Malware Analysis Report

2024-09-23 03:56

Sample ID 240531-yfph6aba2t
Target 8822b510c7a6084e481376ed48e8e074_JaffaCakes118
SHA256 551e815844958ea8e208775ebc5fd8e8de97d743e20fe24b63bdbda1414fc98a
Tags
metasploit backdoor discovery trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

551e815844958ea8e208775ebc5fd8e8de97d743e20fe24b63bdbda1414fc98a

Threat Level: Known bad

The file 8822b510c7a6084e481376ed48e8e074_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor discovery trojan

MetaSploit

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-31 19:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 19:43

Reported

2024-05-31 19:46

Platform

win7-20240221-en

Max time kernel

143s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe N/A

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe

ruby.exe "C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\src\s.rb"

Network

Country Destination Domain Proto
N/A 172.16.4.78:4444 tcp

Files

\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe

MD5 1d4086a99fe43e7eb6a5ae131c6c13e4
SHA1 d307e3e9738ad8d2a2ccb04e3125eb45d7db1e57
SHA256 b7237aea5c4904e77005cf197aeb2c3c44dced2b1fe181cb383b6ca1914b11cf
SHA512 8a633103ef44142dcdb8bb444160799144b715aa61a670982b709916feb7b81125289ce358731a581563253be78586739aa42974b5f75c315b42822765270981

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\x64-msvcrt-ruby270.dll

MD5 60273096d6eccdd6d41ac4b346d88295
SHA1 c62c4a732de35427c81971ab1a338e8b09c56c02
SHA256 94f9f7ada34e0e38e5a1233a3ca0fcb77217025705044322f8a36ddb26484720
SHA512 7e2c7797ca1ea9cbe87c422862590b9c1c032430c03033cf86f15c7bdcfd6228a8084f4364156e668340380cbe9495d68132f50f0e55b4af9c8d8324262386a7

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby_builtin_dlls\libgmp-10.dll

MD5 14af514dc727e7be54bb9ab4b100dd9f
SHA1 7534ea8c9f83629fc4306275cae6bd09497ef3e5
SHA256 4cd0caffe0c6c306f12416b8c5186c9be1d70d17b2d89e8c99f253bda4ffd2d8
SHA512 e38794005bc283b8d445a0dd0ad285be8c7ae995bca3471311b1fdacdd100ccf83c1bf1783c2a3a5b9b68a064fa0c270281357c863a7d10c1f3964d31255ac09

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby_builtin_dlls\libssp-0.dll

MD5 348b64400aceb6edb2aab9ca73c8febe
SHA1 f36a5a53acaa98df73a48c5cd3455eeb190aeea8
SHA256 e89577f3472fa1c3eda963649f823d322b0809ab7a76e9234b1bc09ad3ec9aba
SHA512 6ec614ecfdde9866768c4b1818a6956fe162d52472ed9e11bf7705eedcec55ac89c01bcdd920c7a6125c5d6243085f76f35f475d110814eeab3d7ccc25caa246

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\encdb.so

MD5 8f14107d575b15e7b8f4ed9881a85b02
SHA1 778b126a232b5f56726796e9aeea3e137837791b
SHA256 39a104b33c2408926704db8fcb1783e169d7b9827ba61c148fca3d0ee63c31f9
SHA512 c0f15b4ef79143caae14a639e6c799c6d0e1e35500d8c74794def600846a4d516aac9c7b119ea3b29d1e192f64ccb71e6d2ec83d9ca88c65b09f32600b4747cc

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\transdb.so

MD5 fcb51215b3798009b609b12205fefe50
SHA1 0629b67b6f280f40bf5edd16992838099211c00c
SHA256 acdf1218a2c624c543ec47bb44e83b4586b2ebc0b2bc05be2f3bb88aafb0807b
SHA512 91fda8517e82bc1d0dada64fa2b75309a092b7a58b837a6cec4982a74a9fefb863ee3e56ddedda98d7143315ff719da255d1f34757dc1c1db6a5e1485975354e

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\windows_1252.so

MD5 08de6e4ce2b40bae5d7dc036464bf03a
SHA1 fbd98559b4c9863e5cd9aaf8fbb1482f16548005
SHA256 6c973ea01e14a4fccccdc3c2c837014cdd98c9802504cdd6e54832a95722c377
SHA512 e1dd31945d144f551d44d042007a8050a77b4d83fb35fdd45ed8ea6bac3264ef93a82cf6a2b5453627e466f6422a50d53646f8e4061dd0f9121b76364103dca4

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems.rb

MD5 0a7d865c3f3359ccc03148f355b62a7c
SHA1 aa3caec2b86663c2383453f41262c69c3b669382
SHA256 1e88c4ab8ca95ca7bdad87492dc14c7db87a773c97280c59cc9c75fa0a14d2ed
SHA512 7aa0027e960de8a631726f46bff97ffc5383c6ea5841abf1e590c5748d753d49713c8a42837feea935e6b1faf318188d26804f3c61fc64f34825d39d55ed681e

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\rbconfig.rb

MD5 a35c7abc9949d0e42d9d27515d02d70a
SHA1 ec4980dd7fd4ed7116a879280889ac3a475600fe
SHA256 58a9a73ef0811c0075952f914aa29c951dfaea1ada196d6e5b1b4235a8d20954
SHA512 6fe6b57ffadb04844eebb26bcd73825397b416217153ae14370c2232be5b1e0dddf68cc379832b14715502c35bc9030f0b4fb6f9767f3e2fd3d832dbaa0098d9

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\compatibility.rb

MD5 e8c22cd05733bf2b83b2f6fa5dbb91e2
SHA1 faea7125201edf6bba824c5d92fccad2a2d5b8cf
SHA256 b3b9fee9805a8d5746cfb0b47ba02b53f252b1cac33817b2fc18a9cfc46a00b6
SHA512 3f5cb60bff31560f19d0e63fb3ef3c1afe0b7c96b53ed21f1f38dbcf1c7171ae6e317c2e3fc802b4acc54c954aa963d8834fa2e044a4aa1753d27595c44474a1

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\requirement.rb

MD5 024e2803bd7b4ba00d96f993e0ec7043
SHA1 3dbd0ec6b7207f6cf98af3484d9d87a4fc825c2f
SHA256 099ac94db014715e7d99b96a9b2a81cf0957f49465cbe615bcec23d082d80623
SHA512 08144a8ce98a63fd2a98819afdebd801e746211e5bfaad94df51c4e01e2798c6d0864ab7aee424750d3f1ed5862096da6d39c9cdd40709b51dacdd45ebdba63e

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\version.rb

MD5 cda12b68bec9096eb94304bf62ef87ac
SHA1 f839cb1f69ced1b3db3cedff190b72e834693e6a
SHA256 10b1ebc52f26afe93a5db1c0fd593e07ef6fbbb4f43139986bbcb27b30a229c7
SHA512 7f8c2e263bf472ae86ed435e0b375fd5710aad7f5b356f7f99d739c4f464fdc688830228c77f08318327269b801defcae0f93bb692b0ee4fa5e11ae9347d87f4

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\specification.rb

MD5 5cdc3c75a42e6ee697c50f69af9cfc24
SHA1 8162e52ad5943f4058766fade4999459bc224fc9
SHA256 e3bbf666100c5f532b26144496d935ca8fe7b41dd435f3f26d32a61b4d29349c
SHA512 cf9cd42aefe42966f25281ea453c97c9c337c6f2d423a42a7f29c90478622059e7c8e01b8b8e11fa98d5762615d58114041771bdca99cd20ba1ee346f86a343d

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\errors.rb

MD5 09a2e7f44cdbaf9dc5425a0833b1b010
SHA1 2736a71e9206842e2adef9d3dcb769b38bb457b8
SHA256 56805e89aea909d86082f6580cb87a0cc99dea492ccb90dcfc66fdad8aec307e
SHA512 7e200acb43581681fb849a7af7b029a2098deddb315718e243364a3b61b956566c6af0f98139d3f920111e1603df3e6d1cd315568fda36811bebce68f539e4c8

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\deprecate.rb

MD5 757890f88cc989d45a0922fafa8bd2ef
SHA1 d2ce6a889d1232b13cf6d25f945d2465a9b7750c
SHA256 2a3a061d35146eeef608ac639f7bde7d34f8bb4910f6cdb0abd04301222252a6
SHA512 66eb85444d93c23c2b77fe0dddbe511eba7dd9a587053f7b91fae3b92f0efa913e794ee51b85749e2f7f175d867a39b10ffb9eacdb4f57b8f7ef36d08b8eded3

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\defaults.rb

MD5 ca5a6648b55a28b2ebd954a2ad83458b
SHA1 1731162a8f3e3623392b9268a0ec464632c372b0
SHA256 6a06031bd03ec6c97db6625018e719b2ce5a338523c54bb5700d1439715e3a60
SHA512 6360bdb3e74569829f7df41d270fcf570e6690e31b190c7c82d21e32ad60f83919eed0d58b506f0841734f9b8673dcff461aaa3e99a76b62f8c117ffecad8752

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\platform.rb

MD5 12d6239c5ef70b6eb70f07dd7dae2989
SHA1 234d847344a15781ba0f844244b10317ff9fa704
SHA256 ea2eb806532e8d7f8961757091fe441e92400c55a896e8b5284ed046f9c1b6fb
SHA512 bb61b653ab80ce577b2eeda8c2a36253936afaf8a7be391b7cbe81a4aa2ac9a9017571cecf0b5e986309bda85bd639b3cd7a11608e95f676bd478f66616e98d7

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\basic_specification.rb

MD5 b4522ab1407d553a8e36a5bd399a34f3
SHA1 0812510e8cf65e6c098393604dcf50bd87cf5bf8
SHA256 c85f0a68d809ba4d9149030c9b4772866aa308439627c52a6dde59c4baaa2ef6
SHA512 64b149f412c9a60adf576df3f5e4540b2fdbea85c9b758132c0bb4c699d88ac55820d44d2e547da5192371eff4b530577cd4d925cde521da196fac2c8c56d93e

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\stub_specification.rb

MD5 b1de0e1d1b189f771cf51e16c484f655
SHA1 f7c7007a636b37a5bab68ef5a78a7745a04bda09
SHA256 d0cec174fc52efa4a906bc9e7dc260b38cd6a0bcc506ffd4732ed7914ff62f80
SHA512 73aa7dc499c276064342bc0d97d307036d07e02389b5a4e74d233735c0512e7b24e0623816310beaab6434c2b3823da7f344a1498dc10ae9cfbc1d5c85fafe3d

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\specification_policy.rb

MD5 45ed5d90f507057e7ab19e24d15b386e
SHA1 ba38f977ec58c9150d4ab88d80245fda25d50559
SHA256 255efd9d1ee151dc59b1abf765e6e607b4082b73d901893f2bf1d22bd2aea98d
SHA512 b90acf4fffaa0c5cdf84370c91855ce5f69a48928f320b5b97285edc600be8e29e96eee5e9c0f35beb73617b1f782816472d6297f8f84788b5eb0b60494119bc

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\user_interaction.rb

MD5 53d4a675a926619ae02ebca4c23e8bba
SHA1 f8c0ce82bf73f1c11a869fc564ff0ae884bc7f57
SHA256 be3b5e8bcbb480fdc1134c1a65461ce158220053ae6f77580b1c7af057c1faf7
SHA512 f15b9e8532b66634b7b9ab926feca252a162839db34db1367aaa1424c6b98e598feb01d8cb6d6b8bcda041899f7be8165e5edca5fc1b83e859161132967e93f7

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\util.rb

MD5 815f3f0244055b3dde74b712c9c24862
SHA1 eb5c9dfaec1463a98839982829c801aa000d657a
SHA256 e78aafe5d46ed2c0f58f398343cc64ef85a7317ebd5ddcca2064efb27ded65eb
SHA512 839c1330131617f86e9b092e1d10cdbb01f702799b52122e85555de1eb2c58e73e1ee5fe42e9a9ef9c1c59910cf4573d414a545d87c8aa196299d21d5afaf6ab

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\text.rb

MD5 71371ed0065b6bd98e4b611c25bcfa86
SHA1 b2cfe18f7499fc55c3caeb60d544fb41b48fdbab
SHA256 4002a46e5e570a1ec145266dc84b7e2d3953264d223d0965ab15a1fc3b1706cd
SHA512 87e6b1a11cf16a6340e2719e4eb8ed38daef3c4f160cb44dbd5590c0fdfaafb7f05ca9ae844676fbf29aeed9eb544a113421a02c5d742576d89cbd0806ae0f9f

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\util\list.rb

MD5 f31d88f42431dc856aff7a90937fc984
SHA1 ae5c93bc784bce4b2820844883d74e5c86e2f0e2
SHA256 a88fae8bdbf33dfbbcc81a1914dad4609666379f838c53ba5c8fd487c07a9aaa
SHA512 8d15766ef0661d68be2b912d76af8568b0fbede0e3e9e38de2cdf213ea18b4fe115905f957d7a6329a7d6bd4daaf587a875492308e519a24f04e9f584cf956f1

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\exceptions.rb

MD5 a8ffa910114e8339628be9ca152f8b6b
SHA1 b9bbb6927e986facc06370cac25674724f8df307
SHA256 f2ae8beaf0a8d4c62f4bc1c75619c905ffeba341975abdc1f8964f2aac169db6
SHA512 5f86f7380b2e622d17784ba5938f82c26f3754c5e52f7eef6770089a7015b5a831c1b67a3cd49f5aebe50c38eb70ba02d1f090998076c155f802a38a20fc9b67

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\defaults\operating_system.rb

MD5 baacc7158dbf26f04d7f54eb2948457f
SHA1 11ec25e8c28d3f001846e5994dd1c1fd3280d33d
SHA256 f401974bcb3d7da2d34e6943303c1f680d83ac1c200a670e5b791f16e2f926db
SHA512 7196df9f199f98132879747bda7faf6d085b0cdc45e7565e8852f85969fa8bfdac898ca99bf98284eca9f9e41cea5171b3b9eaccb01ec9d4dd0d26f3ce4b7380

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime.rb

MD5 f6fce892fd2c017ac539d57788c1d290
SHA1 86eb21d2796472643c21f2533df5dafc2506f852
SHA256 efd97ee568b0805e33ebdb291b2a021d604e462eca185073228003f8e01704a4
SHA512 046475b4f5cbeb7f81df69daa90bae0ce88cb7bd2ad872d1aadf2255ed65fc7ac788771ba0cba14eb047a4437db5f0c3828408b6bb91bf52ad1c362d6366caa1

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\singleton.rb

MD5 3b73b2fa06660d2cb63f702095ad4d28
SHA1 5e0cc47bea55758fbbafba4768808ca5b0ec1762
SHA256 9b84fe45a22e2336dcfe56d4018e37cf84bd4d8a01f4226b8804ff3f72dd99b0
SHA512 53568092aa6526e9a2077b94efe06937022c0a2c0459c4f3131787b5c7b508d2fe2df1cbc1222c9ab8f7a6703ff9e83138e3b6e2732e6efc75e161e268f42909

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\msys2_installation.rb

MD5 0be6f804099682a5f9d1aa3cb0138959
SHA1 610ed3402a723d3c383fafc0d19d196b7ddc2d34
SHA256 3d5f2fced454d7b8160cdfa0960261e957fbb5d3edb50e0407aabb26448aee0a
SHA512 47ac6166fdab89439167ff8a29d3bf0f744f05d95018198ddecf1e383d8cdba9a77786560e6680bc7f956f6644b9350e3277e7be5f8c3b1b7cec4f448a0d281f

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\dll_directory.rb

MD5 f893a4b2323b0c534be077c38b815d6b
SHA1 afb77998a056379442ef33f3681832fded82ba73
SHA256 7d59dadf00884fe69be1f19cae77ff7a34d1ce11e52b1b311bd885daf09979cf
SHA512 3eba751fa4be94ba46f9fea49df767e25f541896e305a643b9dc70c1466841a02508142f4835b7d8261730497cd2a49ab92c5e3c4e78dc043bd42abb0da563f3

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle.rb

MD5 9c3ce5c157180b6d65142465e093a877
SHA1 39fdabbcf598534a73bbbf5223d0d5570956909a
SHA256 d9f8894c029a2217fc368cb6fe26e11ea32270bdc98a68f4a0b33b8d1b55696a
SHA512 59cb9ce10144244b5ee275f29d5471bcb1156f22de69cb15a7ec8f18c32c1cbf0661034bf5e4dd1f226f03c58acb45d9cabf8daa1d7a026015718167af5a4edc

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\fiddle.so

MD5 0921b4abfc9b22f7d86f7b0f92d06d94
SHA1 e3f452a068db070220c2321a117f3e49e2a273e9
SHA256 343a2cfecda25eed42e43ee9abf91df57b1bbaba3b93592affbd5ef07e15dd90
SHA512 9a43bec7534287850f96d210a73a55828bc7cc1179659453a330e7df69dd152f7010dd0ee43989f973b07f982282f6b14667ce6a2d6bf4230fe36951b9b10e8b

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby_builtin_dlls\libffi-6.dll

MD5 835b9252cf84aa654459ee3b7d07e824
SHA1 89bd2b8cf4bebfc08a660520253ae097ba40d2f6
SHA256 077ed959cd9ab1bf8f9e2ed248a0cb6492a18fd2ba283f52896125412ead121d
SHA512 19d60efb0ed2c73707396627f95d46c7d2a42855a58f0a29d5ce2c9b143c4297ff02d96b83761bdfe3045a1b4ffa6351275760920353c3bdd0829eaef07f8cf5

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\function.rb

MD5 41a60a7a73897b9c535ff865df330535
SHA1 9998cdbeb8c520b8040827b864e10ceff7db1a4d
SHA256 65524bcf2d69e3f7053aa476286f011f0523c6efe0ea6f5f3c373d9a9a2de5aa
SHA512 b59a568fe258ed849c3e0108440e2744aeb08a1d57c552d7137dd1ddc5f65fecf379a78820116355a73875ad8ea6a9acdf2564a1ea0da7e2dc4524037e8e9ddd

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\closure.rb

MD5 7bfc132c5b14d097ab0a7895c51ea1bb
SHA1 53c98f24d0b6a7329ffc0590f8051dbe1a7cffa9
SHA256 762b117a58851789e4a5f3871bee97f453e04a1afe64e91c1937737427f418f5
SHA512 4e155979a3d1b64980700fbcc0e1921f253f90394b76825472f29dc2575d746748a22767edd248c011bf796e47d74ae71f8b9feda863d2b8362ae35ee467b07b

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\win32\registry.rb

MD5 88230342d98e69aebe0b719fc31c273c
SHA1 2877119e25f362de0d9d0c461ead1829fb5e7d1d
SHA256 960372fcba6e3fdf6710f7fcd9cff49a0c9ef1d58a814b99773a236b8de01e61
SHA512 89e2c0e7d46b0b88cdc844d1d838cca23400a68d6e45abccdb2f8b226876e6dd0f637250c0a8106c110b0ae5603db784781e55d4c87c07d1f5e588ac29bead45

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\win32\importer.rb

MD5 d41aa7db5d0bdaa95b433bd1cc76b7a8
SHA1 e7d3778751ce7fca79b52049a990c829f1ecc035
SHA256 c83d80c59eb880115ee43f8ff950c87614935949df9918e58ed490385f9eaa96
SHA512 672ae5c966583c849076cf57d37a6b1880c2c9ab3b7272517246cb609e8779094573f4dffd8da296dc7120b1d513d499c28d369dfb0e7fae9c0416f26fdce3ac

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\import.rb

MD5 c9617a78af3bbf84e0609ed09f56762d
SHA1 81a9df16ee4a903d66d090616af5e5d6d43bb40e
SHA256 503d19010cacff71ecaf0789a8e24db7c87900b829829a20f24273df3950d829
SHA512 a6e5950eb4ee22bdf909e99932b6ecf20e628c0941f10d39430b2b3db24577bf97f92f1d21673ed3321cd8573c43586a5f2527d6f534e4634a7e02cf4c651615

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\struct.rb

MD5 96ddd98bd209f77784b0cd05035cc609
SHA1 3c2d1826480512f305218c84bc81243ea52b9749
SHA256 429f8525491e40c710b91ede8230aa7e1647f9d7eb66ace9d9e6a6c7532b6e7b
SHA512 2e7b4b8f49cc21e1040f33c39438cd0d15ee8adec50704ae98ded34b97a4ba15396b86cf56705c72ecc105acf0ab75c96fe0744d83209e10e22c9e3c16321088

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\value.rb

MD5 579211c8d18ae3ca4be6984b84b3364b
SHA1 1271a8fa314f486b83f13917bef6bef57e653381
SHA256 af87eaf3c40a33c856d86bbbbc5faa8adcff5d68efb0850125b44579c54dcd90
SHA512 5e4d3519bed852385512ac406b0ea87cb3efcc3e6caa7deb42e856919c6b8a740ce187a5177157bc96d5b1466d130f3fe61f2961899b3830e10f6a2bd6b91bf5

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\pack.rb

MD5 1626eaf5907bd50189270d2412ccf8f0
SHA1 4f2db70363ec164870b25688fb79262c5e8c73b6
SHA256 134df1991cffe2ef273501001dfa077a7f6cae38f44b05d8aeeb2ce79f0c83c5
SHA512 a0c2d389bb001fb1e8d21f9b27eff494c346dde68799fe8474309a8f96df5cf78fb12fc71947cec61ee8bf1150ffb93c1a55f0912fabfe6eaba2aef0c49fe524

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\cparser.rb

MD5 e562e1a1ac9df9fc441b719a27f9f06a
SHA1 db768e7e752a5b5f994617cbdee2ba3b464d2b35
SHA256 7dfbb2e84e823cca56990b43a9ac0ff2a04726d28d04d5a04aef90c11874bf42
SHA512 01b50f4517c5b8eec042797fa134114038bf9f3b47f1ade18b61fae3f899c70b4bd345137deb91c8a374093b48e37410baefb16bb6dd4c0a3e8ba74c051fc227

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\utf_16le.so

MD5 930e5ffa3cc8799fbdcbdd7f60cc5395
SHA1 6d2662fcd209db413671d8576b9d5f0b3c91d233
SHA256 e9e733d7dea9072e2b5c62307a5a9003eba36f7130a235d859a62d782b3fb70e
SHA512 2a3cee8c784ab88db3d2e0bd5c4330f66cceb473450386c9556950722a6d12e88897a007d8e6f3729d2e297e9a54462971a8ea2020d869de2c410ed613f99be2

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\utf_16_32.so

MD5 19cc9a04f0c0c7898243f6f52552fe45
SHA1 232427ed2d305c52d6b5baa0b2f77c456155f756
SHA256 1325d23b9ef22e5d4108443f769b5ee2efd347e0386b41001eed50a9fbeb8605
SHA512 0e0e9d55939364723793320667dcc7a76b472dad20dbcc3fcd71d12d946f53e73fee7adef51c0a88449eb7aea7db00f30748738da502d9f9af8dc465a631e18b

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\single_byte.so

MD5 400badeea2973f73d86bffe0d361e61d
SHA1 2c9732f6c3d00678115ca937c616bf39b2fab293
SHA256 567fe90ffe730cc6373d250b41505c1aca2ebd1fc109c793fd8203088abfac30
SHA512 9d8f21b7b0fa3c133886904333817b8aef4f7568097da0100a1ba2b353ae3751a5247ed0b5a1904d4e96c85760d5a5b0068cd954dd7bd1479769a796cfa38e1a

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\gems\2.7.0\specifications\default\did_you_mean-1.4.0.gemspec

MD5 a66d151f6a3c2e6d127d67febdc20c9c
SHA1 d96fc97b970abc856383f06b3e7be1b72fb097ca
SHA256 ee1668ab0833aab0f8a9a677bbc665215a810df6c27f679456d9170bd63c064f
SHA512 54c805b2eef5b147579838c4df26752f6f0d5bb6d26a8c2377db22e0fdf72d0dfc00d1ffed5dc614199926e9efca950bbd297f274ebe74df990e4f0eebf9195b

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\dependency.rb

MD5 7aa17a8d863a2294c42a79241779c2df
SHA1 639a04890d4ab264fd4f9673b06d99b5a161fa7c
SHA256 1576fac336da55b8333b77ba48a0c9ba3597f48aaf978fae813970403dbc33b2
SHA512 61843571637f8bde4f9faa0303adc58b9837fa61c5d7cd577f6366712c27dcc9dc8d6cea2efe48846d8b12e9ae4efa3fcaa60e12856179a1abe4c20572e6b205

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\bundler_version_finder.rb

MD5 303146d58e435dfc4a9889de73d8ddcf
SHA1 a5600ea7af439c7753c72379a50e36e43b161881
SHA256 fc8bd1eee633a4e6d0f3b379c30dede3ac7f5facc31db64f173b5859b99e5750
SHA512 d072c475a5eafab9a3d9b02c7cd60f461580c3430c48c40baec61189903a344486b84712413c00c62f11ba8a6c8f02fe7259bcd70d2f416f5b4f369aea2da114

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\gems\2.7.0\specifications\default\uri-0.10.0.gemspec

MD5 f2fa0e291b04f354cc3213d9fbdebc5b
SHA1 1ce80104790da350b7af57cf450eb1a4924df614
SHA256 3527a7ed65d80d49285e6727e17dd3b14398698988d7f0a45b74b1bcef6574d6
SHA512 89ad96b8e86a65fbfcbdac761f8d2c87291144c287e070d88f2a48630a809cdaf02714e9e082eb1179b67a97a122fc838c214551431d11c51c8655d661380a9a

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_gem.rb

MD5 83f430827fb3bc1c63217e77310aaab8
SHA1 0cc11fcf5f4d466c3f8eef06d9632685646cbd48
SHA256 d856f91e8d9e96fea9749d22d222199ea9be55130956c952e170e7fedb8dcfb1
SHA512 4130ea3f711e871e1eec60b27a503ec413ae652c21118c2130a3688109ed2ff729e79bef4ef1166bf8759f552d6f5c766e84a1bcefec10ffd5be30245f1a5771

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_require.rb

MD5 e1d2411ff966da362c3156a1b8c9cc01
SHA1 ba4bcf1c7746617758895dc203ca24fe614f7d75
SHA256 7ecec37e67f6cd1fe8bdd8ce98dc1e2afd4cc9f0b7ba7614b2e430800f021e84
SHA512 d8349fc5e078f76927d0e36d1b9efabce5a06962613eac2f27bc5080342a647d4fc92054d3f41ea2b84d0cede724a919fa4223ef42b0db767daae7b1b1f772fd

C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\monitor.rb

MD5 183f668f5f7c62b8bfebef6e161d214b
SHA1 0ca202b66773e1603789d82a063cd71852c15ca9
SHA256 131ebd0c23b46f28b2b8c03bb8c6b3aa917253cb2beb50616acb9db77bad1fd7
SHA512 486041917ff40160e1b76a60411af1c4dd0c4169ec9283053cba56e001766f60bb36f4cad000088675d02000ec8663712597f6456f07aca213901255525957d1

memory/876-1486-0x00000000002F0000-0x00000000002F1000-memory.dmp

memory/876-1488-0x0000000000400000-0x0000000000410000-memory.dmp

memory/876-1490-0x000000006ACC0000-0x000000006AD46000-memory.dmp

memory/1688-1487-0x0000000000400000-0x0000000000413000-memory.dmp

memory/876-1497-0x000000006E6C0000-0x000000006E6CD000-memory.dmp

memory/876-1500-0x0000000065AC0000-0x0000000065ACE000-memory.dmp

memory/876-1499-0x000000006A340000-0x000000006A364000-memory.dmp

memory/876-1498-0x000000006A400000-0x000000006A40F000-memory.dmp

memory/876-1496-0x000000006B740000-0x000000006B750000-memory.dmp

memory/876-1495-0x0000000063D80000-0x0000000063D9A000-memory.dmp

memory/876-1494-0x000000006D0C0000-0x000000006D0CD000-memory.dmp

memory/876-1493-0x0000000068080000-0x000000006808E000-memory.dmp

memory/876-1492-0x000000006F280000-0x000000006F28E000-memory.dmp

memory/876-1491-0x0000000068AC0000-0x0000000068ACE000-memory.dmp

memory/876-1489-0x0000000065140000-0x0000000065519000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 19:43

Reported

2024-05-31 19:46

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe N/A

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe

ruby.exe "C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\src\s.rb"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
N/A 172.16.4.78:4444 tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe

MD5 1d4086a99fe43e7eb6a5ae131c6c13e4
SHA1 d307e3e9738ad8d2a2ccb04e3125eb45d7db1e57
SHA256 b7237aea5c4904e77005cf197aeb2c3c44dced2b1fe181cb383b6ca1914b11cf
SHA512 8a633103ef44142dcdb8bb444160799144b715aa61a670982b709916feb7b81125289ce358731a581563253be78586739aa42974b5f75c315b42822765270981

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libssp-0.dll

MD5 348b64400aceb6edb2aab9ca73c8febe
SHA1 f36a5a53acaa98df73a48c5cd3455eeb190aeea8
SHA256 e89577f3472fa1c3eda963649f823d322b0809ab7a76e9234b1bc09ad3ec9aba
SHA512 6ec614ecfdde9866768c4b1818a6956fe162d52472ed9e11bf7705eedcec55ac89c01bcdd920c7a6125c5d6243085f76f35f475d110814eeab3d7ccc25caa246

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\x64-msvcrt-ruby270.dll

MD5 60273096d6eccdd6d41ac4b346d88295
SHA1 c62c4a732de35427c81971ab1a338e8b09c56c02
SHA256 94f9f7ada34e0e38e5a1233a3ca0fcb77217025705044322f8a36ddb26484720
SHA512 7e2c7797ca1ea9cbe87c422862590b9c1c032430c03033cf86f15c7bdcfd6228a8084f4364156e668340380cbe9495d68132f50f0e55b4af9c8d8324262386a7

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libgmp-10.dll

MD5 14af514dc727e7be54bb9ab4b100dd9f
SHA1 7534ea8c9f83629fc4306275cae6bd09497ef3e5
SHA256 4cd0caffe0c6c306f12416b8c5186c9be1d70d17b2d89e8c99f253bda4ffd2d8
SHA512 e38794005bc283b8d445a0dd0ad285be8c7ae995bca3471311b1fdacdd100ccf83c1bf1783c2a3a5b9b68a064fa0c270281357c863a7d10c1f3964d31255ac09

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\encdb.so

MD5 8f14107d575b15e7b8f4ed9881a85b02
SHA1 778b126a232b5f56726796e9aeea3e137837791b
SHA256 39a104b33c2408926704db8fcb1783e169d7b9827ba61c148fca3d0ee63c31f9
SHA512 c0f15b4ef79143caae14a639e6c799c6d0e1e35500d8c74794def600846a4d516aac9c7b119ea3b29d1e192f64ccb71e6d2ec83d9ca88c65b09f32600b4747cc

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems.rb

MD5 0a7d865c3f3359ccc03148f355b62a7c
SHA1 aa3caec2b86663c2383453f41262c69c3b669382
SHA256 1e88c4ab8ca95ca7bdad87492dc14c7db87a773c97280c59cc9c75fa0a14d2ed
SHA512 7aa0027e960de8a631726f46bff97ffc5383c6ea5841abf1e590c5748d753d49713c8a42837feea935e6b1faf318188d26804f3c61fc64f34825d39d55ed681e

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\defaults.rb

MD5 ca5a6648b55a28b2ebd954a2ad83458b
SHA1 1731162a8f3e3623392b9268a0ec464632c372b0
SHA256 6a06031bd03ec6c97db6625018e719b2ce5a338523c54bb5700d1439715e3a60
SHA512 6360bdb3e74569829f7df41d270fcf570e6690e31b190c7c82d21e32ad60f83919eed0d58b506f0841734f9b8673dcff461aaa3e99a76b62f8c117ffecad8752

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\compatibility.rb

MD5 e8c22cd05733bf2b83b2f6fa5dbb91e2
SHA1 faea7125201edf6bba824c5d92fccad2a2d5b8cf
SHA256 b3b9fee9805a8d5746cfb0b47ba02b53f252b1cac33817b2fc18a9cfc46a00b6
SHA512 3f5cb60bff31560f19d0e63fb3ef3c1afe0b7c96b53ed21f1f38dbcf1c7171ae6e317c2e3fc802b4acc54c954aa963d8834fa2e044a4aa1753d27595c44474a1

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\rbconfig.rb

MD5 a35c7abc9949d0e42d9d27515d02d70a
SHA1 ec4980dd7fd4ed7116a879280889ac3a475600fe
SHA256 58a9a73ef0811c0075952f914aa29c951dfaea1ada196d6e5b1b4235a8d20954
SHA512 6fe6b57ffadb04844eebb26bcd73825397b416217153ae14370c2232be5b1e0dddf68cc379832b14715502c35bc9030f0b4fb6f9767f3e2fd3d832dbaa0098d9

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\windows_1252.so

MD5 08de6e4ce2b40bae5d7dc036464bf03a
SHA1 fbd98559b4c9863e5cd9aaf8fbb1482f16548005
SHA256 6c973ea01e14a4fccccdc3c2c837014cdd98c9802504cdd6e54832a95722c377
SHA512 e1dd31945d144f551d44d042007a8050a77b4d83fb35fdd45ed8ea6bac3264ef93a82cf6a2b5453627e466f6422a50d53646f8e4061dd0f9121b76364103dca4

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\transdb.so

MD5 fcb51215b3798009b609b12205fefe50
SHA1 0629b67b6f280f40bf5edd16992838099211c00c
SHA256 acdf1218a2c624c543ec47bb44e83b4586b2ebc0b2bc05be2f3bb88aafb0807b
SHA512 91fda8517e82bc1d0dada64fa2b75309a092b7a58b837a6cec4982a74a9fefb863ee3e56ddedda98d7143315ff719da255d1f34757dc1c1db6a5e1485975354e

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\specification.rb

MD5 5cdc3c75a42e6ee697c50f69af9cfc24
SHA1 8162e52ad5943f4058766fade4999459bc224fc9
SHA256 e3bbf666100c5f532b26144496d935ca8fe7b41dd435f3f26d32a61b4d29349c
SHA512 cf9cd42aefe42966f25281ea453c97c9c337c6f2d423a42a7f29c90478622059e7c8e01b8b8e11fa98d5762615d58114041771bdca99cd20ba1ee346f86a343d

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\version.rb

MD5 cda12b68bec9096eb94304bf62ef87ac
SHA1 f839cb1f69ced1b3db3cedff190b72e834693e6a
SHA256 10b1ebc52f26afe93a5db1c0fd593e07ef6fbbb4f43139986bbcb27b30a229c7
SHA512 7f8c2e263bf472ae86ed435e0b375fd5710aad7f5b356f7f99d739c4f464fdc688830228c77f08318327269b801defcae0f93bb692b0ee4fa5e11ae9347d87f4

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\dll_directory.rb

MD5 f893a4b2323b0c534be077c38b815d6b
SHA1 afb77998a056379442ef33f3681832fded82ba73
SHA256 7d59dadf00884fe69be1f19cae77ff7a34d1ce11e52b1b311bd885daf09979cf
SHA512 3eba751fa4be94ba46f9fea49df767e25f541896e305a643b9dc70c1466841a02508142f4835b7d8261730497cd2a49ab92c5e3c4e78dc043bd42abb0da563f3

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\fiddle.so

MD5 0921b4abfc9b22f7d86f7b0f92d06d94
SHA1 e3f452a068db070220c2321a117f3e49e2a273e9
SHA256 343a2cfecda25eed42e43ee9abf91df57b1bbaba3b93592affbd5ef07e15dd90
SHA512 9a43bec7534287850f96d210a73a55828bc7cc1179659453a330e7df69dd152f7010dd0ee43989f973b07f982282f6b14667ce6a2d6bf4230fe36951b9b10e8b

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\requirement.rb

MD5 024e2803bd7b4ba00d96f993e0ec7043
SHA1 3dbd0ec6b7207f6cf98af3484d9d87a4fc825c2f
SHA256 099ac94db014715e7d99b96a9b2a81cf0957f49465cbe615bcec23d082d80623
SHA512 08144a8ce98a63fd2a98819afdebd801e746211e5bfaad94df51c4e01e2798c6d0864ab7aee424750d3f1ed5862096da6d39c9cdd40709b51dacdd45ebdba63e

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\utf_16_32.so

MD5 19cc9a04f0c0c7898243f6f52552fe45
SHA1 232427ed2d305c52d6b5baa0b2f77c456155f756
SHA256 1325d23b9ef22e5d4108443f769b5ee2efd347e0386b41001eed50a9fbeb8605
SHA512 0e0e9d55939364723793320667dcc7a76b472dad20dbcc3fcd71d12d946f53e73fee7adef51c0a88449eb7aea7db00f30748738da502d9f9af8dc465a631e18b

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\single_byte.so

MD5 400badeea2973f73d86bffe0d361e61d
SHA1 2c9732f6c3d00678115ca937c616bf39b2fab293
SHA256 567fe90ffe730cc6373d250b41505c1aca2ebd1fc109c793fd8203088abfac30
SHA512 9d8f21b7b0fa3c133886904333817b8aef4f7568097da0100a1ba2b353ae3751a5247ed0b5a1904d4e96c85760d5a5b0068cd954dd7bd1479769a796cfa38e1a

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\monitor.rb

MD5 183f668f5f7c62b8bfebef6e161d214b
SHA1 0ca202b66773e1603789d82a063cd71852c15ca9
SHA256 131ebd0c23b46f28b2b8c03bb8c6b3aa917253cb2beb50616acb9db77bad1fd7
SHA512 486041917ff40160e1b76a60411af1c4dd0c4169ec9283053cba56e001766f60bb36f4cad000088675d02000ec8663712597f6456f07aca213901255525957d1

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\monitor.so

MD5 29cee1323cc163b11d293e08d5e1b7ca
SHA1 64fbeab597ca4b0d7684055b99cec010431b3855
SHA256 b00634854a5d1585ea1030e6d3df75ec1297430b968836dbb8dd213ad11a0a8b
SHA512 a424a228e28d1b6efb972dcd51b442fd68f414d1ae08dcca1a725a405acf93dcc360012734cb89d026ea85d9dd818f8ca2d5bda2c393cf2be73616319aafe11d

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_require.rb

MD5 e1d2411ff966da362c3156a1b8c9cc01
SHA1 ba4bcf1c7746617758895dc203ca24fe614f7d75
SHA256 7ecec37e67f6cd1fe8bdd8ce98dc1e2afd4cc9f0b7ba7614b2e430800f021e84
SHA512 d8349fc5e078f76927d0e36d1b9efabce5a06962613eac2f27bc5080342a647d4fc92054d3f41ea2b84d0cede724a919fa4223ef42b0db767daae7b1b1f772fd

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_gem.rb

MD5 83f430827fb3bc1c63217e77310aaab8
SHA1 0cc11fcf5f4d466c3f8eef06d9632685646cbd48
SHA256 d856f91e8d9e96fea9749d22d222199ea9be55130956c952e170e7fedb8dcfb1
SHA512 4130ea3f711e871e1eec60b27a503ec413ae652c21118c2130a3688109ed2ff729e79bef4ef1166bf8759f552d6f5c766e84a1bcefec10ffd5be30245f1a5771

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\gems\2.7.0\specifications\default\uri-0.10.0.gemspec

MD5 f2fa0e291b04f354cc3213d9fbdebc5b
SHA1 1ce80104790da350b7af57cf450eb1a4924df614
SHA256 3527a7ed65d80d49285e6727e17dd3b14398698988d7f0a45b74b1bcef6574d6
SHA512 89ad96b8e86a65fbfcbdac761f8d2c87291144c287e070d88f2a48630a809cdaf02714e9e082eb1179b67a97a122fc838c214551431d11c51c8655d661380a9a

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\bundler_version_finder.rb

MD5 303146d58e435dfc4a9889de73d8ddcf
SHA1 a5600ea7af439c7753c72379a50e36e43b161881
SHA256 fc8bd1eee633a4e6d0f3b379c30dede3ac7f5facc31db64f173b5859b99e5750
SHA512 d072c475a5eafab9a3d9b02c7cd60f461580c3430c48c40baec61189903a344486b84712413c00c62f11ba8a6c8f02fe7259bcd70d2f416f5b4f369aea2da114

memory/4132-1486-0x0000000000610000-0x0000000000611000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\dependency.rb

MD5 7aa17a8d863a2294c42a79241779c2df
SHA1 639a04890d4ab264fd4f9673b06d99b5a161fa7c
SHA256 1576fac336da55b8333b77ba48a0c9ba3597f48aaf978fae813970403dbc33b2
SHA512 61843571637f8bde4f9faa0303adc58b9837fa61c5d7cd577f6366712c27dcc9dc8d6cea2efe48846d8b12e9ae4efa3fcaa60e12856179a1abe4c20572e6b205

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\gems\2.7.0\specifications\default\did_you_mean-1.4.0.gemspec

MD5 a66d151f6a3c2e6d127d67febdc20c9c
SHA1 d96fc97b970abc856383f06b3e7be1b72fb097ca
SHA256 ee1668ab0833aab0f8a9a677bbc665215a810df6c27f679456d9170bd63c064f
SHA512 54c805b2eef5b147579838c4df26752f6f0d5bb6d26a8c2377db22e0fdf72d0dfc00d1ffed5dc614199926e9efca950bbd297f274ebe74df990e4f0eebf9195b

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\utf_16le.so

MD5 930e5ffa3cc8799fbdcbdd7f60cc5395
SHA1 6d2662fcd209db413671d8576b9d5f0b3c91d233
SHA256 e9e733d7dea9072e2b5c62307a5a9003eba36f7130a235d859a62d782b3fb70e
SHA512 2a3cee8c784ab88db3d2e0bd5c4330f66cceb473450386c9556950722a6d12e88897a007d8e6f3729d2e297e9a54462971a8ea2020d869de2c410ed613f99be2

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\cparser.rb

MD5 e562e1a1ac9df9fc441b719a27f9f06a
SHA1 db768e7e752a5b5f994617cbdee2ba3b464d2b35
SHA256 7dfbb2e84e823cca56990b43a9ac0ff2a04726d28d04d5a04aef90c11874bf42
SHA512 01b50f4517c5b8eec042797fa134114038bf9f3b47f1ade18b61fae3f899c70b4bd345137deb91c8a374093b48e37410baefb16bb6dd4c0a3e8ba74c051fc227

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\pack.rb

MD5 1626eaf5907bd50189270d2412ccf8f0
SHA1 4f2db70363ec164870b25688fb79262c5e8c73b6
SHA256 134df1991cffe2ef273501001dfa077a7f6cae38f44b05d8aeeb2ce79f0c83c5
SHA512 a0c2d389bb001fb1e8d21f9b27eff494c346dde68799fe8474309a8f96df5cf78fb12fc71947cec61ee8bf1150ffb93c1a55f0912fabfe6eaba2aef0c49fe524

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\value.rb

MD5 579211c8d18ae3ca4be6984b84b3364b
SHA1 1271a8fa314f486b83f13917bef6bef57e653381
SHA256 af87eaf3c40a33c856d86bbbbc5faa8adcff5d68efb0850125b44579c54dcd90
SHA512 5e4d3519bed852385512ac406b0ea87cb3efcc3e6caa7deb42e856919c6b8a740ce187a5177157bc96d5b1466d130f3fe61f2961899b3830e10f6a2bd6b91bf5

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\struct.rb

MD5 96ddd98bd209f77784b0cd05035cc609
SHA1 3c2d1826480512f305218c84bc81243ea52b9749
SHA256 429f8525491e40c710b91ede8230aa7e1647f9d7eb66ace9d9e6a6c7532b6e7b
SHA512 2e7b4b8f49cc21e1040f33c39438cd0d15ee8adec50704ae98ded34b97a4ba15396b86cf56705c72ecc105acf0ab75c96fe0744d83209e10e22c9e3c16321088

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\import.rb

MD5 c9617a78af3bbf84e0609ed09f56762d
SHA1 81a9df16ee4a903d66d090616af5e5d6d43bb40e
SHA256 503d19010cacff71ecaf0789a8e24db7c87900b829829a20f24273df3950d829
SHA512 a6e5950eb4ee22bdf909e99932b6ecf20e628c0941f10d39430b2b3db24577bf97f92f1d21673ed3321cd8573c43586a5f2527d6f534e4634a7e02cf4c651615

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\win32\importer.rb

MD5 d41aa7db5d0bdaa95b433bd1cc76b7a8
SHA1 e7d3778751ce7fca79b52049a990c829f1ecc035
SHA256 c83d80c59eb880115ee43f8ff950c87614935949df9918e58ed490385f9eaa96
SHA512 672ae5c966583c849076cf57d37a6b1880c2c9ab3b7272517246cb609e8779094573f4dffd8da296dc7120b1d513d499c28d369dfb0e7fae9c0416f26fdce3ac

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\win32\registry.rb

MD5 88230342d98e69aebe0b719fc31c273c
SHA1 2877119e25f362de0d9d0c461ead1829fb5e7d1d
SHA256 960372fcba6e3fdf6710f7fcd9cff49a0c9ef1d58a814b99773a236b8de01e61
SHA512 89e2c0e7d46b0b88cdc844d1d838cca23400a68d6e45abccdb2f8b226876e6dd0f637250c0a8106c110b0ae5603db784781e55d4c87c07d1f5e588ac29bead45

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\closure.rb

MD5 7bfc132c5b14d097ab0a7895c51ea1bb
SHA1 53c98f24d0b6a7329ffc0590f8051dbe1a7cffa9
SHA256 762b117a58851789e4a5f3871bee97f453e04a1afe64e91c1937737427f418f5
SHA512 4e155979a3d1b64980700fbcc0e1921f253f90394b76825472f29dc2575d746748a22767edd248c011bf796e47d74ae71f8b9feda863d2b8362ae35ee467b07b

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\function.rb

MD5 41a60a7a73897b9c535ff865df330535
SHA1 9998cdbeb8c520b8040827b864e10ceff7db1a4d
SHA256 65524bcf2d69e3f7053aa476286f011f0523c6efe0ea6f5f3c373d9a9a2de5aa
SHA512 b59a568fe258ed849c3e0108440e2744aeb08a1d57c552d7137dd1ddc5f65fecf379a78820116355a73875ad8ea6a9acdf2564a1ea0da7e2dc4524037e8e9ddd

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libffi-6.dll

MD5 835b9252cf84aa654459ee3b7d07e824
SHA1 89bd2b8cf4bebfc08a660520253ae097ba40d2f6
SHA256 077ed959cd9ab1bf8f9e2ed248a0cb6492a18fd2ba283f52896125412ead121d
SHA512 19d60efb0ed2c73707396627f95d46c7d2a42855a58f0a29d5ce2c9b143c4297ff02d96b83761bdfe3045a1b4ffa6351275760920353c3bdd0829eaef07f8cf5

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle.rb

MD5 9c3ce5c157180b6d65142465e093a877
SHA1 39fdabbcf598534a73bbbf5223d0d5570956909a
SHA256 d9f8894c029a2217fc368cb6fe26e11ea32270bdc98a68f4a0b33b8d1b55696a
SHA512 59cb9ce10144244b5ee275f29d5471bcb1156f22de69cb15a7ec8f18c32c1cbf0661034bf5e4dd1f226f03c58acb45d9cabf8daa1d7a026015718167af5a4edc

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\msys2_installation.rb

MD5 0be6f804099682a5f9d1aa3cb0138959
SHA1 610ed3402a723d3c383fafc0d19d196b7ddc2d34
SHA256 3d5f2fced454d7b8160cdfa0960261e957fbb5d3edb50e0407aabb26448aee0a
SHA512 47ac6166fdab89439167ff8a29d3bf0f744f05d95018198ddecf1e383d8cdba9a77786560e6680bc7f956f6644b9350e3277e7be5f8c3b1b7cec4f448a0d281f

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\singleton.rb

MD5 3b73b2fa06660d2cb63f702095ad4d28
SHA1 5e0cc47bea55758fbbafba4768808ca5b0ec1762
SHA256 9b84fe45a22e2336dcfe56d4018e37cf84bd4d8a01f4226b8804ff3f72dd99b0
SHA512 53568092aa6526e9a2077b94efe06937022c0a2c0459c4f3131787b5c7b508d2fe2df1cbc1222c9ab8f7a6703ff9e83138e3b6e2732e6efc75e161e268f42909

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime.rb

MD5 f6fce892fd2c017ac539d57788c1d290
SHA1 86eb21d2796472643c21f2533df5dafc2506f852
SHA256 efd97ee568b0805e33ebdb291b2a021d604e462eca185073228003f8e01704a4
SHA512 046475b4f5cbeb7f81df69daa90bae0ce88cb7bd2ad872d1aadf2255ed65fc7ac788771ba0cba14eb047a4437db5f0c3828408b6bb91bf52ad1c362d6366caa1

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\defaults\operating_system.rb

MD5 baacc7158dbf26f04d7f54eb2948457f
SHA1 11ec25e8c28d3f001846e5994dd1c1fd3280d33d
SHA256 f401974bcb3d7da2d34e6943303c1f680d83ac1c200a670e5b791f16e2f926db
SHA512 7196df9f199f98132879747bda7faf6d085b0cdc45e7565e8852f85969fa8bfdac898ca99bf98284eca9f9e41cea5171b3b9eaccb01ec9d4dd0d26f3ce4b7380

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\exceptions.rb

MD5 a8ffa910114e8339628be9ca152f8b6b
SHA1 b9bbb6927e986facc06370cac25674724f8df307
SHA256 f2ae8beaf0a8d4c62f4bc1c75619c905ffeba341975abdc1f8964f2aac169db6
SHA512 5f86f7380b2e622d17784ba5938f82c26f3754c5e52f7eef6770089a7015b5a831c1b67a3cd49f5aebe50c38eb70ba02d1f090998076c155f802a38a20fc9b67

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\util\list.rb

MD5 f31d88f42431dc856aff7a90937fc984
SHA1 ae5c93bc784bce4b2820844883d74e5c86e2f0e2
SHA256 a88fae8bdbf33dfbbcc81a1914dad4609666379f838c53ba5c8fd487c07a9aaa
SHA512 8d15766ef0661d68be2b912d76af8568b0fbede0e3e9e38de2cdf213ea18b4fe115905f957d7a6329a7d6bd4daaf587a875492308e519a24f04e9f584cf956f1

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\text.rb

MD5 71371ed0065b6bd98e4b611c25bcfa86
SHA1 b2cfe18f7499fc55c3caeb60d544fb41b48fdbab
SHA256 4002a46e5e570a1ec145266dc84b7e2d3953264d223d0965ab15a1fc3b1706cd
SHA512 87e6b1a11cf16a6340e2719e4eb8ed38daef3c4f160cb44dbd5590c0fdfaafb7f05ca9ae844676fbf29aeed9eb544a113421a02c5d742576d89cbd0806ae0f9f

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\util.rb

MD5 815f3f0244055b3dde74b712c9c24862
SHA1 eb5c9dfaec1463a98839982829c801aa000d657a
SHA256 e78aafe5d46ed2c0f58f398343cc64ef85a7317ebd5ddcca2064efb27ded65eb
SHA512 839c1330131617f86e9b092e1d10cdbb01f702799b52122e85555de1eb2c58e73e1ee5fe42e9a9ef9c1c59910cf4573d414a545d87c8aa196299d21d5afaf6ab

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\user_interaction.rb

MD5 53d4a675a926619ae02ebca4c23e8bba
SHA1 f8c0ce82bf73f1c11a869fc564ff0ae884bc7f57
SHA256 be3b5e8bcbb480fdc1134c1a65461ce158220053ae6f77580b1c7af057c1faf7
SHA512 f15b9e8532b66634b7b9ab926feca252a162839db34db1367aaa1424c6b98e598feb01d8cb6d6b8bcda041899f7be8165e5edca5fc1b83e859161132967e93f7

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\specification_policy.rb

MD5 45ed5d90f507057e7ab19e24d15b386e
SHA1 ba38f977ec58c9150d4ab88d80245fda25d50559
SHA256 255efd9d1ee151dc59b1abf765e6e607b4082b73d901893f2bf1d22bd2aea98d
SHA512 b90acf4fffaa0c5cdf84370c91855ce5f69a48928f320b5b97285edc600be8e29e96eee5e9c0f35beb73617b1f782816472d6297f8f84788b5eb0b60494119bc

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\stub_specification.rb

MD5 b1de0e1d1b189f771cf51e16c484f655
SHA1 f7c7007a636b37a5bab68ef5a78a7745a04bda09
SHA256 d0cec174fc52efa4a906bc9e7dc260b38cd6a0bcc506ffd4732ed7914ff62f80
SHA512 73aa7dc499c276064342bc0d97d307036d07e02389b5a4e74d233735c0512e7b24e0623816310beaab6434c2b3823da7f344a1498dc10ae9cfbc1d5c85fafe3d

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\basic_specification.rb

MD5 b4522ab1407d553a8e36a5bd399a34f3
SHA1 0812510e8cf65e6c098393604dcf50bd87cf5bf8
SHA256 c85f0a68d809ba4d9149030c9b4772866aa308439627c52a6dde59c4baaa2ef6
SHA512 64b149f412c9a60adf576df3f5e4540b2fdbea85c9b758132c0bb4c699d88ac55820d44d2e547da5192371eff4b530577cd4d925cde521da196fac2c8c56d93e

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\platform.rb

MD5 12d6239c5ef70b6eb70f07dd7dae2989
SHA1 234d847344a15781ba0f844244b10317ff9fa704
SHA256 ea2eb806532e8d7f8961757091fe441e92400c55a896e8b5284ed046f9c1b6fb
SHA512 bb61b653ab80ce577b2eeda8c2a36253936afaf8a7be391b7cbe81a4aa2ac9a9017571cecf0b5e986309bda85bd639b3cd7a11608e95f676bd478f66616e98d7

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\errors.rb

MD5 09a2e7f44cdbaf9dc5425a0833b1b010
SHA1 2736a71e9206842e2adef9d3dcb769b38bb457b8
SHA256 56805e89aea909d86082f6580cb87a0cc99dea492ccb90dcfc66fdad8aec307e
SHA512 7e200acb43581681fb849a7af7b029a2098deddb315718e243364a3b61b956566c6af0f98139d3f920111e1603df3e6d1cd315568fda36811bebce68f539e4c8

C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\deprecate.rb

MD5 757890f88cc989d45a0922fafa8bd2ef
SHA1 d2ce6a889d1232b13cf6d25f945d2465a9b7750c
SHA256 2a3a061d35146eeef608ac639f7bde7d34f8bb4910f6cdb0abd04301222252a6
SHA512 66eb85444d93c23c2b77fe0dddbe511eba7dd9a587053f7b91fae3b92f0efa913e794ee51b85749e2f7f175d867a39b10ffb9eacdb4f57b8f7ef36d08b8eded3

memory/3856-1487-0x0000000000400000-0x0000000000413000-memory.dmp

memory/4132-1488-0x0000000000400000-0x0000000000410000-memory.dmp

memory/4132-1489-0x0000000068AC0000-0x0000000068ACE000-memory.dmp

memory/4132-1500-0x0000000065AC0000-0x0000000065ACE000-memory.dmp

memory/4132-1499-0x000000006A340000-0x000000006A364000-memory.dmp

memory/4132-1498-0x000000006A400000-0x000000006A40F000-memory.dmp

memory/4132-1497-0x000000006E6C0000-0x000000006E6CD000-memory.dmp

memory/4132-1496-0x000000006B740000-0x000000006B750000-memory.dmp

memory/4132-1495-0x0000000063D80000-0x0000000063D9A000-memory.dmp

memory/4132-1494-0x000000006D0C0000-0x000000006D0CD000-memory.dmp

memory/4132-1493-0x0000000068080000-0x000000006808E000-memory.dmp

memory/4132-1492-0x000000006F280000-0x000000006F28E000-memory.dmp

memory/4132-1491-0x000000006ACC0000-0x000000006AD46000-memory.dmp

memory/4132-1490-0x0000000065140000-0x0000000065519000-memory.dmp