHA256: 076a75ac766ddfd0f78ee53a4b53b4fe744e69160305399a0440de2fe0f4d6c1
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.ddshla
binary
MD5: ca95a7ebf638d199b7a1fbbfa71e9376
SHA256: c82c85281b6b6277f52ffbc2fe0d118eaa2c567db0abbd55f40f447cab9cf001
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.ddshla
binary
MD5: 6c89e9a21e9f7adab9e42ac0e46174eb
SHA256: e0646cd53aec58705d65ecc9b65b35ca3163843085415acd8f612805102bf789
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.ddshla
binary
MD5: df6d3d043f469681ca68cf8976a7948f
SHA256: 1db33e49d366be1c845a7cf99d66c657b5111ed2994be8407db3e52be91279bb
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.ddshla
binary
MD5: ea9387e6874fd1b6a1b8eb28754422f9
SHA256: c62a23e7e644283d54ad1b683e33c6da4ec9c2a16d9e8ac55cd9f1d8136484f0
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.ddshla
binary
MD5: ecc2e9c39208f25c3d23a9bd6aa787d5
SHA256: 757ea61d823125e5ed482ff9216ae863df197bf5c8d1a9fbdc763c579cf4423a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.ddshla
binary
MD5: 4465407bc9742e85229a1eccbb01f24f
SHA256: 5dd8314fd7c786bf9188d1092a562ec65b070739fb6b44cca15a7503521688e8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.ddshla
binary
MD5: 9999c19081d0a90779ac1466f92fc53d
SHA256: 13bfdfe3e0a110847e9624ed0175997fa9c0f0531ac3f243b4001c04fd49216c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.ddshla
binary
MD5: d6f2c1b303a3fca267107ec3cb9ba249
SHA256: 6e8993e8667f8ebdde2a7cfdae08aca926fc846b24109c162bb42acded00640e
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.ddshla
binary
MD5: 54e43821b59f761daa6e79dab7bc0d51
SHA256: 66f126d1dec0ad1bd4173faf012957d358d3c09fc162f813b960f368d7c9f6ce
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.ddshla
gpg
MD5: f5763814787559d91d0015580f00dd88
SHA256: c280011092da63feca2b03c6844a68446e9dc31152813c1b12ef6fcbf8895c8c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.ddshla
binary
MD5: 89d1bba60dfad0117900ca4f3c37790e
SHA256: 3f366f8370598b933209ce631d11c805522cd5f541831a5ce79b58c3a0dce824
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.ddshla
binary
MD5: 3d6f72a4bc309190848e7259da23d2e6
SHA256: 1c81e297b01aa64ff0f7c17456ba916c4547098e0b4f6e81de1d087162400d9b
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.ddshla
binary
MD5: da54b26b4838da44e6d472f64705524d
SHA256: cef8fc416296f10c4a1a064b2193c94380d6536fb5eff7cf3755af44616a68ae
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.ddshla
binary
MD5: d3b1ee32e8e3e826e9eb905cc26d4ffa
SHA256: db50eb0d7ef905eede71602fb1c651399b8b764bccf79db2e80aa88bb7bf985a
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.ddshla
binary
MD5: 45419dea75b9523b6195a8443aeb8779
SHA256: c997dc1f1afdb93ff5b1085450d9b92f43796b0cc5f75567a200ee967d6902b4
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.ddshla
binary
MD5: 2549563f3dcc5e42c07fb6799df3364c
SHA256: 92224e65153e7bf668a805a36cbfd8f1bd369014396ef20ba166b50dc59562a0
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.ddshla
binary
MD5: 82ff1069cf9cd78fed01ba5c967478ae
SHA256: 4229c39e7dea468319b50b9c8f91666ab7df897138aff99489c702c31d773a09
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.ddshla
binary
MD5: 163a0c5212ecd2bf1d833700a24c3bfb
SHA256: 0a3ff2eca0a9131c6364566fd7291a2fe287f7dad642d3390e0d1cc4585995bf
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.ddshla
binary
MD5: bdcf49041ffa8013617c20611b49a738
SHA256: 76f98ec7cd9b4060fcc13845f952fc6d4cc9cdc0e5b92a238b6aea5712f65f23
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.ddshla
binary
MD5: 7411aa0cb746bdc2b161bc19a815d4d0
SHA256: d746db69951c493ec383bada4a40490647627c3896d8d2b253d2989baf082ec9
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Identities\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Microsoft\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.ddshla
binary
MD5: 3ae68ddc4353cbc560da0cffde39f4fe
SHA256: c2ed62c1e38dc167a44d56217d4db6dfb2621376ddc9a889024b168d5b28f392
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.ddshla
binary
MD5: 55361495103d5738975cf899c60a73d6
SHA256: 9f70e3cf06786dc8aea1f49e1b355c2e23a6a6197b628d969c6ed22760d04240
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.ddshla
binary
MD5: eb62f24883b47741fd2e7b0e70b58632
SHA256: 5a6f31e67ea4e05fffc315faacd5606f1725cff58abab88ccf0b02167b9a9e16
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\FileZilla\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.ddshla
binary
MD5: 1ef86049659c91542b32f585529a11f6
SHA256: 25aa19b76a9d21df4d92e90f5826f600e3f1c32af5f77880e36b55052955a4b6
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.ddshla
binary
MD5: c80d9622687f9fc9f63ac3c96b8847dd
SHA256: 538d8d8b620e1eb5c8e8cac0b1995d8197cc45a14b6fecf76df5798d921f4d7f
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.ddshla
binary
MD5: 69bc1fef4b276de32f94f902cac26d57
SHA256: 63942a19f69c5a0049ef5f59740564589c47093c91b3d22df5f36395c8d24ed4
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.ddshla
binary
MD5: 08206f9626cbbadffc790788941a76b8
SHA256: 0fd778af039d6d38d13f5ce6982e2b85e0211afbb7694b8b36830a18edfbd5cd
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.ddshla
binary
MD5: f64610839d94c42854b6b775fc7af4b1
SHA256: 6196da04aa2adbd43092b822843170a85cc0b2a1b20b06756fce126686e339a7
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.ddshla
binary
MD5: d1545b42e6b68fc5c1a090f377c4f6c7
SHA256: 65533985221ad22ec65f3f84b7f4191c86405a17b0400b5d3fd49c21c9a8b48d
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.ddshla
binary
MD5: 86665718d4422042ab6206448e527c07
SHA256: e4d65acb720b8d07503fc8755bd41bf243a7ecfbf0371c9647d3cd7c4faf4da6
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.ddshla
binary
MD5: a2e4d78a7217b57a9752bec86c8426b5
SHA256: f91912fde23a1892cf6b80cddb7ca0b3b5ce3893ae8d5cd88e2413c224bc049c
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.ddshla
binary
MD5: af302cb4134ccf249bbd2756471e892b
SHA256: 700e30151991941827f351140b49fccb9713c25b4a5ec62aef5befa8394abdb8
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.ddshla
binary
MD5: cec042e7bac464d8a5fa5b2a42798c7e
SHA256: 1181f60ab9f8b25adfa548178765af57edaa4f144e9210da57c8b1245f153056
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo.ddshla
binary
MD5: cb89e5282ca9cabc43df8c155b9040ae
SHA256: f5dd319b7e78e68a97022910e20034a0af4f6d2fffba3ed17e348351156c0a10
3072
GandCrab5.2.exe
C:\Users\admin\.oracle_jre_usage\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\System Volume Information\tracking.log.ddshla
binary
MD5: 9b626d652578326fe0a5f70556b39f6b
SHA256: 9a651aaa99d130d22201eedc2cf18b1aa5a30fe0e18076e6a4363052d048b714
3072
GandCrab5.2.exe
C:\Users\admin\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\tracking.log
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo.ddshla
binary
MD5: f1f18106b7950782d0f672700efdb00c
SHA256: 07adb1a50c41aab614a55e1531f31816fca54314578c2c8a383fe61afca326ec
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo.ddshla
binary
MD5: 1019f901649048c5e5772dbb3b5292b4
SHA256: d406ca8a5c9c4501a5660e1bba59f25239298c6daaaaa4d913b9c003c9181635
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo.ddshla
binary
MD5: 9bf5dd36396fac270cb62d80f5c0bea0
SHA256: c321538d4017e6c2730ae9b505dec85ee60b652fe4bbb37ba0e2d93f9dce1a00
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo.ddshla
binary
MD5: 71a6218b852ee598464cfe7a099817d1
SHA256: 40aa04a9103390a71ffef25fc530a25ae0c4ae7de6aa1dd3b5d5209f2cb0f1a5
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo.ddshla
binary
MD5: d4073fcb95625f5faf6b984c85b6bfe5
SHA256: 988d7b47690bcfcd8fc6b0c9ea1af3b65d59b9d7834da3619e0bcc30a8bb7060
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo.ddshla
binary
MD5: 5e53a55f39b72a078376b9e4882b71a4
SHA256: 22e4f6d7c9414b0684b0f2a77d18abd18aa3295940d72b096bda2e2f94d1f8e2
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo.ddshla
binary
MD5: 9345099f38411c191da842c7dbea6342
SHA256: 5825c93c9d4bf93a25584742d02c743ecc9adcd6c8627d4d1a865aa03356ae39
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo.ddshla
binary
MD5: 6a4d99a4c56fa9c82db7a7095c99bfca
SHA256: 15e05ac87e68500cb84a28c781166cb30b0449be5264fcd68b6dbacf56678145
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo.ddshla
binary
MD5: ede85178433c905d6f397ab5adba86f1
SHA256: ca6dd0c9bde883c91a253ff5ca6e9e5ca1fb58f1386d955665e117d744c7e2dd
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo.ddshla
binary
MD5: 06f2ebb9ce8da82a13736a7dbfe8bd8d
SHA256: 628e0e7b0aff56e7ded677863a6dd1b88e90c97e0417ea7dbdf1a84bbbb902f1
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo.ddshla
binary
MD5: 9ec0bcccddfe86d80387464c71aad342
SHA256: 0a4f271daa5705e2def6150659944bfb902621b8ed460c12218581412b452f69
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo.ddshla
binary
MD5: 0ed3e68cb21e74a0d433e377bf266396
SHA256: 5446abe5f0f235af9da3ba9fa677502f37c6490f453ea886ad854c0f16f2f23b
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo.ddshla
binary
MD5: 4c3e29bd830c2b70b3e73d2baa109da1
SHA256: 00aff115eecc01f0007b49d575e6256c8b7cb9ca3f44af570304692f1b7560b5
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo.ddshla
binary
MD5: 411c357b1a5779368d1138eb2b648b03
SHA256: 1453b517bab574ea72f6b7f0232dc43fac4cc5285136cf2c0e7045d130ef7cf6
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo.ddshla
binary
MD5: a93d240ff176490f34ebbd7621c0a080
SHA256: 5429b8bf5eaf439b90ec2688526ee3402130d5ebef113e9dafd6f07383c8ad93
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp.ddshla
mp3
MD5: 8666948ed643ff04b466246da195e8e4
SHA256: c4bcf4352dce5cd5cdc42cb822ab5ae0ce1f63ec0d267e9c3c259c1cfc52b5d2
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp.ddshla
binary
MD5: 32439cbca0a0b887f28b5a256c070e27
SHA256: 0d3c619133e70c29860bbb06c715308e3f8d0139c1da18ef370f65838f689baa
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppGroupCache\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\SppCbsHiveStore\DDSHLA-DECRYPT.txt
text
MD5: b87cc8bb0778e9c0d3a548bc8d87e7d6
SHA256: da324bb70b227c426fd04815aebced07caa488bb578e30c426af69e1c5d24d97
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp.ddshla
binary
MD5: f2c6b8990b1928e0f01825e50da470eb
SHA256: f59d27422a645eb6dc69a298bc9e51a85f13ae4ba1fa1df5b65272bae92fdff9
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp.ddshla
binary
MD5: 50d43c7fea7648854cdc05244b97a737
SHA256: b867a3229f7340fa939f102d81ea60c794c611c71cac0d31c55cfa63f1c7b691
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp.ddshla
binary
MD5: 51b9c84fc30ab0d2fce1d72c94dc35bd
SHA256: 726ca5760bc88231527ef2f745ab286240590471c16a87d7dff271861f792e8c
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp.ddshla
binary
MD5: 4d3b311b8c9eccfe49ee6ac00275f611
SHA256: 98f86de4797bb65a44ebc5274746c803f409a54100034dc24ca234bfe684de96
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp.ddshla
binary
MD5: 01e5dc035df23508840461d3ae8e0a16
SHA256: 06fc754a04cd2ea3eb407f6afc710f5c95525109a2b7abe86b163836be900b20
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp.ddshla
binary
MD5: 602b62ae488be62871ec14702e41793f
SHA256: a247006cdd84712d932a638bbf6534068f09967b93b08440b59991dba56e51b3
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp.ddshla
binary
MD5: 0471ecd630ea7865b7ddc6de887a899b
SHA256: fabcbfc72c50af2e6d49094daeb66bfe49eedfbac9785d81f5a8820124abcce6
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp.ddshla
binary
MD5: 8b3363f563fbbb60f4bba04556cd6c9c
SHA256: 5a63eb1eaad696109b9bf4d095d6bc33e714c1f5d63e2b7b6d0e6531733c89b4
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp.ddshla
binary
MD5: 985f5082d26df1c7e881ceae52226fea
SHA256: 9b974bd0d05e4904b51b1f4fcf5a4a46c58cd5c33c58286e017c880932dd1932
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp.ddshla
binary
MD5: a9e042ff14cbe692d524a14f584d54cb
SHA256: ece11156b4bbb5516f510aa39b3bf1847830f5aaf1ceb6ebd89933c6b3628808
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp.ddshla
binary
MD5: eb10be0ada3b4d69b87961b16922e08b
SHA256: b69448f7799fa27e1b3f60fe9294e5fb9b66a74fc9f723704accf415f41f6c91
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp.ddshla
binary
MD5: b3ab93e4a863442567105e23ad90df64
SHA256: 650f66fcee9bb4a3c0fe3c090820aa5c112a056113db05d875b5a13a64fa8ad1
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{16d74681-6bc3-4c44-97f0-8b8dfefe2355}_OnDiskSnapshotProp.ddshla
binary
MD5: 42a0abcfda639c39aee442bd5d3697a5
SHA256: 4958665303ef89e01ad9e495a7bc35d8af21a004cbd163a49a0f721f344c3203
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{38e8535f-27d0-4352-aa3a-ce4178930102}_OnDiskSnapshotProp.ddshla
binary
MD5: bc0e7220572e9b385866b8ff3ca668da
SHA256: 9ac8c99c88acce4edde7673251e2135e6e0a421a1f14ac8fa23be0e935104761
3072
GandCrab5.2.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{05ed3515-06b3-48f6-8cf2-bf24b1bf0727}_OnDiskSnapshotProp.ddshla
binary
MD5: e809464b196ae752bf4ffb021075c4d8
SHA256: 66c0e762090a7f6339e67bf98a9d92c3215bdbd3b1df405d1d7acbf075967c7b
3072
GandCrab5.2.exe