metasploit | 551e815844958ea8e208775ebc5fd8e8de97d743e20fe24b63bdbda1414fc98a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe
Size

4.1MB
MD5

8822b510c7a6084e481376ed48e8e074
SHA1

c092ff067deeadd5a1b8d9d67df959b45a6dd389
SHA256

551e815844958ea8e208775ebc5fd8e8de97d743e20fe24b63bdbda1414fc98a
SHA512

a538e18a0cdda3f2cc37ec702a1833eae1038cb370d1538d911718e1c5a459aaf377e349670ea069295b71b72dc3bf4a0d60fe601c70554bd52e660826e6cb6d
SSDEEP

98304:p/IfWQ2qr04vMLOMzHZ/R11zg/e0cJcX2UbCS/2wmrh3yj:cWQ2s04Gj1n1zgngo2ohmW

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

172.16.4.78:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Executes dropped EXE 1 IoCs

Processes:

ruby.exe

pid process

4132 ruby.exe

Loads dropped DLL 12 IoCs

Processes:

ruby.exe

pid	process
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe
4132	ruby.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe

description	pid	process	target process
PID 3856 wrote to memory of 4132	3856	8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe	ruby.exe
PID 3856 wrote to memory of 4132	3856	8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe	ruby.exe

C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3856

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe
ruby.exe "C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\src\s.rb"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4132

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe
Filesize
34KB

MD5
1d4086a99fe43e7eb6a5ae131c6c13e4

SHA1
d307e3e9738ad8d2a2ccb04e3125eb45d7db1e57

SHA256
b7237aea5c4904e77005cf197aeb2c3c44dced2b1fe181cb383b6ca1914b11cf

SHA512
8a633103ef44142dcdb8bb444160799144b715aa61a670982b709916feb7b81125289ce358731a581563253be78586739aa42974b5f75c315b42822765270981

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libffi-6.dll
Filesize
33KB

MD5
835b9252cf84aa654459ee3b7d07e824

SHA1
89bd2b8cf4bebfc08a660520253ae097ba40d2f6

SHA256
077ed959cd9ab1bf8f9e2ed248a0cb6492a18fd2ba283f52896125412ead121d

SHA512
19d60efb0ed2c73707396627f95d46c7d2a42855a58f0a29d5ce2c9b143c4297ff02d96b83761bdfe3045a1b4ffa6351275760920353c3bdd0829eaef07f8cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libgmp-10.dll
Filesize
496KB

MD5
14af514dc727e7be54bb9ab4b100dd9f

SHA1
7534ea8c9f83629fc4306275cae6bd09497ef3e5

SHA256
4cd0caffe0c6c306f12416b8c5186c9be1d70d17b2d89e8c99f253bda4ffd2d8

SHA512
e38794005bc283b8d445a0dd0ad285be8c7ae995bca3471311b1fdacdd100ccf83c1bf1783c2a3a5b9b68a064fa0c270281357c863a7d10c1f3964d31255ac09

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libssp-0.dll
Filesize
20KB

MD5
348b64400aceb6edb2aab9ca73c8febe

SHA1
f36a5a53acaa98df73a48c5cd3455eeb190aeea8

SHA256
e89577f3472fa1c3eda963649f823d322b0809ab7a76e9234b1bc09ad3ec9aba

SHA512
6ec614ecfdde9866768c4b1818a6956fe162d52472ed9e11bf7705eedcec55ac89c01bcdd920c7a6125c5d6243085f76f35f475d110814eeab3d7ccc25caa246

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\x64-msvcrt-ruby270.dll
Filesize
3.7MB

MD5
60273096d6eccdd6d41ac4b346d88295

SHA1
c62c4a732de35427c81971ab1a338e8b09c56c02

SHA256
94f9f7ada34e0e38e5a1233a3ca0fcb77217025705044322f8a36ddb26484720

SHA512
7e2c7797ca1ea9cbe87c422862590b9c1c032430c03033cf86f15c7bdcfd6228a8084f4364156e668340380cbe9495d68132f50f0e55b4af9c8d8324262386a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle.rb
Filesize
1KB

MD5
9c3ce5c157180b6d65142465e093a877

SHA1
39fdabbcf598534a73bbbf5223d0d5570956909a

SHA256
d9f8894c029a2217fc368cb6fe26e11ea32270bdc98a68f4a0b33b8d1b55696a

SHA512
59cb9ce10144244b5ee275f29d5471bcb1156f22de69cb15a7ec8f18c32c1cbf0661034bf5e4dd1f226f03c58acb45d9cabf8daa1d7a026015718167af5a4edc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\closure.rb
Filesize
1KB

MD5
7bfc132c5b14d097ab0a7895c51ea1bb

SHA1
53c98f24d0b6a7329ffc0590f8051dbe1a7cffa9

SHA256
762b117a58851789e4a5f3871bee97f453e04a1afe64e91c1937737427f418f5

SHA512
4e155979a3d1b64980700fbcc0e1921f253f90394b76825472f29dc2575d746748a22767edd248c011bf796e47d74ae71f8b9feda863d2b8362ae35ee467b07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\cparser.rb
Filesize
6KB

MD5
e562e1a1ac9df9fc441b719a27f9f06a

SHA1
db768e7e752a5b5f994617cbdee2ba3b464d2b35

SHA256
7dfbb2e84e823cca56990b43a9ac0ff2a04726d28d04d5a04aef90c11874bf42

SHA512
01b50f4517c5b8eec042797fa134114038bf9f3b47f1ade18b61fae3f899c70b4bd345137deb91c8a374093b48e37410baefb16bb6dd4c0a3e8ba74c051fc227

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\function.rb
Filesize
323B

MD5
41a60a7a73897b9c535ff865df330535

SHA1
9998cdbeb8c520b8040827b864e10ceff7db1a4d

SHA256
65524bcf2d69e3f7053aa476286f011f0523c6efe0ea6f5f3c373d9a9a2de5aa

SHA512
b59a568fe258ed849c3e0108440e2744aeb08a1d57c552d7137dd1ddc5f65fecf379a78820116355a73875ad8ea6a9acdf2564a1ea0da7e2dc4524037e8e9ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\import.rb
Filesize
8KB

MD5
c9617a78af3bbf84e0609ed09f56762d

SHA1
81a9df16ee4a903d66d090616af5e5d6d43bb40e

SHA256
503d19010cacff71ecaf0789a8e24db7c87900b829829a20f24273df3950d829

SHA512
a6e5950eb4ee22bdf909e99932b6ecf20e628c0941f10d39430b2b3db24577bf97f92f1d21673ed3321cd8573c43586a5f2527d6f534e4634a7e02cf4c651615

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\pack.rb
Filesize
3KB

MD5
1626eaf5907bd50189270d2412ccf8f0

SHA1
4f2db70363ec164870b25688fb79262c5e8c73b6

SHA256
134df1991cffe2ef273501001dfa077a7f6cae38f44b05d8aeeb2ce79f0c83c5

SHA512
a0c2d389bb001fb1e8d21f9b27eff494c346dde68799fe8474309a8f96df5cf78fb12fc71947cec61ee8bf1150ffb93c1a55f0912fabfe6eaba2aef0c49fe524

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\struct.rb
Filesize
6KB

MD5
96ddd98bd209f77784b0cd05035cc609

SHA1
3c2d1826480512f305218c84bc81243ea52b9749

SHA256
429f8525491e40c710b91ede8230aa7e1647f9d7eb66ace9d9e6a6c7532b6e7b

SHA512
2e7b4b8f49cc21e1040f33c39438cd0d15ee8adec50704ae98ded34b97a4ba15396b86cf56705c72ecc105acf0ab75c96fe0744d83209e10e22c9e3c16321088

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\value.rb
Filesize
2KB

MD5
579211c8d18ae3ca4be6984b84b3364b

SHA1
1271a8fa314f486b83f13917bef6bef57e653381

SHA256
af87eaf3c40a33c856d86bbbbc5faa8adcff5d68efb0850125b44579c54dcd90

SHA512
5e4d3519bed852385512ac406b0ea87cb3efcc3e6caa7deb42e856919c6b8a740ce187a5177157bc96d5b1466d130f3fe61f2961899b3830e10f6a2bd6b91bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\monitor.rb
Filesize
6KB

MD5
183f668f5f7c62b8bfebef6e161d214b

SHA1
0ca202b66773e1603789d82a063cd71852c15ca9

SHA256
131ebd0c23b46f28b2b8c03bb8c6b3aa917253cb2beb50616acb9db77bad1fd7

SHA512
486041917ff40160e1b76a60411af1c4dd0c4169ec9283053cba56e001766f60bb36f4cad000088675d02000ec8663712597f6456f07aca213901255525957d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems.rb
Filesize
36KB

MD5
0a7d865c3f3359ccc03148f355b62a7c

SHA1
aa3caec2b86663c2383453f41262c69c3b669382

SHA256
1e88c4ab8ca95ca7bdad87492dc14c7db87a773c97280c59cc9c75fa0a14d2ed

SHA512
7aa0027e960de8a631726f46bff97ffc5383c6ea5841abf1e590c5748d753d49713c8a42837feea935e6b1faf318188d26804f3c61fc64f34825d39d55ed681e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\basic_specification.rb
Filesize
7KB

MD5
b4522ab1407d553a8e36a5bd399a34f3

SHA1
0812510e8cf65e6c098393604dcf50bd87cf5bf8

SHA256
c85f0a68d809ba4d9149030c9b4772866aa308439627c52a6dde59c4baaa2ef6

SHA512
64b149f412c9a60adf576df3f5e4540b2fdbea85c9b758132c0bb4c699d88ac55820d44d2e547da5192371eff4b530577cd4d925cde521da196fac2c8c56d93e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\bundler_version_finder.rb
Filesize
2KB

MD5
303146d58e435dfc4a9889de73d8ddcf

SHA1
a5600ea7af439c7753c72379a50e36e43b161881

SHA256
fc8bd1eee633a4e6d0f3b379c30dede3ac7f5facc31db64f173b5859b99e5750

SHA512
d072c475a5eafab9a3d9b02c7cd60f461580c3430c48c40baec61189903a344486b84712413c00c62f11ba8a6c8f02fe7259bcd70d2f416f5b4f369aea2da114

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\compatibility.rb
Filesize
1022B

MD5
e8c22cd05733bf2b83b2f6fa5dbb91e2

SHA1
faea7125201edf6bba824c5d92fccad2a2d5b8cf

SHA256
b3b9fee9805a8d5746cfb0b47ba02b53f252b1cac33817b2fc18a9cfc46a00b6

SHA512
3f5cb60bff31560f19d0e63fb3ef3c1afe0b7c96b53ed21f1f38dbcf1c7171ae6e317c2e3fc802b4acc54c954aa963d8834fa2e044a4aa1753d27595c44474a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_gem.rb
Filesize
2KB

MD5
83f430827fb3bc1c63217e77310aaab8

SHA1
0cc11fcf5f4d466c3f8eef06d9632685646cbd48

SHA256
d856f91e8d9e96fea9749d22d222199ea9be55130956c952e170e7fedb8dcfb1

SHA512
4130ea3f711e871e1eec60b27a503ec413ae652c21118c2130a3688109ed2ff729e79bef4ef1166bf8759f552d6f5c766e84a1bcefec10ffd5be30245f1a5771

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_require.rb
Filesize
5KB

MD5
e1d2411ff966da362c3156a1b8c9cc01

SHA1
ba4bcf1c7746617758895dc203ca24fe614f7d75

SHA256
7ecec37e67f6cd1fe8bdd8ce98dc1e2afd4cc9f0b7ba7614b2e430800f021e84

SHA512
d8349fc5e078f76927d0e36d1b9efabce5a06962613eac2f27bc5080342a647d4fc92054d3f41ea2b84d0cede724a919fa4223ef42b0db767daae7b1b1f772fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\defaults.rb
Filesize
4KB

MD5
ca5a6648b55a28b2ebd954a2ad83458b

SHA1
1731162a8f3e3623392b9268a0ec464632c372b0

SHA256
6a06031bd03ec6c97db6625018e719b2ce5a338523c54bb5700d1439715e3a60

SHA512
6360bdb3e74569829f7df41d270fcf570e6690e31b190c7c82d21e32ad60f83919eed0d58b506f0841734f9b8673dcff461aaa3e99a76b62f8c117ffecad8752

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\defaults\operating_system.rb
Filesize
831B

MD5
baacc7158dbf26f04d7f54eb2948457f

SHA1
11ec25e8c28d3f001846e5994dd1c1fd3280d33d

SHA256
f401974bcb3d7da2d34e6943303c1f680d83ac1c200a670e5b791f16e2f926db

SHA512
7196df9f199f98132879747bda7faf6d085b0cdc45e7565e8852f85969fa8bfdac898ca99bf98284eca9f9e41cea5171b3b9eaccb01ec9d4dd0d26f3ce4b7380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\dependency.rb
Filesize
8KB

MD5
7aa17a8d863a2294c42a79241779c2df

SHA1
639a04890d4ab264fd4f9673b06d99b5a161fa7c

SHA256
1576fac336da55b8333b77ba48a0c9ba3597f48aaf978fae813970403dbc33b2

SHA512
61843571637f8bde4f9faa0303adc58b9837fa61c5d7cd577f6366712c27dcc9dc8d6cea2efe48846d8b12e9ae4efa3fcaa60e12856179a1abe4c20572e6b205

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\deprecate.rb
Filesize
1KB

MD5
757890f88cc989d45a0922fafa8bd2ef

SHA1
d2ce6a889d1232b13cf6d25f945d2465a9b7750c

SHA256
2a3a061d35146eeef608ac639f7bde7d34f8bb4910f6cdb0abd04301222252a6

SHA512
66eb85444d93c23c2b77fe0dddbe511eba7dd9a587053f7b91fae3b92f0efa913e794ee51b85749e2f7f175d867a39b10ffb9eacdb4f57b8f7ef36d08b8eded3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\errors.rb
Filesize
4KB

MD5
09a2e7f44cdbaf9dc5425a0833b1b010

SHA1
2736a71e9206842e2adef9d3dcb769b38bb457b8

SHA256
56805e89aea909d86082f6580cb87a0cc99dea492ccb90dcfc66fdad8aec307e

SHA512
7e200acb43581681fb849a7af7b029a2098deddb315718e243364a3b61b956566c6af0f98139d3f920111e1603df3e6d1cd315568fda36811bebce68f539e4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\exceptions.rb
Filesize
6KB

MD5
a8ffa910114e8339628be9ca152f8b6b

SHA1
b9bbb6927e986facc06370cac25674724f8df307

SHA256
f2ae8beaf0a8d4c62f4bc1c75619c905ffeba341975abdc1f8964f2aac169db6

SHA512
5f86f7380b2e622d17784ba5938f82c26f3754c5e52f7eef6770089a7015b5a831c1b67a3cd49f5aebe50c38eb70ba02d1f090998076c155f802a38a20fc9b67

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\platform.rb
Filesize
6KB

MD5
12d6239c5ef70b6eb70f07dd7dae2989

SHA1
234d847344a15781ba0f844244b10317ff9fa704

SHA256
ea2eb806532e8d7f8961757091fe441e92400c55a896e8b5284ed046f9c1b6fb

SHA512
bb61b653ab80ce577b2eeda8c2a36253936afaf8a7be391b7cbe81a4aa2ac9a9017571cecf0b5e986309bda85bd639b3cd7a11608e95f676bd478f66616e98d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\requirement.rb
Filesize
7KB

MD5
024e2803bd7b4ba00d96f993e0ec7043

SHA1
3dbd0ec6b7207f6cf98af3484d9d87a4fc825c2f

SHA256
099ac94db014715e7d99b96a9b2a81cf0957f49465cbe615bcec23d082d80623

SHA512
08144a8ce98a63fd2a98819afdebd801e746211e5bfaad94df51c4e01e2798c6d0864ab7aee424750d3f1ed5862096da6d39c9cdd40709b51dacdd45ebdba63e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\specification.rb
Filesize
70KB

MD5
5cdc3c75a42e6ee697c50f69af9cfc24

SHA1
8162e52ad5943f4058766fade4999459bc224fc9

SHA256
e3bbf666100c5f532b26144496d935ca8fe7b41dd435f3f26d32a61b4d29349c

SHA512
cf9cd42aefe42966f25281ea453c97c9c337c6f2d423a42a7f29c90478622059e7c8e01b8b8e11fa98d5762615d58114041771bdca99cd20ba1ee346f86a343d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\specification_policy.rb
Filesize
11KB

MD5
45ed5d90f507057e7ab19e24d15b386e

SHA1
ba38f977ec58c9150d4ab88d80245fda25d50559

SHA256
255efd9d1ee151dc59b1abf765e6e607b4082b73d901893f2bf1d22bd2aea98d

SHA512
b90acf4fffaa0c5cdf84370c91855ce5f69a48928f320b5b97285edc600be8e29e96eee5e9c0f35beb73617b1f782816472d6297f8f84788b5eb0b60494119bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\stub_specification.rb
Filesize
4KB

MD5
b1de0e1d1b189f771cf51e16c484f655

SHA1
f7c7007a636b37a5bab68ef5a78a7745a04bda09

SHA256
d0cec174fc52efa4a906bc9e7dc260b38cd6a0bcc506ffd4732ed7914ff62f80

SHA512
73aa7dc499c276064342bc0d97d307036d07e02389b5a4e74d233735c0512e7b24e0623816310beaab6434c2b3823da7f344a1498dc10ae9cfbc1d5c85fafe3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\text.rb
Filesize
1KB

MD5
71371ed0065b6bd98e4b611c25bcfa86

SHA1
b2cfe18f7499fc55c3caeb60d544fb41b48fdbab

SHA256
4002a46e5e570a1ec145266dc84b7e2d3953264d223d0965ab15a1fc3b1706cd

SHA512
87e6b1a11cf16a6340e2719e4eb8ed38daef3c4f160cb44dbd5590c0fdfaafb7f05ca9ae844676fbf29aeed9eb544a113421a02c5d742576d89cbd0806ae0f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\user_interaction.rb
Filesize
13KB

MD5
53d4a675a926619ae02ebca4c23e8bba

SHA1
f8c0ce82bf73f1c11a869fc564ff0ae884bc7f57

SHA256
be3b5e8bcbb480fdc1134c1a65461ce158220053ae6f77580b1c7af057c1faf7

SHA512
f15b9e8532b66634b7b9ab926feca252a162839db34db1367aaa1424c6b98e598feb01d8cb6d6b8bcda041899f7be8165e5edca5fc1b83e859161132967e93f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\util.rb
Filesize
2KB

MD5
815f3f0244055b3dde74b712c9c24862

SHA1
eb5c9dfaec1463a98839982829c801aa000d657a

SHA256
e78aafe5d46ed2c0f58f398343cc64ef85a7317ebd5ddcca2064efb27ded65eb

SHA512
839c1330131617f86e9b092e1d10cdbb01f702799b52122e85555de1eb2c58e73e1ee5fe42e9a9ef9c1c59910cf4573d414a545d87c8aa196299d21d5afaf6ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\util\list.rb
Filesize
587B

MD5
f31d88f42431dc856aff7a90937fc984

SHA1
ae5c93bc784bce4b2820844883d74e5c86e2f0e2

SHA256
a88fae8bdbf33dfbbcc81a1914dad4609666379f838c53ba5c8fd487c07a9aaa

SHA512
8d15766ef0661d68be2b912d76af8568b0fbede0e3e9e38de2cdf213ea18b4fe115905f957d7a6329a7d6bd4daaf587a875492308e519a24f04e9f584cf956f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\version.rb
Filesize
12KB

MD5
cda12b68bec9096eb94304bf62ef87ac

SHA1
f839cb1f69ced1b3db3cedff190b72e834693e6a

SHA256
10b1ebc52f26afe93a5db1c0fd593e07ef6fbbb4f43139986bbcb27b30a229c7

SHA512
7f8c2e263bf472ae86ed435e0b375fd5710aad7f5b356f7f99d739c4f464fdc688830228c77f08318327269b801defcae0f93bb692b0ee4fa5e11ae9347d87f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\win32\importer.rb
Filesize
129B

MD5
d41aa7db5d0bdaa95b433bd1cc76b7a8

SHA1
e7d3778751ce7fca79b52049a990c829f1ecc035

SHA256
c83d80c59eb880115ee43f8ff950c87614935949df9918e58ed490385f9eaa96

SHA512
672ae5c966583c849076cf57d37a6b1880c2c9ab3b7272517246cb609e8779094573f4dffd8da296dc7120b1d513d499c28d369dfb0e7fae9c0416f26fdce3ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\win32\registry.rb
Filesize
24KB

MD5
88230342d98e69aebe0b719fc31c273c

SHA1
2877119e25f362de0d9d0c461ead1829fb5e7d1d

SHA256
960372fcba6e3fdf6710f7fcd9cff49a0c9ef1d58a814b99773a236b8de01e61

SHA512
89e2c0e7d46b0b88cdc844d1d838cca23400a68d6e45abccdb2f8b226876e6dd0f637250c0a8106c110b0ae5603db784781e55d4c87c07d1f5e588ac29bead45

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\encdb.so
Filesize
20KB

MD5
8f14107d575b15e7b8f4ed9881a85b02

SHA1
778b126a232b5f56726796e9aeea3e137837791b

SHA256
39a104b33c2408926704db8fcb1783e169d7b9827ba61c148fca3d0ee63c31f9

SHA512
c0f15b4ef79143caae14a639e6c799c6d0e1e35500d8c74794def600846a4d516aac9c7b119ea3b29d1e192f64ccb71e6d2ec83d9ca88c65b09f32600b4747cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\single_byte.so
Filesize
110KB

MD5
400badeea2973f73d86bffe0d361e61d

SHA1
2c9732f6c3d00678115ca937c616bf39b2fab293

SHA256
567fe90ffe730cc6373d250b41505c1aca2ebd1fc109c793fd8203088abfac30

SHA512
9d8f21b7b0fa3c133886904333817b8aef4f7568097da0100a1ba2b353ae3751a5247ed0b5a1904d4e96c85760d5a5b0068cd954dd7bd1479769a796cfa38e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\transdb.so
Filesize
22KB

MD5
fcb51215b3798009b609b12205fefe50

SHA1
0629b67b6f280f40bf5edd16992838099211c00c

SHA256
acdf1218a2c624c543ec47bb44e83b4586b2ebc0b2bc05be2f3bb88aafb0807b

SHA512
91fda8517e82bc1d0dada64fa2b75309a092b7a58b837a6cec4982a74a9fefb863ee3e56ddedda98d7143315ff719da255d1f34757dc1c1db6a5e1485975354e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\utf_16_32.so
Filesize
24KB

MD5
19cc9a04f0c0c7898243f6f52552fe45

SHA1
232427ed2d305c52d6b5baa0b2f77c456155f756

SHA256
1325d23b9ef22e5d4108443f769b5ee2efd347e0386b41001eed50a9fbeb8605

SHA512
0e0e9d55939364723793320667dcc7a76b472dad20dbcc3fcd71d12d946f53e73fee7adef51c0a88449eb7aea7db00f30748738da502d9f9af8dc465a631e18b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\utf_16le.so
Filesize
17KB

MD5
930e5ffa3cc8799fbdcbdd7f60cc5395

SHA1
6d2662fcd209db413671d8576b9d5f0b3c91d233

SHA256
e9e733d7dea9072e2b5c62307a5a9003eba36f7130a235d859a62d782b3fb70e

SHA512
2a3cee8c784ab88db3d2e0bd5c4330f66cceb473450386c9556950722a6d12e88897a007d8e6f3729d2e297e9a54462971a8ea2020d869de2c410ed613f99be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\windows_1252.so
Filesize
18KB

MD5
08de6e4ce2b40bae5d7dc036464bf03a

SHA1
fbd98559b4c9863e5cd9aaf8fbb1482f16548005

SHA256
6c973ea01e14a4fccccdc3c2c837014cdd98c9802504cdd6e54832a95722c377

SHA512
e1dd31945d144f551d44d042007a8050a77b4d83fb35fdd45ed8ea6bac3264ef93a82cf6a2b5453627e466f6422a50d53646f8e4061dd0f9121b76364103dca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\fiddle.so
Filesize
66KB

MD5
0921b4abfc9b22f7d86f7b0f92d06d94

SHA1
e3f452a068db070220c2321a117f3e49e2a273e9

SHA256
343a2cfecda25eed42e43ee9abf91df57b1bbaba3b93592affbd5ef07e15dd90

SHA512
9a43bec7534287850f96d210a73a55828bc7cc1179659453a330e7df69dd152f7010dd0ee43989f973b07f982282f6b14667ce6a2d6bf4230fe36951b9b10e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\monitor.so
Filesize
19KB

MD5
29cee1323cc163b11d293e08d5e1b7ca

SHA1
64fbeab597ca4b0d7684055b99cec010431b3855

SHA256
b00634854a5d1585ea1030e6d3df75ec1297430b968836dbb8dd213ad11a0a8b

SHA512
a424a228e28d1b6efb972dcd51b442fd68f414d1ae08dcca1a725a405acf93dcc360012734cb89d026ea85d9dd818f8ca2d5bda2c393cf2be73616319aafe11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\rbconfig.rb
Filesize
14KB

MD5
a35c7abc9949d0e42d9d27515d02d70a

SHA1
ec4980dd7fd4ed7116a879280889ac3a475600fe

SHA256
58a9a73ef0811c0075952f914aa29c951dfaea1ada196d6e5b1b4235a8d20954

SHA512
6fe6b57ffadb04844eebb26bcd73825397b416217153ae14370c2232be5b1e0dddf68cc379832b14715502c35bc9030f0b4fb6f9767f3e2fd3d832dbaa0098d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\gems\2.7.0\specifications\default\did_you_mean-1.4.0.gemspec
Filesize
1KB

MD5
a66d151f6a3c2e6d127d67febdc20c9c

SHA1
d96fc97b970abc856383f06b3e7be1b72fb097ca

SHA256
ee1668ab0833aab0f8a9a677bbc665215a810df6c27f679456d9170bd63c064f

SHA512
54c805b2eef5b147579838c4df26752f6f0d5bb6d26a8c2377db22e0fdf72d0dfc00d1ffed5dc614199926e9efca950bbd297f274ebe74df990e4f0eebf9195b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\gems\2.7.0\specifications\default\uri-0.10.0.gemspec
Filesize
1KB

MD5
f2fa0e291b04f354cc3213d9fbdebc5b

SHA1
1ce80104790da350b7af57cf450eb1a4924df614

SHA256
3527a7ed65d80d49285e6727e17dd3b14398698988d7f0a45b74b1bcef6574d6

SHA512
89ad96b8e86a65fbfcbdac761f8d2c87291144c287e070d88f2a48630a809cdaf02714e9e082eb1179b67a97a122fc838c214551431d11c51c8655d661380a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime.rb
Filesize
656B

MD5
f6fce892fd2c017ac539d57788c1d290

SHA1
86eb21d2796472643c21f2533df5dafc2506f852

SHA256
efd97ee568b0805e33ebdb291b2a021d604e462eca185073228003f8e01704a4

SHA512
046475b4f5cbeb7f81df69daa90bae0ce88cb7bd2ad872d1aadf2255ed65fc7ac788771ba0cba14eb047a4437db5f0c3828408b6bb91bf52ad1c362d6366caa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\dll_directory.rb
Filesize
3KB

MD5
f893a4b2323b0c534be077c38b815d6b

SHA1
afb77998a056379442ef33f3681832fded82ba73

SHA256
7d59dadf00884fe69be1f19cae77ff7a34d1ce11e52b1b311bd885daf09979cf

SHA512
3eba751fa4be94ba46f9fea49df767e25f541896e305a643b9dc70c1466841a02508142f4835b7d8261730497cd2a49ab92c5e3c4e78dc043bd42abb0da563f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\msys2_installation.rb
Filesize
8KB

MD5
0be6f804099682a5f9d1aa3cb0138959

SHA1
610ed3402a723d3c383fafc0d19d196b7ddc2d34

SHA256
3d5f2fced454d7b8160cdfa0960261e957fbb5d3edb50e0407aabb26448aee0a

SHA512
47ac6166fdab89439167ff8a29d3bf0f744f05d95018198ddecf1e383d8cdba9a77786560e6680bc7f956f6644b9350e3277e7be5f8c3b1b7cec4f448a0d281f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\singleton.rb
Filesize
1KB

MD5
3b73b2fa06660d2cb63f702095ad4d28

SHA1
5e0cc47bea55758fbbafba4768808ca5b0ec1762

SHA256
9b84fe45a22e2336dcfe56d4018e37cf84bd4d8a01f4226b8804ff3f72dd99b0

SHA512
53568092aa6526e9a2077b94efe06937022c0a2c0459c4f3131787b5c7b508d2fe2df1cbc1222c9ab8f7a6703ff9e83138e3b6e2732e6efc75e161e268f42909

Download Submit
memory/3856-1487-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4132-1500-0x0000000065AC0000-0x0000000065ACE000-memory.dmp

Filesize
56KB

Download
memory/4132-1496-0x000000006B740000-0x000000006B750000-memory.dmp

Filesize
64KB

Download
memory/4132-1489-0x0000000068AC0000-0x0000000068ACE000-memory.dmp

Filesize
56KB

Download
memory/4132-1486-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/4132-1499-0x000000006A340000-0x000000006A364000-memory.dmp

Filesize
144KB

Download
memory/4132-1498-0x000000006A400000-0x000000006A40F000-memory.dmp

Filesize
60KB

Download
memory/4132-1497-0x000000006E6C0000-0x000000006E6CD000-memory.dmp

Filesize
52KB

Download
memory/4132-1488-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4132-1495-0x0000000063D80000-0x0000000063D9A000-memory.dmp

Filesize
104KB

Download
memory/4132-1494-0x000000006D0C0000-0x000000006D0CD000-memory.dmp

Filesize
52KB

Download
memory/4132-1493-0x0000000068080000-0x000000006808E000-memory.dmp

Filesize
56KB

Download
memory/4132-1492-0x000000006F280000-0x000000006F28E000-memory.dmp

Filesize
56KB

Download
memory/4132-1491-0x000000006ACC0000-0x000000006AD46000-memory.dmp

Filesize
536KB

Download
memory/4132-1490-0x0000000065140000-0x0000000065519000-memory.dmp

Filesize
3.8MB

Download