Analysis Overview
SHA256
551e815844958ea8e208775ebc5fd8e8de97d743e20fe24b63bdbda1414fc98a
Threat Level: Known bad
The file 8822b510c7a6084e481376ed48e8e074_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-31 19:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 19:43
Reported
2024-05-31 19:46
Platform
win7-20240221-en
Max time kernel
143s
Max time network
140s
Command Line
Signatures
MetaSploit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe | N/A |
Checks installed software on the system
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 876 | N/A | C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe |
| PID 1688 wrote to memory of 876 | N/A | C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe |
| PID 1688 wrote to memory of 876 | N/A | C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe |
| PID 1688 wrote to memory of 876 | N/A | C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe
ruby.exe "C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\src\s.rb"
Network
| Country | Destination | Domain | Proto |
| N/A | 172.16.4.78:4444 | tcp |
Files
\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby.exe
| MD5 | 1d4086a99fe43e7eb6a5ae131c6c13e4 |
| SHA1 | d307e3e9738ad8d2a2ccb04e3125eb45d7db1e57 |
| SHA256 | b7237aea5c4904e77005cf197aeb2c3c44dced2b1fe181cb383b6ca1914b11cf |
| SHA512 | 8a633103ef44142dcdb8bb444160799144b715aa61a670982b709916feb7b81125289ce358731a581563253be78586739aa42974b5f75c315b42822765270981 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\x64-msvcrt-ruby270.dll
| MD5 | 60273096d6eccdd6d41ac4b346d88295 |
| SHA1 | c62c4a732de35427c81971ab1a338e8b09c56c02 |
| SHA256 | 94f9f7ada34e0e38e5a1233a3ca0fcb77217025705044322f8a36ddb26484720 |
| SHA512 | 7e2c7797ca1ea9cbe87c422862590b9c1c032430c03033cf86f15c7bdcfd6228a8084f4364156e668340380cbe9495d68132f50f0e55b4af9c8d8324262386a7 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby_builtin_dlls\libgmp-10.dll
| MD5 | 14af514dc727e7be54bb9ab4b100dd9f |
| SHA1 | 7534ea8c9f83629fc4306275cae6bd09497ef3e5 |
| SHA256 | 4cd0caffe0c6c306f12416b8c5186c9be1d70d17b2d89e8c99f253bda4ffd2d8 |
| SHA512 | e38794005bc283b8d445a0dd0ad285be8c7ae995bca3471311b1fdacdd100ccf83c1bf1783c2a3a5b9b68a064fa0c270281357c863a7d10c1f3964d31255ac09 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby_builtin_dlls\libssp-0.dll
| MD5 | 348b64400aceb6edb2aab9ca73c8febe |
| SHA1 | f36a5a53acaa98df73a48c5cd3455eeb190aeea8 |
| SHA256 | e89577f3472fa1c3eda963649f823d322b0809ab7a76e9234b1bc09ad3ec9aba |
| SHA512 | 6ec614ecfdde9866768c4b1818a6956fe162d52472ed9e11bf7705eedcec55ac89c01bcdd920c7a6125c5d6243085f76f35f475d110814eeab3d7ccc25caa246 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\encdb.so
| MD5 | 8f14107d575b15e7b8f4ed9881a85b02 |
| SHA1 | 778b126a232b5f56726796e9aeea3e137837791b |
| SHA256 | 39a104b33c2408926704db8fcb1783e169d7b9827ba61c148fca3d0ee63c31f9 |
| SHA512 | c0f15b4ef79143caae14a639e6c799c6d0e1e35500d8c74794def600846a4d516aac9c7b119ea3b29d1e192f64ccb71e6d2ec83d9ca88c65b09f32600b4747cc |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\transdb.so
| MD5 | fcb51215b3798009b609b12205fefe50 |
| SHA1 | 0629b67b6f280f40bf5edd16992838099211c00c |
| SHA256 | acdf1218a2c624c543ec47bb44e83b4586b2ebc0b2bc05be2f3bb88aafb0807b |
| SHA512 | 91fda8517e82bc1d0dada64fa2b75309a092b7a58b837a6cec4982a74a9fefb863ee3e56ddedda98d7143315ff719da255d1f34757dc1c1db6a5e1485975354e |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\windows_1252.so
| MD5 | 08de6e4ce2b40bae5d7dc036464bf03a |
| SHA1 | fbd98559b4c9863e5cd9aaf8fbb1482f16548005 |
| SHA256 | 6c973ea01e14a4fccccdc3c2c837014cdd98c9802504cdd6e54832a95722c377 |
| SHA512 | e1dd31945d144f551d44d042007a8050a77b4d83fb35fdd45ed8ea6bac3264ef93a82cf6a2b5453627e466f6422a50d53646f8e4061dd0f9121b76364103dca4 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems.rb
| MD5 | 0a7d865c3f3359ccc03148f355b62a7c |
| SHA1 | aa3caec2b86663c2383453f41262c69c3b669382 |
| SHA256 | 1e88c4ab8ca95ca7bdad87492dc14c7db87a773c97280c59cc9c75fa0a14d2ed |
| SHA512 | 7aa0027e960de8a631726f46bff97ffc5383c6ea5841abf1e590c5748d753d49713c8a42837feea935e6b1faf318188d26804f3c61fc64f34825d39d55ed681e |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\rbconfig.rb
| MD5 | a35c7abc9949d0e42d9d27515d02d70a |
| SHA1 | ec4980dd7fd4ed7116a879280889ac3a475600fe |
| SHA256 | 58a9a73ef0811c0075952f914aa29c951dfaea1ada196d6e5b1b4235a8d20954 |
| SHA512 | 6fe6b57ffadb04844eebb26bcd73825397b416217153ae14370c2232be5b1e0dddf68cc379832b14715502c35bc9030f0b4fb6f9767f3e2fd3d832dbaa0098d9 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\compatibility.rb
| MD5 | e8c22cd05733bf2b83b2f6fa5dbb91e2 |
| SHA1 | faea7125201edf6bba824c5d92fccad2a2d5b8cf |
| SHA256 | b3b9fee9805a8d5746cfb0b47ba02b53f252b1cac33817b2fc18a9cfc46a00b6 |
| SHA512 | 3f5cb60bff31560f19d0e63fb3ef3c1afe0b7c96b53ed21f1f38dbcf1c7171ae6e317c2e3fc802b4acc54c954aa963d8834fa2e044a4aa1753d27595c44474a1 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\requirement.rb
| MD5 | 024e2803bd7b4ba00d96f993e0ec7043 |
| SHA1 | 3dbd0ec6b7207f6cf98af3484d9d87a4fc825c2f |
| SHA256 | 099ac94db014715e7d99b96a9b2a81cf0957f49465cbe615bcec23d082d80623 |
| SHA512 | 08144a8ce98a63fd2a98819afdebd801e746211e5bfaad94df51c4e01e2798c6d0864ab7aee424750d3f1ed5862096da6d39c9cdd40709b51dacdd45ebdba63e |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\version.rb
| MD5 | cda12b68bec9096eb94304bf62ef87ac |
| SHA1 | f839cb1f69ced1b3db3cedff190b72e834693e6a |
| SHA256 | 10b1ebc52f26afe93a5db1c0fd593e07ef6fbbb4f43139986bbcb27b30a229c7 |
| SHA512 | 7f8c2e263bf472ae86ed435e0b375fd5710aad7f5b356f7f99d739c4f464fdc688830228c77f08318327269b801defcae0f93bb692b0ee4fa5e11ae9347d87f4 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\specification.rb
| MD5 | 5cdc3c75a42e6ee697c50f69af9cfc24 |
| SHA1 | 8162e52ad5943f4058766fade4999459bc224fc9 |
| SHA256 | e3bbf666100c5f532b26144496d935ca8fe7b41dd435f3f26d32a61b4d29349c |
| SHA512 | cf9cd42aefe42966f25281ea453c97c9c337c6f2d423a42a7f29c90478622059e7c8e01b8b8e11fa98d5762615d58114041771bdca99cd20ba1ee346f86a343d |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\errors.rb
| MD5 | 09a2e7f44cdbaf9dc5425a0833b1b010 |
| SHA1 | 2736a71e9206842e2adef9d3dcb769b38bb457b8 |
| SHA256 | 56805e89aea909d86082f6580cb87a0cc99dea492ccb90dcfc66fdad8aec307e |
| SHA512 | 7e200acb43581681fb849a7af7b029a2098deddb315718e243364a3b61b956566c6af0f98139d3f920111e1603df3e6d1cd315568fda36811bebce68f539e4c8 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\deprecate.rb
| MD5 | 757890f88cc989d45a0922fafa8bd2ef |
| SHA1 | d2ce6a889d1232b13cf6d25f945d2465a9b7750c |
| SHA256 | 2a3a061d35146eeef608ac639f7bde7d34f8bb4910f6cdb0abd04301222252a6 |
| SHA512 | 66eb85444d93c23c2b77fe0dddbe511eba7dd9a587053f7b91fae3b92f0efa913e794ee51b85749e2f7f175d867a39b10ffb9eacdb4f57b8f7ef36d08b8eded3 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\defaults.rb
| MD5 | ca5a6648b55a28b2ebd954a2ad83458b |
| SHA1 | 1731162a8f3e3623392b9268a0ec464632c372b0 |
| SHA256 | 6a06031bd03ec6c97db6625018e719b2ce5a338523c54bb5700d1439715e3a60 |
| SHA512 | 6360bdb3e74569829f7df41d270fcf570e6690e31b190c7c82d21e32ad60f83919eed0d58b506f0841734f9b8673dcff461aaa3e99a76b62f8c117ffecad8752 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\platform.rb
| MD5 | 12d6239c5ef70b6eb70f07dd7dae2989 |
| SHA1 | 234d847344a15781ba0f844244b10317ff9fa704 |
| SHA256 | ea2eb806532e8d7f8961757091fe441e92400c55a896e8b5284ed046f9c1b6fb |
| SHA512 | bb61b653ab80ce577b2eeda8c2a36253936afaf8a7be391b7cbe81a4aa2ac9a9017571cecf0b5e986309bda85bd639b3cd7a11608e95f676bd478f66616e98d7 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\basic_specification.rb
| MD5 | b4522ab1407d553a8e36a5bd399a34f3 |
| SHA1 | 0812510e8cf65e6c098393604dcf50bd87cf5bf8 |
| SHA256 | c85f0a68d809ba4d9149030c9b4772866aa308439627c52a6dde59c4baaa2ef6 |
| SHA512 | 64b149f412c9a60adf576df3f5e4540b2fdbea85c9b758132c0bb4c699d88ac55820d44d2e547da5192371eff4b530577cd4d925cde521da196fac2c8c56d93e |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\stub_specification.rb
| MD5 | b1de0e1d1b189f771cf51e16c484f655 |
| SHA1 | f7c7007a636b37a5bab68ef5a78a7745a04bda09 |
| SHA256 | d0cec174fc52efa4a906bc9e7dc260b38cd6a0bcc506ffd4732ed7914ff62f80 |
| SHA512 | 73aa7dc499c276064342bc0d97d307036d07e02389b5a4e74d233735c0512e7b24e0623816310beaab6434c2b3823da7f344a1498dc10ae9cfbc1d5c85fafe3d |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\specification_policy.rb
| MD5 | 45ed5d90f507057e7ab19e24d15b386e |
| SHA1 | ba38f977ec58c9150d4ab88d80245fda25d50559 |
| SHA256 | 255efd9d1ee151dc59b1abf765e6e607b4082b73d901893f2bf1d22bd2aea98d |
| SHA512 | b90acf4fffaa0c5cdf84370c91855ce5f69a48928f320b5b97285edc600be8e29e96eee5e9c0f35beb73617b1f782816472d6297f8f84788b5eb0b60494119bc |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\user_interaction.rb
| MD5 | 53d4a675a926619ae02ebca4c23e8bba |
| SHA1 | f8c0ce82bf73f1c11a869fc564ff0ae884bc7f57 |
| SHA256 | be3b5e8bcbb480fdc1134c1a65461ce158220053ae6f77580b1c7af057c1faf7 |
| SHA512 | f15b9e8532b66634b7b9ab926feca252a162839db34db1367aaa1424c6b98e598feb01d8cb6d6b8bcda041899f7be8165e5edca5fc1b83e859161132967e93f7 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\util.rb
| MD5 | 815f3f0244055b3dde74b712c9c24862 |
| SHA1 | eb5c9dfaec1463a98839982829c801aa000d657a |
| SHA256 | e78aafe5d46ed2c0f58f398343cc64ef85a7317ebd5ddcca2064efb27ded65eb |
| SHA512 | 839c1330131617f86e9b092e1d10cdbb01f702799b52122e85555de1eb2c58e73e1ee5fe42e9a9ef9c1c59910cf4573d414a545d87c8aa196299d21d5afaf6ab |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\text.rb
| MD5 | 71371ed0065b6bd98e4b611c25bcfa86 |
| SHA1 | b2cfe18f7499fc55c3caeb60d544fb41b48fdbab |
| SHA256 | 4002a46e5e570a1ec145266dc84b7e2d3953264d223d0965ab15a1fc3b1706cd |
| SHA512 | 87e6b1a11cf16a6340e2719e4eb8ed38daef3c4f160cb44dbd5590c0fdfaafb7f05ca9ae844676fbf29aeed9eb544a113421a02c5d742576d89cbd0806ae0f9f |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\util\list.rb
| MD5 | f31d88f42431dc856aff7a90937fc984 |
| SHA1 | ae5c93bc784bce4b2820844883d74e5c86e2f0e2 |
| SHA256 | a88fae8bdbf33dfbbcc81a1914dad4609666379f838c53ba5c8fd487c07a9aaa |
| SHA512 | 8d15766ef0661d68be2b912d76af8568b0fbede0e3e9e38de2cdf213ea18b4fe115905f957d7a6329a7d6bd4daaf587a875492308e519a24f04e9f584cf956f1 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\exceptions.rb
| MD5 | a8ffa910114e8339628be9ca152f8b6b |
| SHA1 | b9bbb6927e986facc06370cac25674724f8df307 |
| SHA256 | f2ae8beaf0a8d4c62f4bc1c75619c905ffeba341975abdc1f8964f2aac169db6 |
| SHA512 | 5f86f7380b2e622d17784ba5938f82c26f3754c5e52f7eef6770089a7015b5a831c1b67a3cd49f5aebe50c38eb70ba02d1f090998076c155f802a38a20fc9b67 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\defaults\operating_system.rb
| MD5 | baacc7158dbf26f04d7f54eb2948457f |
| SHA1 | 11ec25e8c28d3f001846e5994dd1c1fd3280d33d |
| SHA256 | f401974bcb3d7da2d34e6943303c1f680d83ac1c200a670e5b791f16e2f926db |
| SHA512 | 7196df9f199f98132879747bda7faf6d085b0cdc45e7565e8852f85969fa8bfdac898ca99bf98284eca9f9e41cea5171b3b9eaccb01ec9d4dd0d26f3ce4b7380 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime.rb
| MD5 | f6fce892fd2c017ac539d57788c1d290 |
| SHA1 | 86eb21d2796472643c21f2533df5dafc2506f852 |
| SHA256 | efd97ee568b0805e33ebdb291b2a021d604e462eca185073228003f8e01704a4 |
| SHA512 | 046475b4f5cbeb7f81df69daa90bae0ce88cb7bd2ad872d1aadf2255ed65fc7ac788771ba0cba14eb047a4437db5f0c3828408b6bb91bf52ad1c362d6366caa1 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\singleton.rb
| MD5 | 3b73b2fa06660d2cb63f702095ad4d28 |
| SHA1 | 5e0cc47bea55758fbbafba4768808ca5b0ec1762 |
| SHA256 | 9b84fe45a22e2336dcfe56d4018e37cf84bd4d8a01f4226b8804ff3f72dd99b0 |
| SHA512 | 53568092aa6526e9a2077b94efe06937022c0a2c0459c4f3131787b5c7b508d2fe2df1cbc1222c9ab8f7a6703ff9e83138e3b6e2732e6efc75e161e268f42909 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\msys2_installation.rb
| MD5 | 0be6f804099682a5f9d1aa3cb0138959 |
| SHA1 | 610ed3402a723d3c383fafc0d19d196b7ddc2d34 |
| SHA256 | 3d5f2fced454d7b8160cdfa0960261e957fbb5d3edb50e0407aabb26448aee0a |
| SHA512 | 47ac6166fdab89439167ff8a29d3bf0f744f05d95018198ddecf1e383d8cdba9a77786560e6680bc7f956f6644b9350e3277e7be5f8c3b1b7cec4f448a0d281f |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\dll_directory.rb
| MD5 | f893a4b2323b0c534be077c38b815d6b |
| SHA1 | afb77998a056379442ef33f3681832fded82ba73 |
| SHA256 | 7d59dadf00884fe69be1f19cae77ff7a34d1ce11e52b1b311bd885daf09979cf |
| SHA512 | 3eba751fa4be94ba46f9fea49df767e25f541896e305a643b9dc70c1466841a02508142f4835b7d8261730497cd2a49ab92c5e3c4e78dc043bd42abb0da563f3 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle.rb
| MD5 | 9c3ce5c157180b6d65142465e093a877 |
| SHA1 | 39fdabbcf598534a73bbbf5223d0d5570956909a |
| SHA256 | d9f8894c029a2217fc368cb6fe26e11ea32270bdc98a68f4a0b33b8d1b55696a |
| SHA512 | 59cb9ce10144244b5ee275f29d5471bcb1156f22de69cb15a7ec8f18c32c1cbf0661034bf5e4dd1f226f03c58acb45d9cabf8daa1d7a026015718167af5a4edc |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\fiddle.so
| MD5 | 0921b4abfc9b22f7d86f7b0f92d06d94 |
| SHA1 | e3f452a068db070220c2321a117f3e49e2a273e9 |
| SHA256 | 343a2cfecda25eed42e43ee9abf91df57b1bbaba3b93592affbd5ef07e15dd90 |
| SHA512 | 9a43bec7534287850f96d210a73a55828bc7cc1179659453a330e7df69dd152f7010dd0ee43989f973b07f982282f6b14667ce6a2d6bf4230fe36951b9b10e8b |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\bin\ruby_builtin_dlls\libffi-6.dll
| MD5 | 835b9252cf84aa654459ee3b7d07e824 |
| SHA1 | 89bd2b8cf4bebfc08a660520253ae097ba40d2f6 |
| SHA256 | 077ed959cd9ab1bf8f9e2ed248a0cb6492a18fd2ba283f52896125412ead121d |
| SHA512 | 19d60efb0ed2c73707396627f95d46c7d2a42855a58f0a29d5ce2c9b143c4297ff02d96b83761bdfe3045a1b4ffa6351275760920353c3bdd0829eaef07f8cf5 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\function.rb
| MD5 | 41a60a7a73897b9c535ff865df330535 |
| SHA1 | 9998cdbeb8c520b8040827b864e10ceff7db1a4d |
| SHA256 | 65524bcf2d69e3f7053aa476286f011f0523c6efe0ea6f5f3c373d9a9a2de5aa |
| SHA512 | b59a568fe258ed849c3e0108440e2744aeb08a1d57c552d7137dd1ddc5f65fecf379a78820116355a73875ad8ea6a9acdf2564a1ea0da7e2dc4524037e8e9ddd |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\closure.rb
| MD5 | 7bfc132c5b14d097ab0a7895c51ea1bb |
| SHA1 | 53c98f24d0b6a7329ffc0590f8051dbe1a7cffa9 |
| SHA256 | 762b117a58851789e4a5f3871bee97f453e04a1afe64e91c1937737427f418f5 |
| SHA512 | 4e155979a3d1b64980700fbcc0e1921f253f90394b76825472f29dc2575d746748a22767edd248c011bf796e47d74ae71f8b9feda863d2b8362ae35ee467b07b |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\win32\registry.rb
| MD5 | 88230342d98e69aebe0b719fc31c273c |
| SHA1 | 2877119e25f362de0d9d0c461ead1829fb5e7d1d |
| SHA256 | 960372fcba6e3fdf6710f7fcd9cff49a0c9ef1d58a814b99773a236b8de01e61 |
| SHA512 | 89e2c0e7d46b0b88cdc844d1d838cca23400a68d6e45abccdb2f8b226876e6dd0f637250c0a8106c110b0ae5603db784781e55d4c87c07d1f5e588ac29bead45 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\win32\importer.rb
| MD5 | d41aa7db5d0bdaa95b433bd1cc76b7a8 |
| SHA1 | e7d3778751ce7fca79b52049a990c829f1ecc035 |
| SHA256 | c83d80c59eb880115ee43f8ff950c87614935949df9918e58ed490385f9eaa96 |
| SHA512 | 672ae5c966583c849076cf57d37a6b1880c2c9ab3b7272517246cb609e8779094573f4dffd8da296dc7120b1d513d499c28d369dfb0e7fae9c0416f26fdce3ac |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\import.rb
| MD5 | c9617a78af3bbf84e0609ed09f56762d |
| SHA1 | 81a9df16ee4a903d66d090616af5e5d6d43bb40e |
| SHA256 | 503d19010cacff71ecaf0789a8e24db7c87900b829829a20f24273df3950d829 |
| SHA512 | a6e5950eb4ee22bdf909e99932b6ecf20e628c0941f10d39430b2b3db24577bf97f92f1d21673ed3321cd8573c43586a5f2527d6f534e4634a7e02cf4c651615 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\struct.rb
| MD5 | 96ddd98bd209f77784b0cd05035cc609 |
| SHA1 | 3c2d1826480512f305218c84bc81243ea52b9749 |
| SHA256 | 429f8525491e40c710b91ede8230aa7e1647f9d7eb66ace9d9e6a6c7532b6e7b |
| SHA512 | 2e7b4b8f49cc21e1040f33c39438cd0d15ee8adec50704ae98ded34b97a4ba15396b86cf56705c72ecc105acf0ab75c96fe0744d83209e10e22c9e3c16321088 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\value.rb
| MD5 | 579211c8d18ae3ca4be6984b84b3364b |
| SHA1 | 1271a8fa314f486b83f13917bef6bef57e653381 |
| SHA256 | af87eaf3c40a33c856d86bbbbc5faa8adcff5d68efb0850125b44579c54dcd90 |
| SHA512 | 5e4d3519bed852385512ac406b0ea87cb3efcc3e6caa7deb42e856919c6b8a740ce187a5177157bc96d5b1466d130f3fe61f2961899b3830e10f6a2bd6b91bf5 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\pack.rb
| MD5 | 1626eaf5907bd50189270d2412ccf8f0 |
| SHA1 | 4f2db70363ec164870b25688fb79262c5e8c73b6 |
| SHA256 | 134df1991cffe2ef273501001dfa077a7f6cae38f44b05d8aeeb2ce79f0c83c5 |
| SHA512 | a0c2d389bb001fb1e8d21f9b27eff494c346dde68799fe8474309a8f96df5cf78fb12fc71947cec61ee8bf1150ffb93c1a55f0912fabfe6eaba2aef0c49fe524 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\fiddle\cparser.rb
| MD5 | e562e1a1ac9df9fc441b719a27f9f06a |
| SHA1 | db768e7e752a5b5f994617cbdee2ba3b464d2b35 |
| SHA256 | 7dfbb2e84e823cca56990b43a9ac0ff2a04726d28d04d5a04aef90c11874bf42 |
| SHA512 | 01b50f4517c5b8eec042797fa134114038bf9f3b47f1ade18b61fae3f899c70b4bd345137deb91c8a374093b48e37410baefb16bb6dd4c0a3e8ba74c051fc227 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\utf_16le.so
| MD5 | 930e5ffa3cc8799fbdcbdd7f60cc5395 |
| SHA1 | 6d2662fcd209db413671d8576b9d5f0b3c91d233 |
| SHA256 | e9e733d7dea9072e2b5c62307a5a9003eba36f7130a235d859a62d782b3fb70e |
| SHA512 | 2a3cee8c784ab88db3d2e0bd5c4330f66cceb473450386c9556950722a6d12e88897a007d8e6f3729d2e297e9a54462971a8ea2020d869de2c410ed613f99be2 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\utf_16_32.so
| MD5 | 19cc9a04f0c0c7898243f6f52552fe45 |
| SHA1 | 232427ed2d305c52d6b5baa0b2f77c456155f756 |
| SHA256 | 1325d23b9ef22e5d4108443f769b5ee2efd347e0386b41001eed50a9fbeb8605 |
| SHA512 | 0e0e9d55939364723793320667dcc7a76b472dad20dbcc3fcd71d12d946f53e73fee7adef51c0a88449eb7aea7db00f30748738da502d9f9af8dc465a631e18b |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\single_byte.so
| MD5 | 400badeea2973f73d86bffe0d361e61d |
| SHA1 | 2c9732f6c3d00678115ca937c616bf39b2fab293 |
| SHA256 | 567fe90ffe730cc6373d250b41505c1aca2ebd1fc109c793fd8203088abfac30 |
| SHA512 | 9d8f21b7b0fa3c133886904333817b8aef4f7568097da0100a1ba2b353ae3751a5247ed0b5a1904d4e96c85760d5a5b0068cd954dd7bd1479769a796cfa38e1a |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\gems\2.7.0\specifications\default\did_you_mean-1.4.0.gemspec
| MD5 | a66d151f6a3c2e6d127d67febdc20c9c |
| SHA1 | d96fc97b970abc856383f06b3e7be1b72fb097ca |
| SHA256 | ee1668ab0833aab0f8a9a677bbc665215a810df6c27f679456d9170bd63c064f |
| SHA512 | 54c805b2eef5b147579838c4df26752f6f0d5bb6d26a8c2377db22e0fdf72d0dfc00d1ffed5dc614199926e9efca950bbd297f274ebe74df990e4f0eebf9195b |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\dependency.rb
| MD5 | 7aa17a8d863a2294c42a79241779c2df |
| SHA1 | 639a04890d4ab264fd4f9673b06d99b5a161fa7c |
| SHA256 | 1576fac336da55b8333b77ba48a0c9ba3597f48aaf978fae813970403dbc33b2 |
| SHA512 | 61843571637f8bde4f9faa0303adc58b9837fa61c5d7cd577f6366712c27dcc9dc8d6cea2efe48846d8b12e9ae4efa3fcaa60e12856179a1abe4c20572e6b205 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\bundler_version_finder.rb
| MD5 | 303146d58e435dfc4a9889de73d8ddcf |
| SHA1 | a5600ea7af439c7753c72379a50e36e43b161881 |
| SHA256 | fc8bd1eee633a4e6d0f3b379c30dede3ac7f5facc31db64f173b5859b99e5750 |
| SHA512 | d072c475a5eafab9a3d9b02c7cd60f461580c3430c48c40baec61189903a344486b84712413c00c62f11ba8a6c8f02fe7259bcd70d2f416f5b4f369aea2da114 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\gems\2.7.0\specifications\default\uri-0.10.0.gemspec
| MD5 | f2fa0e291b04f354cc3213d9fbdebc5b |
| SHA1 | 1ce80104790da350b7af57cf450eb1a4924df614 |
| SHA256 | 3527a7ed65d80d49285e6727e17dd3b14398698988d7f0a45b74b1bcef6574d6 |
| SHA512 | 89ad96b8e86a65fbfcbdac761f8d2c87291144c287e070d88f2a48630a809cdaf02714e9e082eb1179b67a97a122fc838c214551431d11c51c8655d661380a9a |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_gem.rb
| MD5 | 83f430827fb3bc1c63217e77310aaab8 |
| SHA1 | 0cc11fcf5f4d466c3f8eef06d9632685646cbd48 |
| SHA256 | d856f91e8d9e96fea9749d22d222199ea9be55130956c952e170e7fedb8dcfb1 |
| SHA512 | 4130ea3f711e871e1eec60b27a503ec413ae652c21118c2130a3688109ed2ff729e79bef4ef1166bf8759f552d6f5c766e84a1bcefec10ffd5be30245f1a5771 |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_require.rb
| MD5 | e1d2411ff966da362c3156a1b8c9cc01 |
| SHA1 | ba4bcf1c7746617758895dc203ca24fe614f7d75 |
| SHA256 | 7ecec37e67f6cd1fe8bdd8ce98dc1e2afd4cc9f0b7ba7614b2e430800f021e84 |
| SHA512 | d8349fc5e078f76927d0e36d1b9efabce5a06962613eac2f27bc5080342a647d4fc92054d3f41ea2b84d0cede724a919fa4223ef42b0db767daae7b1b1f772fd |
C:\Users\Admin\AppData\Local\Temp\ocr1F92.tmp\lib\ruby\2.7.0\monitor.rb
| MD5 | 183f668f5f7c62b8bfebef6e161d214b |
| SHA1 | 0ca202b66773e1603789d82a063cd71852c15ca9 |
| SHA256 | 131ebd0c23b46f28b2b8c03bb8c6b3aa917253cb2beb50616acb9db77bad1fd7 |
| SHA512 | 486041917ff40160e1b76a60411af1c4dd0c4169ec9283053cba56e001766f60bb36f4cad000088675d02000ec8663712597f6456f07aca213901255525957d1 |
memory/876-1486-0x00000000002F0000-0x00000000002F1000-memory.dmp
memory/876-1488-0x0000000000400000-0x0000000000410000-memory.dmp
memory/876-1490-0x000000006ACC0000-0x000000006AD46000-memory.dmp
memory/1688-1487-0x0000000000400000-0x0000000000413000-memory.dmp
memory/876-1497-0x000000006E6C0000-0x000000006E6CD000-memory.dmp
memory/876-1500-0x0000000065AC0000-0x0000000065ACE000-memory.dmp
memory/876-1499-0x000000006A340000-0x000000006A364000-memory.dmp
memory/876-1498-0x000000006A400000-0x000000006A40F000-memory.dmp
memory/876-1496-0x000000006B740000-0x000000006B750000-memory.dmp
memory/876-1495-0x0000000063D80000-0x0000000063D9A000-memory.dmp
memory/876-1494-0x000000006D0C0000-0x000000006D0CD000-memory.dmp
memory/876-1493-0x0000000068080000-0x000000006808E000-memory.dmp
memory/876-1492-0x000000006F280000-0x000000006F28E000-memory.dmp
memory/876-1491-0x0000000068AC0000-0x0000000068ACE000-memory.dmp
memory/876-1489-0x0000000065140000-0x0000000065519000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 19:43
Reported
2024-05-31 19:46
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
MetaSploit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe | N/A |
Checks installed software on the system
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3856 wrote to memory of 4132 | N/A | C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe |
| PID 3856 wrote to memory of 4132 | N/A | C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8822b510c7a6084e481376ed48e8e074_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe
ruby.exe "C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\src\s.rb"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| N/A | 172.16.4.78:4444 | tcp | |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby.exe
| MD5 | 1d4086a99fe43e7eb6a5ae131c6c13e4 |
| SHA1 | d307e3e9738ad8d2a2ccb04e3125eb45d7db1e57 |
| SHA256 | b7237aea5c4904e77005cf197aeb2c3c44dced2b1fe181cb383b6ca1914b11cf |
| SHA512 | 8a633103ef44142dcdb8bb444160799144b715aa61a670982b709916feb7b81125289ce358731a581563253be78586739aa42974b5f75c315b42822765270981 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libssp-0.dll
| MD5 | 348b64400aceb6edb2aab9ca73c8febe |
| SHA1 | f36a5a53acaa98df73a48c5cd3455eeb190aeea8 |
| SHA256 | e89577f3472fa1c3eda963649f823d322b0809ab7a76e9234b1bc09ad3ec9aba |
| SHA512 | 6ec614ecfdde9866768c4b1818a6956fe162d52472ed9e11bf7705eedcec55ac89c01bcdd920c7a6125c5d6243085f76f35f475d110814eeab3d7ccc25caa246 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\x64-msvcrt-ruby270.dll
| MD5 | 60273096d6eccdd6d41ac4b346d88295 |
| SHA1 | c62c4a732de35427c81971ab1a338e8b09c56c02 |
| SHA256 | 94f9f7ada34e0e38e5a1233a3ca0fcb77217025705044322f8a36ddb26484720 |
| SHA512 | 7e2c7797ca1ea9cbe87c422862590b9c1c032430c03033cf86f15c7bdcfd6228a8084f4364156e668340380cbe9495d68132f50f0e55b4af9c8d8324262386a7 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libgmp-10.dll
| MD5 | 14af514dc727e7be54bb9ab4b100dd9f |
| SHA1 | 7534ea8c9f83629fc4306275cae6bd09497ef3e5 |
| SHA256 | 4cd0caffe0c6c306f12416b8c5186c9be1d70d17b2d89e8c99f253bda4ffd2d8 |
| SHA512 | e38794005bc283b8d445a0dd0ad285be8c7ae995bca3471311b1fdacdd100ccf83c1bf1783c2a3a5b9b68a064fa0c270281357c863a7d10c1f3964d31255ac09 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\encdb.so
| MD5 | 8f14107d575b15e7b8f4ed9881a85b02 |
| SHA1 | 778b126a232b5f56726796e9aeea3e137837791b |
| SHA256 | 39a104b33c2408926704db8fcb1783e169d7b9827ba61c148fca3d0ee63c31f9 |
| SHA512 | c0f15b4ef79143caae14a639e6c799c6d0e1e35500d8c74794def600846a4d516aac9c7b119ea3b29d1e192f64ccb71e6d2ec83d9ca88c65b09f32600b4747cc |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems.rb
| MD5 | 0a7d865c3f3359ccc03148f355b62a7c |
| SHA1 | aa3caec2b86663c2383453f41262c69c3b669382 |
| SHA256 | 1e88c4ab8ca95ca7bdad87492dc14c7db87a773c97280c59cc9c75fa0a14d2ed |
| SHA512 | 7aa0027e960de8a631726f46bff97ffc5383c6ea5841abf1e590c5748d753d49713c8a42837feea935e6b1faf318188d26804f3c61fc64f34825d39d55ed681e |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\defaults.rb
| MD5 | ca5a6648b55a28b2ebd954a2ad83458b |
| SHA1 | 1731162a8f3e3623392b9268a0ec464632c372b0 |
| SHA256 | 6a06031bd03ec6c97db6625018e719b2ce5a338523c54bb5700d1439715e3a60 |
| SHA512 | 6360bdb3e74569829f7df41d270fcf570e6690e31b190c7c82d21e32ad60f83919eed0d58b506f0841734f9b8673dcff461aaa3e99a76b62f8c117ffecad8752 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\compatibility.rb
| MD5 | e8c22cd05733bf2b83b2f6fa5dbb91e2 |
| SHA1 | faea7125201edf6bba824c5d92fccad2a2d5b8cf |
| SHA256 | b3b9fee9805a8d5746cfb0b47ba02b53f252b1cac33817b2fc18a9cfc46a00b6 |
| SHA512 | 3f5cb60bff31560f19d0e63fb3ef3c1afe0b7c96b53ed21f1f38dbcf1c7171ae6e317c2e3fc802b4acc54c954aa963d8834fa2e044a4aa1753d27595c44474a1 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\rbconfig.rb
| MD5 | a35c7abc9949d0e42d9d27515d02d70a |
| SHA1 | ec4980dd7fd4ed7116a879280889ac3a475600fe |
| SHA256 | 58a9a73ef0811c0075952f914aa29c951dfaea1ada196d6e5b1b4235a8d20954 |
| SHA512 | 6fe6b57ffadb04844eebb26bcd73825397b416217153ae14370c2232be5b1e0dddf68cc379832b14715502c35bc9030f0b4fb6f9767f3e2fd3d832dbaa0098d9 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\windows_1252.so
| MD5 | 08de6e4ce2b40bae5d7dc036464bf03a |
| SHA1 | fbd98559b4c9863e5cd9aaf8fbb1482f16548005 |
| SHA256 | 6c973ea01e14a4fccccdc3c2c837014cdd98c9802504cdd6e54832a95722c377 |
| SHA512 | e1dd31945d144f551d44d042007a8050a77b4d83fb35fdd45ed8ea6bac3264ef93a82cf6a2b5453627e466f6422a50d53646f8e4061dd0f9121b76364103dca4 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\transdb.so
| MD5 | fcb51215b3798009b609b12205fefe50 |
| SHA1 | 0629b67b6f280f40bf5edd16992838099211c00c |
| SHA256 | acdf1218a2c624c543ec47bb44e83b4586b2ebc0b2bc05be2f3bb88aafb0807b |
| SHA512 | 91fda8517e82bc1d0dada64fa2b75309a092b7a58b837a6cec4982a74a9fefb863ee3e56ddedda98d7143315ff719da255d1f34757dc1c1db6a5e1485975354e |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\specification.rb
| MD5 | 5cdc3c75a42e6ee697c50f69af9cfc24 |
| SHA1 | 8162e52ad5943f4058766fade4999459bc224fc9 |
| SHA256 | e3bbf666100c5f532b26144496d935ca8fe7b41dd435f3f26d32a61b4d29349c |
| SHA512 | cf9cd42aefe42966f25281ea453c97c9c337c6f2d423a42a7f29c90478622059e7c8e01b8b8e11fa98d5762615d58114041771bdca99cd20ba1ee346f86a343d |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\version.rb
| MD5 | cda12b68bec9096eb94304bf62ef87ac |
| SHA1 | f839cb1f69ced1b3db3cedff190b72e834693e6a |
| SHA256 | 10b1ebc52f26afe93a5db1c0fd593e07ef6fbbb4f43139986bbcb27b30a229c7 |
| SHA512 | 7f8c2e263bf472ae86ed435e0b375fd5710aad7f5b356f7f99d739c4f464fdc688830228c77f08318327269b801defcae0f93bb692b0ee4fa5e11ae9347d87f4 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\dll_directory.rb
| MD5 | f893a4b2323b0c534be077c38b815d6b |
| SHA1 | afb77998a056379442ef33f3681832fded82ba73 |
| SHA256 | 7d59dadf00884fe69be1f19cae77ff7a34d1ce11e52b1b311bd885daf09979cf |
| SHA512 | 3eba751fa4be94ba46f9fea49df767e25f541896e305a643b9dc70c1466841a02508142f4835b7d8261730497cd2a49ab92c5e3c4e78dc043bd42abb0da563f3 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\fiddle.so
| MD5 | 0921b4abfc9b22f7d86f7b0f92d06d94 |
| SHA1 | e3f452a068db070220c2321a117f3e49e2a273e9 |
| SHA256 | 343a2cfecda25eed42e43ee9abf91df57b1bbaba3b93592affbd5ef07e15dd90 |
| SHA512 | 9a43bec7534287850f96d210a73a55828bc7cc1179659453a330e7df69dd152f7010dd0ee43989f973b07f982282f6b14667ce6a2d6bf4230fe36951b9b10e8b |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\requirement.rb
| MD5 | 024e2803bd7b4ba00d96f993e0ec7043 |
| SHA1 | 3dbd0ec6b7207f6cf98af3484d9d87a4fc825c2f |
| SHA256 | 099ac94db014715e7d99b96a9b2a81cf0957f49465cbe615bcec23d082d80623 |
| SHA512 | 08144a8ce98a63fd2a98819afdebd801e746211e5bfaad94df51c4e01e2798c6d0864ab7aee424750d3f1ed5862096da6d39c9cdd40709b51dacdd45ebdba63e |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\utf_16_32.so
| MD5 | 19cc9a04f0c0c7898243f6f52552fe45 |
| SHA1 | 232427ed2d305c52d6b5baa0b2f77c456155f756 |
| SHA256 | 1325d23b9ef22e5d4108443f769b5ee2efd347e0386b41001eed50a9fbeb8605 |
| SHA512 | 0e0e9d55939364723793320667dcc7a76b472dad20dbcc3fcd71d12d946f53e73fee7adef51c0a88449eb7aea7db00f30748738da502d9f9af8dc465a631e18b |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\trans\single_byte.so
| MD5 | 400badeea2973f73d86bffe0d361e61d |
| SHA1 | 2c9732f6c3d00678115ca937c616bf39b2fab293 |
| SHA256 | 567fe90ffe730cc6373d250b41505c1aca2ebd1fc109c793fd8203088abfac30 |
| SHA512 | 9d8f21b7b0fa3c133886904333817b8aef4f7568097da0100a1ba2b353ae3751a5247ed0b5a1904d4e96c85760d5a5b0068cd954dd7bd1479769a796cfa38e1a |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\monitor.rb
| MD5 | 183f668f5f7c62b8bfebef6e161d214b |
| SHA1 | 0ca202b66773e1603789d82a063cd71852c15ca9 |
| SHA256 | 131ebd0c23b46f28b2b8c03bb8c6b3aa917253cb2beb50616acb9db77bad1fd7 |
| SHA512 | 486041917ff40160e1b76a60411af1c4dd0c4169ec9283053cba56e001766f60bb36f4cad000088675d02000ec8663712597f6456f07aca213901255525957d1 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\monitor.so
| MD5 | 29cee1323cc163b11d293e08d5e1b7ca |
| SHA1 | 64fbeab597ca4b0d7684055b99cec010431b3855 |
| SHA256 | b00634854a5d1585ea1030e6d3df75ec1297430b968836dbb8dd213ad11a0a8b |
| SHA512 | a424a228e28d1b6efb972dcd51b442fd68f414d1ae08dcca1a725a405acf93dcc360012734cb89d026ea85d9dd818f8ca2d5bda2c393cf2be73616319aafe11d |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_require.rb
| MD5 | e1d2411ff966da362c3156a1b8c9cc01 |
| SHA1 | ba4bcf1c7746617758895dc203ca24fe614f7d75 |
| SHA256 | 7ecec37e67f6cd1fe8bdd8ce98dc1e2afd4cc9f0b7ba7614b2e430800f021e84 |
| SHA512 | d8349fc5e078f76927d0e36d1b9efabce5a06962613eac2f27bc5080342a647d4fc92054d3f41ea2b84d0cede724a919fa4223ef42b0db767daae7b1b1f772fd |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\core_ext\kernel_gem.rb
| MD5 | 83f430827fb3bc1c63217e77310aaab8 |
| SHA1 | 0cc11fcf5f4d466c3f8eef06d9632685646cbd48 |
| SHA256 | d856f91e8d9e96fea9749d22d222199ea9be55130956c952e170e7fedb8dcfb1 |
| SHA512 | 4130ea3f711e871e1eec60b27a503ec413ae652c21118c2130a3688109ed2ff729e79bef4ef1166bf8759f552d6f5c766e84a1bcefec10ffd5be30245f1a5771 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\gems\2.7.0\specifications\default\uri-0.10.0.gemspec
| MD5 | f2fa0e291b04f354cc3213d9fbdebc5b |
| SHA1 | 1ce80104790da350b7af57cf450eb1a4924df614 |
| SHA256 | 3527a7ed65d80d49285e6727e17dd3b14398698988d7f0a45b74b1bcef6574d6 |
| SHA512 | 89ad96b8e86a65fbfcbdac761f8d2c87291144c287e070d88f2a48630a809cdaf02714e9e082eb1179b67a97a122fc838c214551431d11c51c8655d661380a9a |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\bundler_version_finder.rb
| MD5 | 303146d58e435dfc4a9889de73d8ddcf |
| SHA1 | a5600ea7af439c7753c72379a50e36e43b161881 |
| SHA256 | fc8bd1eee633a4e6d0f3b379c30dede3ac7f5facc31db64f173b5859b99e5750 |
| SHA512 | d072c475a5eafab9a3d9b02c7cd60f461580c3430c48c40baec61189903a344486b84712413c00c62f11ba8a6c8f02fe7259bcd70d2f416f5b4f369aea2da114 |
memory/4132-1486-0x0000000000610000-0x0000000000611000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\dependency.rb
| MD5 | 7aa17a8d863a2294c42a79241779c2df |
| SHA1 | 639a04890d4ab264fd4f9673b06d99b5a161fa7c |
| SHA256 | 1576fac336da55b8333b77ba48a0c9ba3597f48aaf978fae813970403dbc33b2 |
| SHA512 | 61843571637f8bde4f9faa0303adc58b9837fa61c5d7cd577f6366712c27dcc9dc8d6cea2efe48846d8b12e9ae4efa3fcaa60e12856179a1abe4c20572e6b205 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\gems\2.7.0\specifications\default\did_you_mean-1.4.0.gemspec
| MD5 | a66d151f6a3c2e6d127d67febdc20c9c |
| SHA1 | d96fc97b970abc856383f06b3e7be1b72fb097ca |
| SHA256 | ee1668ab0833aab0f8a9a677bbc665215a810df6c27f679456d9170bd63c064f |
| SHA512 | 54c805b2eef5b147579838c4df26752f6f0d5bb6d26a8c2377db22e0fdf72d0dfc00d1ffed5dc614199926e9efca950bbd297f274ebe74df990e4f0eebf9195b |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\x64-mingw32\enc\utf_16le.so
| MD5 | 930e5ffa3cc8799fbdcbdd7f60cc5395 |
| SHA1 | 6d2662fcd209db413671d8576b9d5f0b3c91d233 |
| SHA256 | e9e733d7dea9072e2b5c62307a5a9003eba36f7130a235d859a62d782b3fb70e |
| SHA512 | 2a3cee8c784ab88db3d2e0bd5c4330f66cceb473450386c9556950722a6d12e88897a007d8e6f3729d2e297e9a54462971a8ea2020d869de2c410ed613f99be2 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\cparser.rb
| MD5 | e562e1a1ac9df9fc441b719a27f9f06a |
| SHA1 | db768e7e752a5b5f994617cbdee2ba3b464d2b35 |
| SHA256 | 7dfbb2e84e823cca56990b43a9ac0ff2a04726d28d04d5a04aef90c11874bf42 |
| SHA512 | 01b50f4517c5b8eec042797fa134114038bf9f3b47f1ade18b61fae3f899c70b4bd345137deb91c8a374093b48e37410baefb16bb6dd4c0a3e8ba74c051fc227 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\pack.rb
| MD5 | 1626eaf5907bd50189270d2412ccf8f0 |
| SHA1 | 4f2db70363ec164870b25688fb79262c5e8c73b6 |
| SHA256 | 134df1991cffe2ef273501001dfa077a7f6cae38f44b05d8aeeb2ce79f0c83c5 |
| SHA512 | a0c2d389bb001fb1e8d21f9b27eff494c346dde68799fe8474309a8f96df5cf78fb12fc71947cec61ee8bf1150ffb93c1a55f0912fabfe6eaba2aef0c49fe524 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\value.rb
| MD5 | 579211c8d18ae3ca4be6984b84b3364b |
| SHA1 | 1271a8fa314f486b83f13917bef6bef57e653381 |
| SHA256 | af87eaf3c40a33c856d86bbbbc5faa8adcff5d68efb0850125b44579c54dcd90 |
| SHA512 | 5e4d3519bed852385512ac406b0ea87cb3efcc3e6caa7deb42e856919c6b8a740ce187a5177157bc96d5b1466d130f3fe61f2961899b3830e10f6a2bd6b91bf5 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\struct.rb
| MD5 | 96ddd98bd209f77784b0cd05035cc609 |
| SHA1 | 3c2d1826480512f305218c84bc81243ea52b9749 |
| SHA256 | 429f8525491e40c710b91ede8230aa7e1647f9d7eb66ace9d9e6a6c7532b6e7b |
| SHA512 | 2e7b4b8f49cc21e1040f33c39438cd0d15ee8adec50704ae98ded34b97a4ba15396b86cf56705c72ecc105acf0ab75c96fe0744d83209e10e22c9e3c16321088 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\import.rb
| MD5 | c9617a78af3bbf84e0609ed09f56762d |
| SHA1 | 81a9df16ee4a903d66d090616af5e5d6d43bb40e |
| SHA256 | 503d19010cacff71ecaf0789a8e24db7c87900b829829a20f24273df3950d829 |
| SHA512 | a6e5950eb4ee22bdf909e99932b6ecf20e628c0941f10d39430b2b3db24577bf97f92f1d21673ed3321cd8573c43586a5f2527d6f534e4634a7e02cf4c651615 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\win32\importer.rb
| MD5 | d41aa7db5d0bdaa95b433bd1cc76b7a8 |
| SHA1 | e7d3778751ce7fca79b52049a990c829f1ecc035 |
| SHA256 | c83d80c59eb880115ee43f8ff950c87614935949df9918e58ed490385f9eaa96 |
| SHA512 | 672ae5c966583c849076cf57d37a6b1880c2c9ab3b7272517246cb609e8779094573f4dffd8da296dc7120b1d513d499c28d369dfb0e7fae9c0416f26fdce3ac |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\win32\registry.rb
| MD5 | 88230342d98e69aebe0b719fc31c273c |
| SHA1 | 2877119e25f362de0d9d0c461ead1829fb5e7d1d |
| SHA256 | 960372fcba6e3fdf6710f7fcd9cff49a0c9ef1d58a814b99773a236b8de01e61 |
| SHA512 | 89e2c0e7d46b0b88cdc844d1d838cca23400a68d6e45abccdb2f8b226876e6dd0f637250c0a8106c110b0ae5603db784781e55d4c87c07d1f5e588ac29bead45 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\closure.rb
| MD5 | 7bfc132c5b14d097ab0a7895c51ea1bb |
| SHA1 | 53c98f24d0b6a7329ffc0590f8051dbe1a7cffa9 |
| SHA256 | 762b117a58851789e4a5f3871bee97f453e04a1afe64e91c1937737427f418f5 |
| SHA512 | 4e155979a3d1b64980700fbcc0e1921f253f90394b76825472f29dc2575d746748a22767edd248c011bf796e47d74ae71f8b9feda863d2b8362ae35ee467b07b |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle\function.rb
| MD5 | 41a60a7a73897b9c535ff865df330535 |
| SHA1 | 9998cdbeb8c520b8040827b864e10ceff7db1a4d |
| SHA256 | 65524bcf2d69e3f7053aa476286f011f0523c6efe0ea6f5f3c373d9a9a2de5aa |
| SHA512 | b59a568fe258ed849c3e0108440e2744aeb08a1d57c552d7137dd1ddc5f65fecf379a78820116355a73875ad8ea6a9acdf2564a1ea0da7e2dc4524037e8e9ddd |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\bin\ruby_builtin_dlls\libffi-6.dll
| MD5 | 835b9252cf84aa654459ee3b7d07e824 |
| SHA1 | 89bd2b8cf4bebfc08a660520253ae097ba40d2f6 |
| SHA256 | 077ed959cd9ab1bf8f9e2ed248a0cb6492a18fd2ba283f52896125412ead121d |
| SHA512 | 19d60efb0ed2c73707396627f95d46c7d2a42855a58f0a29d5ce2c9b143c4297ff02d96b83761bdfe3045a1b4ffa6351275760920353c3bdd0829eaef07f8cf5 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\fiddle.rb
| MD5 | 9c3ce5c157180b6d65142465e093a877 |
| SHA1 | 39fdabbcf598534a73bbbf5223d0d5570956909a |
| SHA256 | d9f8894c029a2217fc368cb6fe26e11ea32270bdc98a68f4a0b33b8d1b55696a |
| SHA512 | 59cb9ce10144244b5ee275f29d5471bcb1156f22de69cb15a7ec8f18c32c1cbf0661034bf5e4dd1f226f03c58acb45d9cabf8daa1d7a026015718167af5a4edc |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\msys2_installation.rb
| MD5 | 0be6f804099682a5f9d1aa3cb0138959 |
| SHA1 | 610ed3402a723d3c383fafc0d19d196b7ddc2d34 |
| SHA256 | 3d5f2fced454d7b8160cdfa0960261e957fbb5d3edb50e0407aabb26448aee0a |
| SHA512 | 47ac6166fdab89439167ff8a29d3bf0f744f05d95018198ddecf1e383d8cdba9a77786560e6680bc7f956f6644b9350e3277e7be5f8c3b1b7cec4f448a0d281f |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime\singleton.rb
| MD5 | 3b73b2fa06660d2cb63f702095ad4d28 |
| SHA1 | 5e0cc47bea55758fbbafba4768808ca5b0ec1762 |
| SHA256 | 9b84fe45a22e2336dcfe56d4018e37cf84bd4d8a01f4226b8804ff3f72dd99b0 |
| SHA512 | 53568092aa6526e9a2077b94efe06937022c0a2c0459c4f3131787b5c7b508d2fe2df1cbc1222c9ab8f7a6703ff9e83138e3b6e2732e6efc75e161e268f42909 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\site_ruby\2.7.0\ruby_installer\runtime.rb
| MD5 | f6fce892fd2c017ac539d57788c1d290 |
| SHA1 | 86eb21d2796472643c21f2533df5dafc2506f852 |
| SHA256 | efd97ee568b0805e33ebdb291b2a021d604e462eca185073228003f8e01704a4 |
| SHA512 | 046475b4f5cbeb7f81df69daa90bae0ce88cb7bd2ad872d1aadf2255ed65fc7ac788771ba0cba14eb047a4437db5f0c3828408b6bb91bf52ad1c362d6366caa1 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\defaults\operating_system.rb
| MD5 | baacc7158dbf26f04d7f54eb2948457f |
| SHA1 | 11ec25e8c28d3f001846e5994dd1c1fd3280d33d |
| SHA256 | f401974bcb3d7da2d34e6943303c1f680d83ac1c200a670e5b791f16e2f926db |
| SHA512 | 7196df9f199f98132879747bda7faf6d085b0cdc45e7565e8852f85969fa8bfdac898ca99bf98284eca9f9e41cea5171b3b9eaccb01ec9d4dd0d26f3ce4b7380 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\exceptions.rb
| MD5 | a8ffa910114e8339628be9ca152f8b6b |
| SHA1 | b9bbb6927e986facc06370cac25674724f8df307 |
| SHA256 | f2ae8beaf0a8d4c62f4bc1c75619c905ffeba341975abdc1f8964f2aac169db6 |
| SHA512 | 5f86f7380b2e622d17784ba5938f82c26f3754c5e52f7eef6770089a7015b5a831c1b67a3cd49f5aebe50c38eb70ba02d1f090998076c155f802a38a20fc9b67 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\util\list.rb
| MD5 | f31d88f42431dc856aff7a90937fc984 |
| SHA1 | ae5c93bc784bce4b2820844883d74e5c86e2f0e2 |
| SHA256 | a88fae8bdbf33dfbbcc81a1914dad4609666379f838c53ba5c8fd487c07a9aaa |
| SHA512 | 8d15766ef0661d68be2b912d76af8568b0fbede0e3e9e38de2cdf213ea18b4fe115905f957d7a6329a7d6bd4daaf587a875492308e519a24f04e9f584cf956f1 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\text.rb
| MD5 | 71371ed0065b6bd98e4b611c25bcfa86 |
| SHA1 | b2cfe18f7499fc55c3caeb60d544fb41b48fdbab |
| SHA256 | 4002a46e5e570a1ec145266dc84b7e2d3953264d223d0965ab15a1fc3b1706cd |
| SHA512 | 87e6b1a11cf16a6340e2719e4eb8ed38daef3c4f160cb44dbd5590c0fdfaafb7f05ca9ae844676fbf29aeed9eb544a113421a02c5d742576d89cbd0806ae0f9f |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\util.rb
| MD5 | 815f3f0244055b3dde74b712c9c24862 |
| SHA1 | eb5c9dfaec1463a98839982829c801aa000d657a |
| SHA256 | e78aafe5d46ed2c0f58f398343cc64ef85a7317ebd5ddcca2064efb27ded65eb |
| SHA512 | 839c1330131617f86e9b092e1d10cdbb01f702799b52122e85555de1eb2c58e73e1ee5fe42e9a9ef9c1c59910cf4573d414a545d87c8aa196299d21d5afaf6ab |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\user_interaction.rb
| MD5 | 53d4a675a926619ae02ebca4c23e8bba |
| SHA1 | f8c0ce82bf73f1c11a869fc564ff0ae884bc7f57 |
| SHA256 | be3b5e8bcbb480fdc1134c1a65461ce158220053ae6f77580b1c7af057c1faf7 |
| SHA512 | f15b9e8532b66634b7b9ab926feca252a162839db34db1367aaa1424c6b98e598feb01d8cb6d6b8bcda041899f7be8165e5edca5fc1b83e859161132967e93f7 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\specification_policy.rb
| MD5 | 45ed5d90f507057e7ab19e24d15b386e |
| SHA1 | ba38f977ec58c9150d4ab88d80245fda25d50559 |
| SHA256 | 255efd9d1ee151dc59b1abf765e6e607b4082b73d901893f2bf1d22bd2aea98d |
| SHA512 | b90acf4fffaa0c5cdf84370c91855ce5f69a48928f320b5b97285edc600be8e29e96eee5e9c0f35beb73617b1f782816472d6297f8f84788b5eb0b60494119bc |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\stub_specification.rb
| MD5 | b1de0e1d1b189f771cf51e16c484f655 |
| SHA1 | f7c7007a636b37a5bab68ef5a78a7745a04bda09 |
| SHA256 | d0cec174fc52efa4a906bc9e7dc260b38cd6a0bcc506ffd4732ed7914ff62f80 |
| SHA512 | 73aa7dc499c276064342bc0d97d307036d07e02389b5a4e74d233735c0512e7b24e0623816310beaab6434c2b3823da7f344a1498dc10ae9cfbc1d5c85fafe3d |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\basic_specification.rb
| MD5 | b4522ab1407d553a8e36a5bd399a34f3 |
| SHA1 | 0812510e8cf65e6c098393604dcf50bd87cf5bf8 |
| SHA256 | c85f0a68d809ba4d9149030c9b4772866aa308439627c52a6dde59c4baaa2ef6 |
| SHA512 | 64b149f412c9a60adf576df3f5e4540b2fdbea85c9b758132c0bb4c699d88ac55820d44d2e547da5192371eff4b530577cd4d925cde521da196fac2c8c56d93e |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\platform.rb
| MD5 | 12d6239c5ef70b6eb70f07dd7dae2989 |
| SHA1 | 234d847344a15781ba0f844244b10317ff9fa704 |
| SHA256 | ea2eb806532e8d7f8961757091fe441e92400c55a896e8b5284ed046f9c1b6fb |
| SHA512 | bb61b653ab80ce577b2eeda8c2a36253936afaf8a7be391b7cbe81a4aa2ac9a9017571cecf0b5e986309bda85bd639b3cd7a11608e95f676bd478f66616e98d7 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\errors.rb
| MD5 | 09a2e7f44cdbaf9dc5425a0833b1b010 |
| SHA1 | 2736a71e9206842e2adef9d3dcb769b38bb457b8 |
| SHA256 | 56805e89aea909d86082f6580cb87a0cc99dea492ccb90dcfc66fdad8aec307e |
| SHA512 | 7e200acb43581681fb849a7af7b029a2098deddb315718e243364a3b61b956566c6af0f98139d3f920111e1603df3e6d1cd315568fda36811bebce68f539e4c8 |
C:\Users\Admin\AppData\Local\Temp\ocr499C.tmp\lib\ruby\2.7.0\rubygems\deprecate.rb
| MD5 | 757890f88cc989d45a0922fafa8bd2ef |
| SHA1 | d2ce6a889d1232b13cf6d25f945d2465a9b7750c |
| SHA256 | 2a3a061d35146eeef608ac639f7bde7d34f8bb4910f6cdb0abd04301222252a6 |
| SHA512 | 66eb85444d93c23c2b77fe0dddbe511eba7dd9a587053f7b91fae3b92f0efa913e794ee51b85749e2f7f175d867a39b10ffb9eacdb4f57b8f7ef36d08b8eded3 |
memory/3856-1487-0x0000000000400000-0x0000000000413000-memory.dmp
memory/4132-1488-0x0000000000400000-0x0000000000410000-memory.dmp
memory/4132-1489-0x0000000068AC0000-0x0000000068ACE000-memory.dmp
memory/4132-1500-0x0000000065AC0000-0x0000000065ACE000-memory.dmp
memory/4132-1499-0x000000006A340000-0x000000006A364000-memory.dmp
memory/4132-1498-0x000000006A400000-0x000000006A40F000-memory.dmp
memory/4132-1497-0x000000006E6C0000-0x000000006E6CD000-memory.dmp
memory/4132-1496-0x000000006B740000-0x000000006B750000-memory.dmp
memory/4132-1495-0x0000000063D80000-0x0000000063D9A000-memory.dmp
memory/4132-1494-0x000000006D0C0000-0x000000006D0CD000-memory.dmp
memory/4132-1493-0x0000000068080000-0x000000006808E000-memory.dmp
memory/4132-1492-0x000000006F280000-0x000000006F28E000-memory.dmp
memory/4132-1491-0x000000006ACC0000-0x000000006AD46000-memory.dmp
memory/4132-1490-0x0000000065140000-0x0000000065519000-memory.dmp