eced325735636ed140a5da96f08b58d0f46ecd1400038ab56df37ee82bd51afd

Analysis

max time kernel
59s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

slam ransomware builder installer.exe
Size

4.7MB
MD5

4b83e7f40fa48d0b630d16d9ae110cfc
SHA1

8c9d8009878f234d701e8bf09f6cd5a5747a6aa6
SHA256

eced325735636ed140a5da96f08b58d0f46ecd1400038ab56df37ee82bd51afd
SHA512

9f7b775f07c842c81a4f909fe242bc806c6aacb0f620203d397d14d1dc0d16d42e1083d56a5c3a141121a572d48f62853b91d5c81111eb9fbdf84168841d9b33
SSDEEP

98304:pxDbjhpAUN/vsdZi9AGI/vsdZi9AxYyTWb3LRKMl3xVDEVh2:72Ziu12ZiuxZwVKu3XDk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1744	start.exe
572	slam.exe
928	start.exe
2004	slam.exe
1084	slam.exe

Loads dropped DLL 3 IoCs

pid	Process
2784	cmd.exe
2784	cmd.exe
884	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
320	taskkill.exe
3068	taskkill.exe
572	taskkill.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
892	chrome.exe
892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	320	taskkill.exe
Token: SeDebugPrivilege	3068	taskkill.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeDebugPrivilege	572	taskkill.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2860	2216	slam ransomware builder installer.exe	28
PID 2216 wrote to memory of 2860	2216	slam ransomware builder installer.exe	28
PID 2216 wrote to memory of 2860	2216	slam ransomware builder installer.exe	28
PID 2216 wrote to memory of 2860	2216	slam ransomware builder installer.exe	28
PID 2216 wrote to memory of 2784	2216	slam ransomware builder installer.exe	32
PID 2216 wrote to memory of 2784	2216	slam ransomware builder installer.exe	32
PID 2216 wrote to memory of 2784	2216	slam ransomware builder installer.exe	32
PID 2216 wrote to memory of 2784	2216	slam ransomware builder installer.exe	32
PID 2784 wrote to memory of 1744	2784	cmd.exe	34
PID 2784 wrote to memory of 1744	2784	cmd.exe	34
PID 2784 wrote to memory of 1744	2784	cmd.exe	34
PID 2784 wrote to memory of 1744	2784	cmd.exe	34
PID 1744 wrote to memory of 884	1744	start.exe	35
PID 1744 wrote to memory of 884	1744	start.exe	35
PID 1744 wrote to memory of 884	1744	start.exe	35
PID 1744 wrote to memory of 884	1744	start.exe	35
PID 884 wrote to memory of 572	884	cmd.exe	37
PID 884 wrote to memory of 572	884	cmd.exe	37
PID 884 wrote to memory of 572	884	cmd.exe	37
PID 884 wrote to memory of 572	884	cmd.exe	37
PID 572 wrote to memory of 844	572	slam.exe	38
PID 572 wrote to memory of 844	572	slam.exe	38
PID 572 wrote to memory of 844	572	slam.exe	38
PID 572 wrote to memory of 844	572	slam.exe	38
PID 844 wrote to memory of 320	844	cmd.exe	40
PID 844 wrote to memory of 320	844	cmd.exe	40
PID 844 wrote to memory of 320	844	cmd.exe	40
PID 844 wrote to memory of 320	844	cmd.exe	40
PID 928 wrote to memory of 2936	928	start.exe	43
PID 928 wrote to memory of 2936	928	start.exe	43
PID 928 wrote to memory of 2936	928	start.exe	43
PID 928 wrote to memory of 2936	928	start.exe	43
PID 2936 wrote to memory of 2004	2936	cmd.exe	45
PID 2936 wrote to memory of 2004	2936	cmd.exe	45
PID 2936 wrote to memory of 2004	2936	cmd.exe	45
PID 2936 wrote to memory of 2004	2936	cmd.exe	45
PID 2004 wrote to memory of 2900	2004	slam.exe	46
PID 2004 wrote to memory of 2900	2004	slam.exe	46
PID 2004 wrote to memory of 2900	2004	slam.exe	46
PID 2004 wrote to memory of 2900	2004	slam.exe	46
PID 2900 wrote to memory of 3068	2900	cmd.exe	48
PID 2900 wrote to memory of 3068	2900	cmd.exe	48
PID 2900 wrote to memory of 3068	2900	cmd.exe	48
PID 2900 wrote to memory of 3068	2900	cmd.exe	48
PID 892 wrote to memory of 1608	892	chrome.exe	50
PID 892 wrote to memory of 1608	892	chrome.exe	50
PID 892 wrote to memory of 1608	892	chrome.exe	50
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51
PID 892 wrote to memory of 1944	892	chrome.exe	51

C:\Users\Admin\AppData\Local\Temp\slam ransomware builder installer.exe
"C:\Users\Admin\AppData\Local\Temp\slam ransomware builder installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c cd C:\Users\Admin\Desktop & del /Q /F slam_ransomware_builder.url & exit
  2⤵
  PID:2860
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c cd C:\Users\Admin\Desktop & start slam_ransomware_builder.url & exit
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\slam_ransomware_builder\start.exe
    "C:\slam_ransomware_builder\start.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1744
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\30D0.tmp\start.bat" "C:\slam_ransomware_builder\start.exe""
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:884
    - - C:\slam_ransomware_builder\slam.exe
        
        slam.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:572
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c taskkill /F /IM server_connect.exe
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:844
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /IM server_connect.exe
        7⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:320

C:\slam_ransomware_builder\start.exe
"C:\slam_ransomware_builder\start.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\558F.tmp\start.bat" "C:\slam_ransomware_builder\start.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\slam_ransomware_builder\slam.exe
    slam.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c taskkill /F /IM server_connect.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /IM server_connect.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68a9758,0x7fef68a9768,0x7fef68a9778
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:2
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2152 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3308 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3744 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1224,i,6835601400872597408,10070195895682247334,131072 /prefetch:8
  2⤵
  PID:1524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2524

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2792

C:\slam_ransomware_builder\slam.exe
"C:\slam_ransomware_builder\slam.exe"
1⤵
- Executes dropped EXE
PID:1084
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c taskkill /F /IM server_connect.exe
  2⤵
  PID:1256
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM server_connect.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
09ffa793e28f747124f6cb28acad01f1

SHA1
def0108cefccea909d13cba3815c605db9ca13fc

SHA256
6dc2fae5aee234199b6e356a93e81ff1e6a327ccc3e01bf6c901e258089e050d

SHA512
f73128d3426bf03f5f0d5eee3bdc733528c9bcc37e3b3a08a5259d1a1167f41813d78dc71138060dcc7d3c9595e6af524ba5b6a0fad2940c8b7cb86cd1170758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b20bfe4f5221e401d86531f6e06d9414

SHA1
2df98153e772a07ce131c759733695b04e8e41d4

SHA256
c1070cd54e7b98d2ac75522e76ba175b45d826b10ad6e56d5cbf9ae6c6ce1191

SHA512
f04a2087c279d5a0a7b88e39c590eb4e510c5725d3d0915009503a84bb51938032030de009e4e7567d7b7291ade8d87261b5a2bef51ad8f07abf2c076fca74f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\30D0.tmp\start.bat

Filesize
96B

MD5
2615bf9ed6d2e854c0602ef8fdd787df

SHA1
4e0682a961ee43b9ddce5b3c03c83945d7d0cc40

SHA256
a33ee4de5292cb00e1833b85a5dc530240bb5f23ee64a56ae7fa23ae4aabc493

SHA512
24ec09d91c3d8d93c7dd595dad8eefd00de24759e039bc4dfc6967291ee54ef2a65b693b02143352a8a7c0e83b372d77389059811927b18f52472ead1332fb8c

Download Submit
C:\Users\Admin\AppData\Roaming\MSBuild.exe

Filesize
256KB

MD5
b127124cbcbc0115fe19c9e2edec9185

SHA1
81f6656e24e93858545ab5c9204d5647e4e89b55

SHA256
174aff4e6833da58481b13154e93adf52b2191c29fb811b7192322b40597599a

SHA512
613c9ac5ce43323a1517662b2ce9c995a0dec4178c715fbe7c2ee1e22b2b91b5e3c448e7b0b942697baeec48ba2a370d12582a0e53316f5fabddd4e1c366225a

Download Submit
C:\Users\Admin\Desktop\slam_ransomware_builder.url

Filesize
126B

MD5
a260f73fae15f9f82f4a9d0bb86fa17a

SHA1
cad40598616458f54270f2e23ae8e13d11a38664

SHA256
83ff15c38331994e8f66075de3a34f1bc7144b2f6d680266a86765b3486af53b

SHA512
51b69701688b427cca14916ef4dc6692c4b910929e9c52a1f33b114a85946183a02adf11b21b678b69bb7a55690182f97ccfbff4f9ef8c7bf7d88ce99c0489f0

Download Submit
C:\slam_ransomware_builder\ConsoleApp2\ConsoleApp2\Resources\wallpaper.jpg.SLAM

Filesize
122KB

MD5
f83cd0592ef46ff26c4b81f3ebbeec1c

SHA1
9a99d054675e7fa659188e1057a271b4b59c6e78

SHA256
2c070169ac950517fd5e828e309fb0e27ad24cfc94dfbc2c3de5f6a9adbc8d7b

SHA512
6c3576a275fb7da04c982682999ebaed346af757e88f2b5d12cc1ecaf3bb9639a458a2e207f69d5fa04dd03272e831d1c07e0a7c46beb28c2a51ef93425b2df9

Download Submit
C:\slam_ransomware_builder\MSBuild.exe

Filesize
256KB

MD5
8fdf47e0ff70c40ed3a17014aeea4232

SHA1
e6256a0159688f0560b015da4d967f41cbf8c9bd

SHA256
ed9884bac608c06b7057037cc91d90e4ae5f74dd2dbce2af476699c6d4492d82

SHA512
bd69d092ed4f9c5e1f24eaf5ec79fb316469d53849dc798fae0fcba5e90869b77ee924c23cc6f692198ff25827ab60ad47bb46cadd6e0aadde7731cbafb013be

Download Submit
C:\slam_ransomware_builder\start.exe

Filesize
46KB

MD5
f7b1a64333ab633f980b702723fb7cba

SHA1
e7e04a69a84c5a9e7d0901eb00face35457a0df1

SHA256
e7bde6768de9a7a1b1028d7fa52548f8c074b7355820b7a1cb2d4c2c082512d2

SHA512
666d09200f0bc1762903fcfb748335d1fec27cf2cd9723a91d2ad870468b94236ad7c15ed453446accc415f0be5d40f006d57695204fd7fa30c676a8e6d2ecad

Download Submit
C:\slam_ransomware_builder\uac\ConsoleApp2\1.ico

Filesize
66KB

MD5
889e8ff9455bb4837f91ff644dcf2b82

SHA1
6bc850368a6444885e59d368ab5774cedb6792e2

SHA256
56ee941f7f4fcf1e050be3544ad73cfe7a061f288a3af4960632b0fcced94d51

SHA512
771af6b48883b408d45c952380ede6ab466efb776360af6bda5c0530332876d62b127803e4e4cef7e68dc64f829603cb939dbdc2d8cafe3d08dc954b796f2fa4

Download Submit
C:\slam_ransomware_builder\uac\ConsoleApp2\App.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\slam_ransomware_builder\uac\ConsoleApp2\Resources\slam.exe

Filesize
256KB

MD5
22a16dad8397527cf3db254a31c83cac

SHA1
9f34b5e550711828282468bb36ae6a6f432f5a13

SHA256
e0279c09408a77cf239fe9be7368260efa5307206608a59e4b8247c7c7a12d2c

SHA512
5443978ae54ec4bf2b1c7becc8b78ee81cd7b1d6aac81954872c9aba72ad35d0c5d394cd1cb05dd50bd02bd822a2ee4491bb7d8b1a3f3f6c1bcf6dbf878d9b9b

Download Submit
\slam_ransomware_builder\slam.exe

Filesize
863KB

MD5
943fd81cb3cea9f5904b5d5b49c10c78

SHA1
5e4ab9d72977372f5f8c8228a72f2e7cf6430136

SHA256
5d4222a668de355f39f1408ce3b07614907d6d2866002c024409b91cdc73a060

SHA512
fbdd5ce1c3d30b38b4608fb9c75ccb74f222f42240ec42232699e65f9cbb50642010f6605af6f7dc9d525af8e5d6f6d7968f00700c82342fd61266369ecb6964

Download Submit
memory/572-191-0x0000000000D00000-0x0000000000DDE000-memory.dmp

Filesize
888KB

Download
memory/1084-326-0x00000000001B0000-0x000000000028E000-memory.dmp

Filesize
888KB

Download
memory/2004-213-0x0000000001230000-0x000000000130E000-memory.dmp

Filesize
888KB

Download
memory/2216-0-0x000000007406E000-0x000000007406F000-memory.dmp

Filesize
4KB

Download
memory/2216-124-0x0000000074060000-0x000000007474E000-memory.dmp

Filesize
6.9MB

Download
memory/2216-2-0x0000000074060000-0x000000007474E000-memory.dmp

Filesize
6.9MB

Download
memory/2216-1-0x00000000000B0000-0x0000000000574000-memory.dmp

Filesize
4.8MB

Download