Analysis
-
max time kernel
40s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30-04-2024 16:47
Behavioral task
behavioral1
Sample
Femmeware_v0_1_1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Femmeware_v0_1_1.exe
Resource
win10v2004-20240426-en
General
-
Target
Femmeware_v0_1_1.exe
-
Size
512.2MB
-
MD5
5fb86988f1c72558edcda6ba673ad4a0
-
SHA1
1e0bcff62d7aae5890195d37188cff24dc00980c
-
SHA256
a4333d3ae7dc446f6f55f8d990092e2699d466314e90668041b8216da60254dc
-
SHA512
abcdabd1ffb2a31066334d05360295525393b57fe0725596539d7bb39e1169e4419c2292ea2ecbdd605b967fad93791226d739c5125f21dac11fa21bf52a706b
-
SSDEEP
12582912:Fbz4DBfU4BRU5MfKxxwK0mi1bg5ZMB7WKEbq:Fbz4DBfU4nU5MSnV0mia5yB7FEq
Malware Config
Signatures
-
Loads dropped DLL 24 IoCs
Processes:
Femmeware_v0_1_1.exepid process 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Femmeware_v0_1_1.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Femmeware_v0_1_1 = "\"C:\\Users\\Admin\\AppData\\Local\\FMRes011\\Femmeware_v0_1_1.exe\"" Femmeware_v0_1_1.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
Femmeware_v0_1_1.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\FMdata011\\defaultbg.png" Femmeware_v0_1_1.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 32 IoCs
Processes:
csrss.exedescription ioc process Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data csrss.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController csrss.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Identifier csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter csrss.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information csrss.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier csrss.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0 csrss.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral csrss.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter csrss.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 csrss.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data csrss.exe -
Modifies Control Panel 31 IoCs
Processes:
Femmeware_v0_1_1.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ActiveBorder = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\InfoWindow = "255 180 200" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ActiveTitle = "255 120 150" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ButtonDkShadow = "255 150 180" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\HotTrackingColor = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\InactiveTitleText = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\TitleText = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\GrayText = "192 192 192" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\Hilight = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\Menu = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ButtonFace = "255 180 200" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ButtonHilight = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ButtonShadow = "255 150 180" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\GradientActiveTitle = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\GradientInactiveTitle = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\MenuHilight = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\WindowText = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\AppWorkspace = "255 180 200" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ButtonLight = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\Scrollbar = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\Background = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ButtonText = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\WindowFrame = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\Window = "240 196 255" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\InactiveBorder = "255 120 150" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\InactiveTitle = "255 120 150" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\InfoText = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\MenuBar = "255 180 200" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\MenuText = "255 0 127" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\ButtonAlternateFace = "255 200 220" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Colors\HilightText = "255 255 255" Femmeware_v0_1_1.exe -
Modifies data under HKEY_USERS 9 IoCs
Processes:
winlogon.exedescription ioc process Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" winlogon.exe Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 winlogon.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" winlogon.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" winlogon.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" winlogon.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" winlogon.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager winlogon.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" winlogon.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" winlogon.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
Femmeware_v0_1_1.exepid process 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe 3020 Femmeware_v0_1_1.exe -
Suspicious use of AdjustPrivilegeToken 12 IoCs
Processes:
Femmeware_v0_1_1.exeLogonUI.exewinlogon.exedescription pid process Token: SeDebugPrivilege 3020 Femmeware_v0_1_1.exe Token: SeShutdownPrivilege 2256 LogonUI.exe Token: SeShutdownPrivilege 2256 LogonUI.exe Token: SeSecurityPrivilege 1012 winlogon.exe Token: SeBackupPrivilege 1012 winlogon.exe Token: SeSecurityPrivilege 1012 winlogon.exe Token: SeTcbPrivilege 1012 winlogon.exe Token: SeShutdownPrivilege 2256 LogonUI.exe Token: SeSecurityPrivilege 1012 winlogon.exe Token: SeBackupPrivilege 1012 winlogon.exe Token: SeSecurityPrivilege 1012 winlogon.exe Token: SeShutdownPrivilege 2256 LogonUI.exe -
Suspicious use of WriteProcessMemory 22 IoCs
Processes:
Femmeware_v0_1_1.execsrss.exewinlogon.exedescription pid process target process PID 3020 wrote to memory of 1992 3020 Femmeware_v0_1_1.exe explorer.exe PID 3020 wrote to memory of 1992 3020 Femmeware_v0_1_1.exe explorer.exe PID 3020 wrote to memory of 1992 3020 Femmeware_v0_1_1.exe explorer.exe PID 3020 wrote to memory of 1992 3020 Femmeware_v0_1_1.exe explorer.exe PID 3020 wrote to memory of 1468 3020 Femmeware_v0_1_1.exe shutdown.exe PID 3020 wrote to memory of 1468 3020 Femmeware_v0_1_1.exe shutdown.exe PID 3020 wrote to memory of 1468 3020 Femmeware_v0_1_1.exe shutdown.exe PID 3020 wrote to memory of 1468 3020 Femmeware_v0_1_1.exe shutdown.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1012 wrote to memory of 2256 1012 winlogon.exe LogonUI.exe PID 1012 wrote to memory of 2256 1012 winlogon.exe LogonUI.exe PID 1012 wrote to memory of 2256 1012 winlogon.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe PID 1008 wrote to memory of 2256 1008 csrss.exe LogonUI.exe -
System policy modification 1 TTPs 4 IoCs
Processes:
Femmeware_v0_1_1.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage = "1" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption = "ATTENTION! CONFIRMATION ACTION REQUIRED" Femmeware_v0_1_1.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext = "I promise to follow all Femmeware rules. I promise to let Femmeware turn me into the obedient slut that I am..." Femmeware_v0_1_1.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper = "1" Femmeware_v0_1_1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Femmeware_v0_1_1.exe"C:\Users\Admin\AppData\Local\Temp\Femmeware_v0_1_1.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:3020 -
C:\Windows\SysWOW64\explorer.exe"explorer.exe"2⤵PID:1992
-
C:\Windows\SysWOW64\shutdown.exe"C:\Windows\System32\shutdown.exe" /l /f2⤵PID:1468
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:1848
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵PID:948
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1008
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2256
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\Accessibility.dllFilesize
20KB
MD58498a2fa7558a261516d420216061dde
SHA1465f06996cc2490b288a82f1ee4573883be4cdc7
SHA2564588d9cf84c328f30d1ee5426449cb5d329570c32896637f7c8477082b821cbc
SHA512dd1cadf1eefae44d18eb744d0f1e966b93e591824364f48a2f4f883b0b52a01fb2cd7ed388fb9ac9e00985517d4b0899bb72dd2c65005c02ea8335d6c1ae13f1
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\Femmeware.dllFilesize
105.5MB
MD5fe941edf0ce37a1329b402a969620027
SHA1ecea7bf898eb3d3aea540605775e55e4622a40fc
SHA25642765fdc07bcb5c5aaeedcfcc53c50225508beb984610da06d266f5d25339df4
SHA512539f899d468ae3e2027e1ebce2e0decd6e69ac2512540ede6429253dabd51d53f2497bee6335fc5632df4c80451b2fc770241db4790f0f79fbfb9dce885e70b4
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\Microsoft.Win32.Primitives.dllFilesize
15KB
MD5e8e7f8a5fa85e6d0c0c5852f196c4335
SHA12d4c331299a4dfa78f32ac42e04e179ed371e91d
SHA2569e19d7d3973956aac57fad7417973f8713c2e1710d8a3742a5b9f2c531b306b5
SHA512b1fb020158db90dd97eb71554d649273b75400cf82d65957e6253cbb1bf3ed7407cc6625f61646cd9214b305c28407402341dcf377d0eb9dcfeeb1e3451a8ce4
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\Microsoft.Win32.Registry.dllFilesize
102KB
MD50b09420b48c1ae6702e7a1c09a4d1bec
SHA13d49792ba3790e133976c46a17cf585bb89fca27
SHA256645a7deda4ea928ac7ac79dde338880d13e5c897c6b58e37f1664c92735b1514
SHA5123108caf6548becd1b10dc0add19e05a0cc4eb61fa93361d57407b758056cf32bedfc90de48786d7646537c6c59af0cc71cf8ee9fce94a6595dcaeff70c4b1255
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Collections.Specialized.dllFilesize
90KB
MD5854231244235cf256e789c5560335013
SHA100a79b5be5b7c3dc36b15a0144a659a8292f44ae
SHA2569e8a99c9f6ee84c498dd77a32d0965545662af87b4f9bf9b9ff2c3ad2864453f
SHA512b5b40d47fb4c0668b1489ee61312708e6d5044c01235386b8b43fb3e2908ec738c7aec88215fc0f5dc4e26ca3ee525b59c3bed0603c86f04188304bac8667c0e
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Collections.dllFilesize
234KB
MD5e6f0e8fa27c6009c9615fa618a4c0b74
SHA16c6e1949b59e671b09690b0c1f1ab009cdb7a0db
SHA25606147b30dd0172b55c39a7bcbaf8361f6762ff0f872357979fdcdf19cbabedb6
SHA512d9e7e2ce75d8eade0d7ab0e734a1e6c2485c5df0e77722653f1add2ad91342a9979c6390a8e481b55d7f246366cd9674c460d29be8f672c6cd3c9c04e37dca15
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.ComponentModel.EventBasedAsync.dllFilesize
46KB
MD53afbb33963067028e65b8c2eb929451b
SHA1219670b79f1c36082f0d570a7b92a9b4e524627f
SHA25673bc7e24b4128d55da127849373c01a09639c3f8ea864c55ba8fc61312cf8c40
SHA512d7a8388212f51c7abb5259865e7af18d9ed37d770f6cbba58d6ef6c75e608d811b48afa538b8bd87a336a5b8d5d35db107553923f1bc7e95f48ad0f54d9b15eb
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.ComponentModel.Primitives.dllFilesize
74KB
MD59c755625f54790393dc292c4739aa30c
SHA1023a2626d9a805b2128a6f6eb40923d69c0d56f1
SHA2566a4ee989c5b2a552521fb81ac5591561a60051f343f1412286f738a7cae93a17
SHA512f115cd8ce681c5f359fab12779c8111b8510d0da35a4a07173f520f2e8ad8eff9096fa993c2d8d926775b3a94c05bf6f7f1c61389c8117ac097a29b70fd81e11
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Console.dllFilesize
154KB
MD5e6935dbfc128085aa10106f455ae988d
SHA18dc899b9df7d953bd318deda1613cff5654d368d
SHA256db9491f6d7815e5eee9977e190524469f5505fc215259fd95bb9fd8c86e807d0
SHA512af29877d6b47525bcdc606d0fc455381fb454874b6855dc4abffc218291c288d94870aacd1e7f34dcb9569229e189db379f1ab05c7e6f4618fbfd62fad3c8b53
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Diagnostics.Process.dllFilesize
290KB
MD56005c9f9e04a9f4a7c9176a76b9899db
SHA1d6222a7a951444fcbfb38c9640333fbd07574e0f
SHA25608a0b5eba03418806475a09457d61bb8fe0d78673b0c2d6ae092db69660634aa
SHA5125fbeedba13f3e3efd9613b397be9e52dac63385d2d0043c8761b5921a96b6ba1631dc6d0fd05f8de9bbe8cf597ff9857d2322a2bc7fbf36f8fad135a20491fc8
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Diagnostics.TraceSource.dllFilesize
126KB
MD5927d95dc91c13c634d6e37b0282bf82c
SHA1d6b931de6b4569f0726bee3c80f8636b83bfa3e8
SHA25617fd380232adb5f2da9e511fb2e6b048f6c645e6bf62e794cdb01326b6a5d155
SHA512256f6e42e1bb924a9d76006986a8bdb93e1f4edb7b9c20a0d32834fc7016bb247fd0fe94e55c387a7d2a7480bf53d833a41d75afdb14fd345bdfdab9aa7cbbb7
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Drawing.Common.dllFilesize
1.3MB
MD563ded0da102305a3a3a1632232735d91
SHA194cef4f73859ec3196d7f970d99034bcc4c0fe0c
SHA25631a064f49592fd3766f3636c86ddd940d9c070d4730499345167e5c826d96f92
SHA512e8431f5bdcc1cf274bf3ddc189cfb14be47f3fc0a1527a07aa4a4b6c1e6c1bc4555341fd858d18642d5763884b2dc31121ed013c59e7d49d07b1dda7d2c9422d
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Drawing.Primitives.dllFilesize
126KB
MD5a583ab761481a5755a7aec0908167876
SHA199da30479ad4775c2d2ca51cdfb3ca244bb82548
SHA256a8c21d966a1f6cc26cac55e305c069b418e472abd9f206686162742f5d82f550
SHA512373bae77fac8d53dc856e8e7c1f1d2b1187fe86fe9dbfbe735e393961b6b66e3276fc2f8c8ff3e2a39f74c01c5ff780c5b6529e47c15d94f4ee35eebe71313bf
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Memory.dllFilesize
142KB
MD51014375f7997520b3648df461feed6c6
SHA17e244377cc46cf1180a46182d951f25f411d32a2
SHA256f5a551228ea9c0d5c14a706cce142c79dd29b9f3cfeeaa7cf2b808d43c3e329c
SHA512032dacd767621076a1bc63eae36648ccd622509b20dd799e0fbae1de60d5a512c0cdd12ac26d0c0ff9217f6122725d505dbd282f06dfcd7315ef5fc5fc17b972
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Private.CoreLib.dllFilesize
11.9MB
MD5fc5dbcad46ab19b62d5755293cda2a4c
SHA1db19c149f561775ed353bc2cf3dbbfb3c3f23566
SHA25641facef80f527a263e3180ec5b4483a0cb9f94b4e85b50237c07509508a35996
SHA51249bd844ea477108b96515c9d01a3fd845df0aac3d35bdfcc4cdaca0b14fb9fe33dbd02624352aff9f21bece7d28302484497ac25150c2650fdea132651824caf
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Runtime.InteropServices.dllFilesize
86KB
MD52de526e298c8ae1f2fe8d912396f7dab
SHA123d3a3e70695880e8699ae52c8708f9fad27c04f
SHA256f36923a2f3bec300a80d1301b00cc2f763e27c86fd86f56f4545cbf607298ed2
SHA51246719c444dc201e08dbdcf85cb0123cc6f06256d2e254ab85cfd53ff56450fc367186117d6fcc86711984b8c9934d38b86d5464fccf27724b5c73d80ddc7d33f
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Runtime.dllFilesize
42KB
MD552b14397705282eb85aae70f7634e8cb
SHA1f422bcd8f4df69ddcae947affab02bd07ca22057
SHA256d9f6d328966b88e463f978ce05ae5794693560365d91e9c5d30a9722e0946e75
SHA5126b2c8b8a9b9dfbfbe93e05e0246c3b61b8dc064188246114210c7a7b7c9cfa0bbc8d87d67da886549aa34041a37c2a5bd561e56df0d1c6489c0c3449e8044136
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Security.Cryptography.dllFilesize
1.7MB
MD52aab48a221a2d3d0dbbd3a5b636db2e3
SHA169ccf197a1d45e4d7d2621b8fb3b3355d7a5d927
SHA256e2bf84a50e27bf261d642878e5c4ea30321d5278f35805d4b94d678ebd27d7d0
SHA5128607435a7efb74dca16827a11e996cdb425693d6202790bdc9dd98159416c1e8e1123784a854acab796c5aa416b8d8507312d4111fbaa3a68e38e9b493418ff5
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Text.Encoding.Extensions.dllFilesize
15KB
MD57356a0c3d4dbf74ab54f86da4ec30085
SHA157293a4ff7f6777c1869809673ad20627339ff3c
SHA256a953fae1a01e95bcaca3ee19d861efeaed3d06699df22ab337df885b72c2c73f
SHA5121ecb3df1a32f2500a59dd46e5461fc5215f062103b616265c6e1716ea263079032815e2625da6122663d0d283a6c1799c2502fc24dea83931976a020e389f61d
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Threading.Thread.dllFilesize
15KB
MD5adf197c1c2c2a9f6786ba6efb1f1d330
SHA15f637c51a9daf23879fe35b81d9e06c30722a1c4
SHA2568e54893d738541b6dca1693100b1b5dddeee877c92630b69110b0f29423f1b41
SHA5123aeca1ea70aad0e1c8a884453360c1f434861c6dc9cbfbc291e707d47db1eb7987292ba19b3dba344b5ed7a23e620f2cf4beda40d00c68be473c63bcb4a81113
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Threading.dllFilesize
78KB
MD5a0a2c4c0811d6b133ccfbc1fc48e6ae0
SHA100dcae3cea2de5d02b60a68b81d669beb98d09eb
SHA256c72cb9bc7b9dd33b200d797dcb2f313c5ea44ee7efa4133db98e90d203de6712
SHA512ff979320679525f7fe88be659c62077b3660d267adf971f7dee226a1074e61ca2d7d198c77719581214ff0deb3565de60db4eb39f0a4e1e89271a4a50117e1a8
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Windows.Extensions.dllFilesize
110KB
MD57400305dfbe589c6b8619eeee0a4c8e8
SHA131feedb6b15ec75159d3ae4b8d4d4bbf255e4342
SHA256520ae0f47b235a8e64505fd8c9a50a8ae4a79ab0976c999ff215ca355150ab1f
SHA512c9c05c9e95bf4580df3ac6c57775874d2e06117c2a05364df6be50925fa4a0a051af0b694387e21a966fffa08acb14d86d77344d55a844f4affdbeb64fd48162
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Windows.Forms.Primitives.dllFilesize
2.6MB
MD5186a2c6767696a074070c6533361eee7
SHA1b85137a147ffdf612c3d10bf01c2cb84853d9a21
SHA256cb555ac250bb38e7fbe6d10adb1d8a5456c90a4ee10703ab1e648d76d96297fc
SHA512d2ff60818c6f32396eca71c2e5a4911adb93e1e34cece05c4d86fcd6e3622dec3ebca4b557912621b950ccff2fa352dfc8c5d00a6d57e1b3df7314cde2ca9c4a
-
\Users\Admin\AppData\Local\Temp\.net\Femmeware_v0_1_1\Y9l92IhArCaUGkCbUH4mDgrJ3g5MY3I=\System.Windows.Forms.dllFilesize
12.2MB
MD5357d2b02eabfb9a724cd31613b99239e
SHA103aa1e1ee50f7e9c760805ac5af8a5d9d5ba82ae
SHA256aa602eb68737edf952a7f2e4232b3e08789c81389510f1b7e072fa7816e0decf
SHA512e6a655b868a3339ffd73cfa0b9544580034302cad217ee548571e94fad64c96aaf5b1b351174d95ca5ef38d4540206c3d129007d924003536d9ad97ebe9079bf