d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1

Resubmissions

14/02/2025, 03:19

250214-dt85hazpgj 8

15/07/2024, 12:22

14/07/2024, 17:11

14/07/2024, 17:07

14/07/2024, 16:55

01/05/2024, 09:05

24/03/2023, 19:33

Analysis

max time kernel
844s
max time network
845s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Replace.exe
Size

34.8MB
MD5

fd5cd14325c51ecab6a57d1d665f8852
SHA1

ea16aa0f197210437733c63a42a8f1dd6442d753
SHA256

d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1
SHA512

9a2e4c8baa01fbafe6968905daeb8d3b7eb62c09d1d7584e973ad1c23d964093e161a51a7390dfaa598d2657f45ca17bf00b5055aeaf0441f875ddb364741d71
SSDEEP

786432:i9hj60qHOBbQcVM3sct6C2ubdsUeGXV4yQnb+LQgRkrm12PYfrB:i9kH+o5sG2ysbhrmka

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2928	run.exe
2824	FL64.exe

Loads dropped DLL 37 IoCs

pid	Process
1956	7zFM.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
2824	FL64.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\BITMAP\EXECUTABLE.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMEAMPTOOLFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMEBASEMODALFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TPLUGINFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TTOOLBARFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\FL64\.rsrc\2067\ICON\11.ico	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.xda3	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\15	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\BITMAP\CURRENTFOLDER.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\BITMAP\NETWORK.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\8192\ICON\7.ico	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TBRIDGEDEDITORFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\FL64\.rsrc\2067\ICON\13.ico	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\__tmp_rar_sfx_access_check_260116737	run.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\BITMAP\VT_MOVENS.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMESCALETOOLFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_CURSOR\DRAGNO	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_CURSOR\HANDDRAG	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\BITMAP\VT_MOVEEW.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\38	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\49	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\BITMAP\VT_CHECK_LIGHT.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\RCDATA\BBCANCEL_DISABLED	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMELOOPTOOLFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\GROUP_CURSOR\32763	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\FL64\.rsrc\2067\GROUP_ICON\102	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\35	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TPRSCORECREATORFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TQUICKDOCKFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TREDEEMCODEFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\29	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\CURSOR\7	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\18	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\40	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\8192\ICON\5.ico	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMEDRUMSTRETCHTOOLFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_CURSOR\MOVEH	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\version.txt	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1031\CURSOR\10	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\RCDATA\BBABORT	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\RCDATA\BBCLOSE_DISABLED	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_CURSOR\VT_MOVENS	7zG.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\FL64.exe	run.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\BITMAP\CLOSEDFOLDER.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\BITMAP\VT_XP.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\RCDATA\BBHELP_DISABLED	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMEEVENTSTOAUTOTOOL	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\FL64\.rsrc\2067\ICON\3.ico	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\41	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\2060\CURSOR\4	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\20	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMEBLURTOOLFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TPRBASETOOLFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TTESTFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_CURSOR\EESLIDE	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\CERTIFICATE	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\FL64.exe	run.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\BITMAP\VT_TICK_DARK.bmp	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMISSINGPLUGINSFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TMSGFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\RCDATA\TPRFLAMFORM	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_CURSOR\MEADDPOINT	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\27	7zG.exe
File created	C:\Program Files\Image-Line\FL Studio 20\.rsrc\1033\RCDATA\BBABORT_DISABLED	7zG.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2680	2140	WerFault.exe	29
1544	3060	WerFault.exe	38
2052	980	WerFault.exe	40

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1956	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1084	rundll32.exe
644	7zFM.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: 33	620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	620	AUDIODG.EXE
Token: 33	620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	620	AUDIODG.EXE
Token: SeRestorePrivilege	1956	7zFM.exe
Token: 35	1956	7zFM.exe
Token: SeSecurityPrivilege	1956	7zFM.exe
Token: SeRestorePrivilege	644	7zFM.exe
Token: 35	644	7zFM.exe
Token: SeSecurityPrivilege	644	7zFM.exe
Token: SeSecurityPrivilege	644	7zFM.exe
Token: SeSecurityPrivilege	644	7zFM.exe
Token: SeRestorePrivilege	2440	7zG.exe
Token: 35	2440	7zG.exe
Token: SeSecurityPrivilege	2440	7zG.exe
Token: SeSecurityPrivilege	2440	7zG.exe
Token: SeRestorePrivilege	2816	7zG.exe
Token: 35	2816	7zG.exe
Token: SeSecurityPrivilege	2816	7zG.exe
Token: SeSecurityPrivilege	2816	7zG.exe
Token: SeRestorePrivilege	2528	7zG.exe
Token: 35	2528	7zG.exe
Token: SeSecurityPrivilege	2528	7zG.exe
Token: SeSecurityPrivilege	2528	7zG.exe
Token: SeRestorePrivilege	2264	7zFM.exe
Token: 35	2264	7zFM.exe
Token: SeRestorePrivilege	2624	7zFM.exe
Token: 35	2624	7zFM.exe
Token: SeRestorePrivilege	2644	7zFM.exe
Token: 35	2644	7zFM.exe

Suspicious use of FindShellTrayWindow 17 IoCs

pid	Process
1956	7zFM.exe
1956	7zFM.exe
644	7zFM.exe
644	7zFM.exe
644	7zFM.exe
644	7zFM.exe
644	7zFM.exe
644	7zFM.exe
644	7zFM.exe
2440	7zG.exe
2816	7zG.exe
2816	7zG.exe
2816	7zG.exe
2528	7zG.exe
2264	7zFM.exe
2624	7zFM.exe
2644	7zFM.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2680	2140	Replace.exe	30
PID 2140 wrote to memory of 2680	2140	Replace.exe	30
PID 2140 wrote to memory of 2680	2140	Replace.exe	30
PID 2140 wrote to memory of 2680	2140	Replace.exe	30
PID 3060 wrote to memory of 1544	3060	Replace.exe	39
PID 3060 wrote to memory of 1544	3060	Replace.exe	39
PID 3060 wrote to memory of 1544	3060	Replace.exe	39
PID 3060 wrote to memory of 1544	3060	Replace.exe	39
PID 980 wrote to memory of 2052	980	Replace.exe	41
PID 980 wrote to memory of 2052	980	Replace.exe	41
PID 980 wrote to memory of 2052	980	Replace.exe	41
PID 980 wrote to memory of 2052	980	Replace.exe	41
PID 1956 wrote to memory of 2928	1956	7zFM.exe	44
PID 1956 wrote to memory of 2928	1956	7zFM.exe	44
PID 1956 wrote to memory of 2928	1956	7zFM.exe	44
PID 184 wrote to memory of 876	184	rundll32.exe	56
PID 184 wrote to memory of 876	184	rundll32.exe	56
PID 184 wrote to memory of 876	184	rundll32.exe	56
PID 1556 wrote to memory of 2448	1556	rundll32.exe	59
PID 1556 wrote to memory of 2448	1556	rundll32.exe	59
PID 1556 wrote to memory of 2448	1556	rundll32.exe	59
PID 2616 wrote to memory of 3036	2616	rundll32.exe	65
PID 2616 wrote to memory of 3036	2616	rundll32.exe	65
PID 2616 wrote to memory of 3036	2616	rundll32.exe	65
PID 1328 wrote to memory of 2684	1328	rundll32.exe	69
PID 1328 wrote to memory of 2684	1328	rundll32.exe	69
PID 1328 wrote to memory of 2684	1328	rundll32.exe	69

C:\Users\Admin\AppData\Local\Temp\Replace.exe
"C:\Users\Admin\AppData\Local\Temp\Replace.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 256
  2⤵
  - Program crash
  PID:2680

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:620

C:\Users\Admin\Desktop\Replace.exe
"C:\Users\Admin\Desktop\Replace.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 172
  2⤵
  - Program crash
  PID:1544

C:\Users\Admin\Desktop\Replace.exe
"C:\Users\Admin\Desktop\Replace.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 160
  2⤵
  - Program crash
  PID:2052

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Replace.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Users\Admin\AppData\Local\Temp\7zO4A7A3421\run.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4A7A3421\run.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2928

C:\Program Files\Image-Line\FL Studio 20\FL64.exe
"C:\Program Files\Image-Line\FL Studio 20\FL64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2824

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1084

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:644

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Program Files\Image-Line\FL Studio 20\" -an -ai#7zMap2682:118:7zEvent10158
1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2440

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Program Files\Image-Line\FL Studio 20\" -an -ai#7zMap29277:102:7zEvent21851
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2816

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Program Files\Image-Line\FL Studio 20\FL64\" -ad -an -ai#7zMap20093:102:7zEvent19450
1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2528

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\DIALOG\MYDLGO"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2264

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\DIALOG\MYDLGO
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:184
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\DIALOG\MYDLGO
  2⤵
  PID:876

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_ICON\MAINICON
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_ICON\MAINICON
  2⤵
  PID:2448

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\string.txt
1⤵
PID:2336

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\14"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2624

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\21
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\21
  2⤵
  PID:3036

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Program Files\Image-Line\FL Studio 20\.rsrc\8192\ICON\6
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Image-Line\FL Studio 20\.rsrc\8192\ICON\6
  2⤵
  PID:2684

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Program Files\Image-Line\FL Studio 20\.rsrc\8192\ICON\6"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\14

Filesize
748B

MD5
3faf65447689c7378edf8b456afa3835

SHA1
8850867c258ae504295d9050c64867a4254a53e1

SHA256
b82dd5628df585d0f8c69ccbb37b90c7bd7e59d80ffeab4a2112347c68743476

SHA512
e25e5f2d35f3988e501c3f02a8a1014a5480ba8a802a1904db05b6034788e91517e34e8dfb8c490bf9b2706b220468eb5de224b4849571908fb20a25672cccfb

Download Submit
C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\CURSOR\21

Filesize
4KB

MD5
b2bda247bd4f81a0033d1c681b8fa9f4

SHA1
d5b23ca118eb6daaeabead8a95044af3c6bd7417

SHA256
916f344189fd71c67787a61df18f4658e9073e5b18e24f82d0538b824460be9b

SHA512
4b6997edcad94701618f667affd76a8c04d04d61ba3b9a7df5110c5f1b4c816b56060e2eb9df653c61e78a386b1ec7d135f43e158b13c6bbb5c08d19eaa6ba72

Download Submit
C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\DIALOG\MYDLGO

Filesize
82B

MD5
5f6bb5a9084c60cad8aea0e73f39b3ab

SHA1
d55c765f0310eaa7e4ede8b91939c702f1038be8

SHA256
1f057ec4eb400f9c4683f3530d5cb8f02862a091ced84e77884936eeaa6bb8cb

SHA512
f2fca0dd47283203723c365283935a1464280f2fd0c0062c7ba38a1185e70cee540982dac4963711e8ba0ec5d5aed21a2c84c14e6dbd9d5ba2025ccdfc240cb7

Download Submit
C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\GROUP_ICON\MAINICON

Filesize
188B

MD5
a7bf497db140a796cf28adb6018ab3ea

SHA1
af31a692fadc1513c5525b0f10a97be5a6656a1e

SHA256
d21495115ec1f7a57d9e4f8ec47688ea43fc452a14e31fc8cebd2effa39cf821

SHA512
6606129c9a2db36fc0ea7e8a8bfe39474333f3500b9c8a24beb4ff9fddfeb86b07edccf826ea3e97031820f7e5ee0398bdceef291d4bc38fb51b92bdc7dc311e

Download Submit
C:\Program Files\Image-Line\FL Studio 20\.rsrc\0\string.txt

Filesize
44KB

MD5
92e22ae3af44e14c7792b2f8200e491e

SHA1
1bd2d72226d3d685f202075c1ace58fde3cd37d9

SHA256
c39b89b004fb6b5e8769b3c297aea21220aba02e51549fcb8a069a93185a765d

SHA512
cc0c1c996872d2e2b8dc93809aa5f663f22d857bf0c8790c7837d83bc8e935a3170b3ea67c59ca43f300d03788b7d0b8901fb926988ca25353691b8d7742c229

Download Submit
C:\Program Files\Image-Line\FL Studio 20\.rsrc\8192\ICON\6

Filesize
47KB

MD5
4995ff1475023a731f41bbdaf9b472c5

SHA1
5aa323494b6a70e6c288ed5775b5f341cae0c953

SHA256
33bb59435d329b932e692090741162d919d9fdb5ac6f0d06fbfee1e1af13ab09

SHA512
333f4f3a324ebbbe18532b3440c20172c661631b019b69897ac77faaf0854b77f1e2d73c1f76d098781ae7ecf62c8a0c83fae88acb63a529e783a34ccfb8635a

Download Submit
C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll

Filesize
48.5MB

MD5
e577ef3cfadbb80c6af8f37bf6e62f70

SHA1
c27f57e17539f09cec7b47c223dfa8ea54b851fe

SHA256
60392a436109f0b236c2b26ccaf677f3e0e0bd338aec35a6495c0a25f73e3f15

SHA512
a1fa8bb2e148e76e2ccedfed94d8c93841e086821fe258adb931f12a1685bf2f5b5a9a131aece81b18441fdb48112c5f5c914e49a8c689138333ff0c427bca49

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4A7A3421\run.exe

Filesize
34.8MB

MD5
d77c3ef3efa7e38ef91137466eee801b

SHA1
0b6ce4b03f43c2a7290f95bfbbe9107298efeaef

SHA256
91c2295f354b0616aa6481708248f6ce35dbe9292901464fc6bf3a22522ccb2f

SHA512
7c0171509814f7e5f24b2a9d53a10ab282586ec56bcdedc2deb2ba1aa2b4d9edade6d6d753ca80fb65d147597bfd4ac9f30e330e88c695e72c913ff3ab224750

Download Submit
\Program Files\Image-Line\FL Studio 20\FL64.exe

Filesize
287KB

MD5
8d4aee53f9d6ea4a47dc73edd78dcef0

SHA1
4d12d67edd64877831dea463ce67c42ebca6e0ae

SHA256
6cfc98d1ffcdb983e64beac75ccde7d873e3c41fffde2f4d87dd0757eb5a620d

SHA512
54eaa03f18bccaddb04a8dd7127f1e9ce8eefaf1141e3b8684e7f6bbdcc45aa60aa276467f1df9bd361d0ac8c8de398959be18bf2e387dce34550716e44599ec

Download Submit
memory/644-44-0x00000000037A0000-0x00000000037B0000-memory.dmp

Filesize
64KB

Download
memory/2824-29-0x0000000002530000-0x00000000056F3000-memory.dmp

Filesize
49.8MB

Download
memory/2824-28-0x0000000002530000-0x00000000056F3000-memory.dmp

Filesize
49.8MB

Download