60ae1d96df1d73c4faa626dce47082e9d90bff6ffbb6a8a84e4ac9ec5f7f2e4a

Analysis

max time kernel
101s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2023, 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SoundBoosterSetup.exe
Size

6.5MB
MD5

5911069e34b125def642503de4149ca2
SHA1

9b60d96135c8e68c90a47f10e7e3f6a2fc4d15c7
SHA256

60ae1d96df1d73c4faa626dce47082e9d90bff6ffbb6a8a84e4ac9ec5f7f2e4a
SHA512

21ac692134b614e52552fcadc9bdfde2c81c41f27efd5877ff9ee75c8288ee9cebb170b419bb32a00ba976a77558479d08e7eebf6e22c79db051a768860ceef1
SSDEEP

196608:E+o5hbv4NoR+jo+4cU49prvthSiyLrC4LdnCqX:y3b4NoszU499zS9LrxX

Score

7^/10

discovery persistence vmprotect

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	SoundBoosterTaskHost.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	SoundBoosterSetup.tmp

Executes dropped EXE 11 IoCs

pid	Process
1652	SoundBoosterSetup.tmp
2220	_setup64.tmp
4828	SoundBoosterTaskHost.exe
3488	SoundBoosterService.exe
3808	SoundBoosterTaskHost.exe
3296	SoundBooster.exe
3428	SoundBoosterHelper.exe
2896	Process not Found
2664	Process not Found
4188	SoundBooster.exe
5004	SoundBooster.exe

Loads dropped DLL 64 IoCs

pid	Process
4828	SoundBoosterTaskHost.exe
4828	SoundBoosterTaskHost.exe
3500	regsvr32.exe
628	regsvr32.exe
3488	SoundBoosterService.exe
3808	SoundBoosterTaskHost.exe
3808	SoundBoosterTaskHost.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3200	AUDIODG.EXE
3428	SoundBoosterHelper.exe
3428	SoundBoosterHelper.exe
3428	SoundBoosterHelper.exe
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found
2372	Process not Found

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32\ = "C:\\Program Files (x86)\\Letasoft Sound Booster\\Sbapo.dll"	regsvr32.exe

VMProtect packed file 9 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/files/0x0007000000023153-253.dat	vmprotect
behavioral2/files/0x0007000000023153-254.dat	vmprotect
behavioral2/memory/3296-255-0x0000000074B80000-0x0000000074DBE000-memory.dmp	vmprotect
behavioral2/memory/3296-262-0x0000000074B80000-0x0000000074DBE000-memory.dmp	vmprotect
behavioral2/memory/3296-288-0x0000000074B80000-0x0000000074DBE000-memory.dmp	vmprotect
behavioral2/memory/4188-307-0x0000000074B80000-0x0000000074DBE000-memory.dmp	vmprotect
behavioral2/memory/4188-310-0x0000000074B80000-0x0000000074DBE000-memory.dmp	vmprotect
behavioral2/memory/5004-313-0x0000000074B80000-0x0000000074DBE000-memory.dmp	vmprotect
behavioral2/memory/5004-316-0x0000000074B80000-0x0000000074DBE000-memory.dmp	vmprotect

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 25 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-LV1G4.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-IUBRC.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-BALL9.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-LRNVA.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-RSRG9.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-8TD6K.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-VVP9F.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-VRE8O.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-11AJE.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-6SDRK.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-TFUG0.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-VVIMG.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-02548.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\unins000.dat	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-E4A3P.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-QUQM8.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-Q5CHH.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-HL84F.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\unins000.msg	SoundBoosterSetup.tmp
File opened for modification	C:\Program Files (x86)\Letasoft Sound Booster\unins000.dat	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-PJSMN.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-D9U9G.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-6QROK.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-PBS05.tmp	SoundBoosterSetup.tmp
File created	C:\Program Files (x86)\Letasoft Sound Booster\is-QBS00.tmp	SoundBoosterSetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 19 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\MajorVersion = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\MinInputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\MinOutputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\MaxOutputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\ = "Sbapo Global Effect"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\FriendlyName = "Sbapo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\Copyright = "Copyright (c) Letasoft LLC"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\MaxInstances = "4294967295"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\NumAPOInterfaces = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\MaxInputConnections = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\MinorVersion = "0"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\Flags = "13"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32\ = "C:\\Program Files (x86)\\Letasoft Sound Booster\\Sbapo.dll"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3296	SoundBooster.exe
3296	SoundBooster.exe
4188	SoundBooster.exe
4188	SoundBooster.exe
5004	SoundBooster.exe
5004	SoundBooster.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3296	SoundBooster.exe
Token: 33	3200	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3200	AUDIODG.EXE
Token: SeCreateGlobalPrivilege	3200	AUDIODG.EXE
Token: SeCreateGlobalPrivilege	3200	AUDIODG.EXE
Token: 33	3296	SoundBooster.exe
Token: SeIncBasePriorityPrivilege	3296	SoundBooster.exe
Token: SeCreateGlobalPrivilege	3200	AUDIODG.EXE
Token: SeCreateGlobalPrivilege	3200	AUDIODG.EXE
Token: 33	3428	SoundBoosterHelper.exe
Token: SeIncBasePriorityPrivilege	3428	SoundBoosterHelper.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1652	SoundBoosterSetup.tmp
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3296	SoundBooster.exe
3296	SoundBooster.exe
3296	SoundBooster.exe
3428	SoundBoosterHelper.exe
4188	SoundBooster.exe
5004	SoundBooster.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 1652	5112	SoundBoosterSetup.exe	83
PID 5112 wrote to memory of 1652	5112	SoundBoosterSetup.exe	83
PID 5112 wrote to memory of 1652	5112	SoundBoosterSetup.exe	83
PID 1652 wrote to memory of 2220	1652	SoundBoosterSetup.tmp	92
PID 1652 wrote to memory of 2220	1652	SoundBoosterSetup.tmp	92
PID 1652 wrote to memory of 4828	1652	SoundBoosterSetup.tmp	94
PID 1652 wrote to memory of 4828	1652	SoundBoosterSetup.tmp	94
PID 1652 wrote to memory of 4828	1652	SoundBoosterSetup.tmp	94
PID 4828 wrote to memory of 3500	4828	SoundBoosterTaskHost.exe	97
PID 4828 wrote to memory of 3500	4828	SoundBoosterTaskHost.exe	97
PID 4828 wrote to memory of 3500	4828	SoundBoosterTaskHost.exe	97
PID 3500 wrote to memory of 628	3500	regsvr32.exe	98
PID 3500 wrote to memory of 628	3500	regsvr32.exe	98
PID 1652 wrote to memory of 3488	1652	SoundBoosterSetup.tmp	101
PID 1652 wrote to memory of 3488	1652	SoundBoosterSetup.tmp	101
PID 1652 wrote to memory of 3488	1652	SoundBoosterSetup.tmp	101
PID 1652 wrote to memory of 3808	1652	SoundBoosterSetup.tmp	103
PID 1652 wrote to memory of 3808	1652	SoundBoosterSetup.tmp	103
PID 1652 wrote to memory of 3808	1652	SoundBoosterSetup.tmp	103
PID 1652 wrote to memory of 3296	1652	SoundBoosterSetup.tmp	111
PID 1652 wrote to memory of 3296	1652	SoundBoosterSetup.tmp	111
PID 1652 wrote to memory of 3296	1652	SoundBoosterSetup.tmp	111
PID 3296 wrote to memory of 3428	3296	SoundBooster.exe	113
PID 3296 wrote to memory of 3428	3296	SoundBooster.exe	113

C:\Users\Admin\AppData\Local\Temp\SoundBoosterSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SoundBoosterSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Users\Admin\AppData\Local\Temp\is-N2PTP.tmp\SoundBoosterSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-N2PTP.tmp\SoundBoosterSetup.tmp" /SL5="$9003A,6355654,412160,C:\Users\Admin\AppData\Local\Temp\SoundBoosterSetup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\is-57F52.tmp\_isetup\_setup64.tmp
    helper 105 0x468
    3⤵
    - Executes dropped EXE
    PID:2220
- - C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
    "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -InstallAPO
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3500
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:628
- - C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe
    "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe" -install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3488
- - C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
    "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -Activate
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3808
- - C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
    "C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3296
  - - C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe
      "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x4d4
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3200

C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
"C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4188

C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
"C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll

Filesize
201KB

MD5
ea3641c75404987f24521605034b0319

SHA1
5c400f70b8ada1b93531a943d9f4b1d0383f3e67

SHA256
223624ea747d66f06c94054ef32b34cc6598b2d0d35a2c8a9b9e6b2abc6129a1

SHA512
8c9cea506403d3024e5f28ec57072aa91292912e242b18c4f574866a3814500669dbcddf821af2955537f93b30616beab064ab566f88661108c6f12b5c32c8d4

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll

Filesize
201KB

MD5
ea3641c75404987f24521605034b0319

SHA1
5c400f70b8ada1b93531a943d9f4b1d0383f3e67

SHA256
223624ea747d66f06c94054ef32b34cc6598b2d0d35a2c8a9b9e6b2abc6129a1

SHA512
8c9cea506403d3024e5f28ec57072aa91292912e242b18c4f574866a3814500669dbcddf821af2955537f93b30616beab064ab566f88661108c6f12b5c32c8d4

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll

Filesize
201KB

MD5
ea3641c75404987f24521605034b0319

SHA1
5c400f70b8ada1b93531a943d9f4b1d0383f3e67

SHA256
223624ea747d66f06c94054ef32b34cc6598b2d0d35a2c8a9b9e6b2abc6129a1

SHA512
8c9cea506403d3024e5f28ec57072aa91292912e242b18c4f574866a3814500669dbcddf821af2955537f93b30616beab064ab566f88661108c6f12b5c32c8d4

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll

Filesize
583KB

MD5
0cef09d078ff9367b418384d57b145db

SHA1
3041bf7f8eb4c04318b91270fe712f0efe23f99f

SHA256
7b74b2e74a484e25954839a9def5f39e7dd03269b93a8577bf8e76d4bc16a766

SHA512
bab9c045457415863a49684ebb2adfff84a2ac41a199943a6362e267fb7c8acbe4b1f68e281c581b72b7e19cd1642e9c880688999b5730e5b0cbab9c8ead0f2a

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll

Filesize
583KB

MD5
0cef09d078ff9367b418384d57b145db

SHA1
3041bf7f8eb4c04318b91270fe712f0efe23f99f

SHA256
7b74b2e74a484e25954839a9def5f39e7dd03269b93a8577bf8e76d4bc16a766

SHA512
bab9c045457415863a49684ebb2adfff84a2ac41a199943a6362e267fb7c8acbe4b1f68e281c581b72b7e19cd1642e9c880688999b5730e5b0cbab9c8ead0f2a

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll

Filesize
307KB

MD5
abb08e6024cc803ff0bca0095282daef

SHA1
a090596845595dfbf31cc2a7f0804e70abc37a7f

SHA256
6ffa2975fde93c5764da2e4ca2fce35e1d30d1517233be3371f917c1d2a13424

SHA512
f8cc34070190672160062957b5d237ede55d09574ce4697b56f51250f1307b296fb2ba79618fbc331e795bd9050f9f047acf80cdab5a8d10312725ba7062381d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll

Filesize
307KB

MD5
abb08e6024cc803ff0bca0095282daef

SHA1
a090596845595dfbf31cc2a7f0804e70abc37a7f

SHA256
6ffa2975fde93c5764da2e4ca2fce35e1d30d1517233be3371f917c1d2a13424

SHA512
f8cc34070190672160062957b5d237ede55d09574ce4697b56f51250f1307b296fb2ba79618fbc331e795bd9050f9f047acf80cdab5a8d10312725ba7062381d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll

Filesize
258KB

MD5
76f4db217e748c5111b346ab50b574ae

SHA1
82391c61bd2ba81ae275b9c33924657895b64166

SHA256
6f216ca50a4fbad5368e3242b66b13e1ba2ff5d88cc496506cafb0b9f0be1459

SHA512
f7bdb557b4143da1da1db3d5387c3144ad09905b46c0aba7ee7d3acad372de446a9eec6c51ad5f467bea4aba15a2920c339eeb200396396a052883839d0a9f2d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll

Filesize
258KB

MD5
76f4db217e748c5111b346ab50b574ae

SHA1
82391c61bd2ba81ae275b9c33924657895b64166

SHA256
6f216ca50a4fbad5368e3242b66b13e1ba2ff5d88cc496506cafb0b9f0be1459

SHA512
f7bdb557b4143da1da1db3d5387c3144ad09905b46c0aba7ee7d3acad372de446a9eec6c51ad5f467bea4aba15a2920c339eeb200396396a052883839d0a9f2d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll

Filesize
258KB

MD5
76f4db217e748c5111b346ab50b574ae

SHA1
82391c61bd2ba81ae275b9c33924657895b64166

SHA256
6f216ca50a4fbad5368e3242b66b13e1ba2ff5d88cc496506cafb0b9f0be1459

SHA512
f7bdb557b4143da1da1db3d5387c3144ad09905b46c0aba7ee7d3acad372de446a9eec6c51ad5f467bea4aba15a2920c339eeb200396396a052883839d0a9f2d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll

Filesize
258KB

MD5
76f4db217e748c5111b346ab50b574ae

SHA1
82391c61bd2ba81ae275b9c33924657895b64166

SHA256
6f216ca50a4fbad5368e3242b66b13e1ba2ff5d88cc496506cafb0b9f0be1459

SHA512
f7bdb557b4143da1da1db3d5387c3144ad09905b46c0aba7ee7d3acad372de446a9eec6c51ad5f467bea4aba15a2920c339eeb200396396a052883839d0a9f2d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll

Filesize
258KB

MD5
76f4db217e748c5111b346ab50b574ae

SHA1
82391c61bd2ba81ae275b9c33924657895b64166

SHA256
6f216ca50a4fbad5368e3242b66b13e1ba2ff5d88cc496506cafb0b9f0be1459

SHA512
f7bdb557b4143da1da1db3d5387c3144ad09905b46c0aba7ee7d3acad372de446a9eec6c51ad5f467bea4aba15a2920c339eeb200396396a052883839d0a9f2d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll

Filesize
314KB

MD5
ecb7c146c9aa75a9409589221045ae3a

SHA1
041389ad5f9678b56c1f2ca2e37c67d2a1acf83e

SHA256
404e36efadeace729f54be8f88a1748ebb03857ab7c1c396318cf856888bd5ce

SHA512
6ecb50900c65389b7c9bac926f220f338aaeeeb0981f2ac12de5bcd0f1b633d525a241c9ce0471d766c13ba64785af88b4f4e3e92fe5ddc5c6e09c9d6640df5c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll

Filesize
314KB

MD5
ecb7c146c9aa75a9409589221045ae3a

SHA1
041389ad5f9678b56c1f2ca2e37c67d2a1acf83e

SHA256
404e36efadeace729f54be8f88a1748ebb03857ab7c1c396318cf856888bd5ce

SHA512
6ecb50900c65389b7c9bac926f220f338aaeeeb0981f2ac12de5bcd0f1b633d525a241c9ce0471d766c13ba64785af88b4f4e3e92fe5ddc5c6e09c9d6640df5c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll

Filesize
578KB

MD5
3839a133cefc7acbc8948002ef42f88e

SHA1
7e7c94240c0717553dd7a774abb4a62183d29e83

SHA256
0f44a4008a93f7041338367eef3afee92c8343e511a4152b9f41e3136f5927d7

SHA512
098d5cf7148b04fbdaa38830ab50a060e1837a3e1b0b7a141a23592af5e73aa41e3ac4157c972293a5851ba10373964792e8e1cf8443e837d51f86b561b58abe

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll

Filesize
578KB

MD5
3839a133cefc7acbc8948002ef42f88e

SHA1
7e7c94240c0717553dd7a774abb4a62183d29e83

SHA256
0f44a4008a93f7041338367eef3afee92c8343e511a4152b9f41e3136f5927d7

SHA512
098d5cf7148b04fbdaa38830ab50a060e1837a3e1b0b7a141a23592af5e73aa41e3ac4157c972293a5851ba10373964792e8e1cf8443e837d51f86b561b58abe

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll

Filesize
642KB

MD5
ad9567092e61e9c3cd609ec0e336ae1e

SHA1
8188d69ca21dce883190c5f10808606ac460b32f

SHA256
37e21f684c36cdfc46121f4349383eb3861a1066d8c256e6d33b2b8b3ed23b0d

SHA512
4788323477b735533023950aced0c6c781f69f67093163a51fb2123a0faa4bc387df16edd61405365adaf3b978f533e1e4d5d21355b1eb5f9aa7d58f75476649

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll

Filesize
2.1MB

MD5
ae3245cf89362cbbb3bcb4200775640e

SHA1
6cf18c9f57fa8f9bac7e7dbe90e35a62be113049

SHA256
5d8e776a1d4e426854b528f6219520fe0ed22f8ca3178e2a7cff4b4403b783b3

SHA512
91ed5a643a603e3741f1e4158813a7b3ef127e2ca823a55051910333d541650f4143e6611d021777e82c405b908945701494a0f877efbf43a7aa3d95bf6ddb26

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll

Filesize
2.1MB

MD5
ae3245cf89362cbbb3bcb4200775640e

SHA1
6cf18c9f57fa8f9bac7e7dbe90e35a62be113049

SHA256
5d8e776a1d4e426854b528f6219520fe0ed22f8ca3178e2a7cff4b4403b783b3

SHA512
91ed5a643a603e3741f1e4158813a7b3ef127e2ca823a55051910333d541650f4143e6611d021777e82c405b908945701494a0f877efbf43a7aa3d95bf6ddb26

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll

Filesize
2.1MB

MD5
ae3245cf89362cbbb3bcb4200775640e

SHA1
6cf18c9f57fa8f9bac7e7dbe90e35a62be113049

SHA256
5d8e776a1d4e426854b528f6219520fe0ed22f8ca3178e2a7cff4b4403b783b3

SHA512
91ed5a643a603e3741f1e4158813a7b3ef127e2ca823a55051910333d541650f4143e6611d021777e82c405b908945701494a0f877efbf43a7aa3d95bf6ddb26

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll

Filesize
2.1MB

MD5
ae3245cf89362cbbb3bcb4200775640e

SHA1
6cf18c9f57fa8f9bac7e7dbe90e35a62be113049

SHA256
5d8e776a1d4e426854b528f6219520fe0ed22f8ca3178e2a7cff4b4403b783b3

SHA512
91ed5a643a603e3741f1e4158813a7b3ef127e2ca823a55051910333d541650f4143e6611d021777e82c405b908945701494a0f877efbf43a7aa3d95bf6ddb26

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe

Filesize
2.8MB

MD5
77ddae50a6c7f17e97d89cb3e84b9ac4

SHA1
c6d629720387ac7f316d923d8b2c65a3e5c5109a

SHA256
0aa5af0d44eb63e52c62fcb3a9da8cbaf5a4ee329c47e3d692519189eaadd653

SHA512
cafdae2d851dd5fc067b56c926129b8f09fadd0154fc24b9e655bbad545a5cf60baacacff4c3fdac58705598792f95251c5c2efd7b02e4315aa455d79dddd74c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe

Filesize
2.8MB

MD5
77ddae50a6c7f17e97d89cb3e84b9ac4

SHA1
c6d629720387ac7f316d923d8b2c65a3e5c5109a

SHA256
0aa5af0d44eb63e52c62fcb3a9da8cbaf5a4ee329c47e3d692519189eaadd653

SHA512
cafdae2d851dd5fc067b56c926129b8f09fadd0154fc24b9e655bbad545a5cf60baacacff4c3fdac58705598792f95251c5c2efd7b02e4315aa455d79dddd74c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe

Filesize
2.8MB

MD5
77ddae50a6c7f17e97d89cb3e84b9ac4

SHA1
c6d629720387ac7f316d923d8b2c65a3e5c5109a

SHA256
0aa5af0d44eb63e52c62fcb3a9da8cbaf5a4ee329c47e3d692519189eaadd653

SHA512
cafdae2d851dd5fc067b56c926129b8f09fadd0154fc24b9e655bbad545a5cf60baacacff4c3fdac58705598792f95251c5c2efd7b02e4315aa455d79dddd74c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe

Filesize
138KB

MD5
7fcd86eda79e029bb9b78cbbd07fbb91

SHA1
146c89aceb4887ec75f64a44d6f24ea79320432e

SHA256
55a64465cc2157535613c31fc553357569e0a573d432c03964426cf7e796718b

SHA512
3bfeb8384afd0183f87c2e16fb0f35627d347d0e200192ad3219ffda3b81b23a81d8fbba80001d72516ad45f835847c58bfb89906cc047287791c35a08b2390f

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe

Filesize
138KB

MD5
7fcd86eda79e029bb9b78cbbd07fbb91

SHA1
146c89aceb4887ec75f64a44d6f24ea79320432e

SHA256
55a64465cc2157535613c31fc553357569e0a573d432c03964426cf7e796718b

SHA512
3bfeb8384afd0183f87c2e16fb0f35627d347d0e200192ad3219ffda3b81b23a81d8fbba80001d72516ad45f835847c58bfb89906cc047287791c35a08b2390f

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Filesize
149KB

MD5
2f4a74496e051ab34cd0718304362ff7

SHA1
0f102cd8d0d6fd5ca3ced6cbaef728fd92253410

SHA256
cec779e3cee85827e1c5f58285d3216e3cd887065e7d19abd1e8675990009cfe

SHA512
20d68f892e94253507db4c7e8f789a7017f6a176f34019818b552ce0091aaadf19e28db7d2f94f2f3e184e12ec2f5b3a789b8139c84e7380d9158db34f61c58d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Filesize
149KB

MD5
2f4a74496e051ab34cd0718304362ff7

SHA1
0f102cd8d0d6fd5ca3ced6cbaef728fd92253410

SHA256
cec779e3cee85827e1c5f58285d3216e3cd887065e7d19abd1e8675990009cfe

SHA512
20d68f892e94253507db4c7e8f789a7017f6a176f34019818b552ce0091aaadf19e28db7d2f94f2f3e184e12ec2f5b3a789b8139c84e7380d9158db34f61c58d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Filesize
200KB

MD5
06398da5f9304a9e4734f9e48d237c9b

SHA1
9959fe2aec50d1a23526f0cb92aee6c9207f1421

SHA256
82adc012dfe489f430a6c78b4552f4c2714ed751b3b2792c17b6815b975dbfc7

SHA512
772203ba1843500fc1cf839df086a04c10795975927d836957a079765b73264d49cb4102cf356bc72806d99f5431f3a78fc35c60dba450798df0d6bc34cdc71c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Filesize
200KB

MD5
06398da5f9304a9e4734f9e48d237c9b

SHA1
9959fe2aec50d1a23526f0cb92aee6c9207f1421

SHA256
82adc012dfe489f430a6c78b4552f4c2714ed751b3b2792c17b6815b975dbfc7

SHA512
772203ba1843500fc1cf839df086a04c10795975927d836957a079765b73264d49cb4102cf356bc72806d99f5431f3a78fc35c60dba450798df0d6bc34cdc71c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Filesize
200KB

MD5
06398da5f9304a9e4734f9e48d237c9b

SHA1
9959fe2aec50d1a23526f0cb92aee6c9207f1421

SHA256
82adc012dfe489f430a6c78b4552f4c2714ed751b3b2792c17b6815b975dbfc7

SHA512
772203ba1843500fc1cf839df086a04c10795975927d836957a079765b73264d49cb4102cf356bc72806d99f5431f3a78fc35c60dba450798df0d6bc34cdc71c

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dat

Filesize
1KB

MD5
62621bb17e9778a0088abdee9e041efd

SHA1
b0decd8583bf3a30ca4fe9c352011f0769a15694

SHA256
3475db1b38c798a249169451b7a2de83c2d5673efae9ac033b1e155cbf93c151

SHA512
1deafaa1c80c8bac0b16c5d120813e3b0a4f848e5c5070a8159fedcd854c880d3b37a271d89d13ad60a10617c7f5a3f494b213e9e5bcb77be4b2077050f64aa8

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dll

Filesize
699KB

MD5
5d5d3ff4dd97302d02575d3f04ac1e18

SHA1
0c2af60c90a773b4d4906ef7656524254dc8081e

SHA256
35f172e2aa16d03193ff876752a9ca530271eb14d0887a0fc20e1fa9e59b07e9

SHA512
20691cbe283968a89f9a1aa564c9e0c204bc009cd7e835f89ceab0cc6b22063fad161d3cef2dcb7b7679728046b087b55c3b5b560bf58e1d3948b2e57d3267d7

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dll

Filesize
699KB

MD5
5d5d3ff4dd97302d02575d3f04ac1e18

SHA1
0c2af60c90a773b4d4906ef7656524254dc8081e

SHA256
35f172e2aa16d03193ff876752a9ca530271eb14d0887a0fc20e1fa9e59b07e9

SHA512
20691cbe283968a89f9a1aa564c9e0c204bc009cd7e835f89ceab0cc6b22063fad161d3cef2dcb7b7679728046b087b55c3b5b560bf58e1d3948b2e57d3267d7

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\UltraActivate.dll

Filesize
1.0MB

MD5
29c7dc3e36c89ff3b34c7896c15d14e5

SHA1
bc46e6f6982eafeb4b0ff61520108f2e770325be

SHA256
591ea242d2d49ffbf2e35f5b622116b561f8ff6635ad822290376424dd1b0007

SHA512
32c0545df127a51a90a9c9bf66525fac9e5d42d9970cd12942dfe14af47a26556c4079bbc1d940d642f39a7452d239d98ceb75c1ecf9f01989dcfa3da614ee1d

Download Submit
C:\Program Files (x86)\Letasoft Sound Booster\UltraActivate.dll

Filesize
1.0MB

MD5
29c7dc3e36c89ff3b34c7896c15d14e5

SHA1
bc46e6f6982eafeb4b0ff61520108f2e770325be

SHA256
591ea242d2d49ffbf2e35f5b622116b561f8ff6635ad822290376424dd1b0007

SHA512
32c0545df127a51a90a9c9bf66525fac9e5d42d9970cd12942dfe14af47a26556c4079bbc1d940d642f39a7452d239d98ceb75c1ecf9f01989dcfa3da614ee1d

Download Submit
C:\ProgramData\DIBsection\20986331705021ca58edc424.96250074

Filesize
37B

MD5
861f9af64a186aecd1de2cf9c8df46b8

SHA1
890063434504e081fcaf95f55c1effd24b228059

SHA256
26c2907ec15458a194cb2a68de661156fd35be5ae46613b629a11a017cfb37da

SHA512
4cc60c91bb6daf67d45b45c41d4bbfcbc2baf3de54f68bc20e3051b8d319cad5c148d878021965f2e9e5abb7f21f4cbb994a5e5167376b8ae2a3b19365726f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup Log 2023-03-04 #001.txt

Filesize
11KB

MD5
a9163a082271bdfb70c38dee49f15a4c

SHA1
dd07e211ba865ae9332a0c27b3ef1536d0a4dde7

SHA256
14913f6d101dcd50026c313c4fa57737a79cf44bd0e56cedeacf2a03d530228d

SHA512
dfba9e12d09bfa0efae4679fffd512a31f89959d779c299094b9c7b2d1d550ee7085dacd8dae08fb0f663bddaa624859b9930c6c5225e07369f100c0308456c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-57F52.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N2PTP.tmp\SoundBoosterSetup.tmp

Filesize
1.4MB

MD5
d56369c0ff7b704bbe260b09fc2bcc0e

SHA1
04ff25c290e157f3346dc74654eb3da109daded9

SHA256
c34f9e5bef1bc48e18bd099a0456545a5cc73b492fb751381273f340ba4496f8

SHA512
860c774891c62f5240c5c9e1f4fd08a1a0df42a2e7958155c05749afff302261845a117617daf66ff796b66aa1a55cf90a5c501c8637209d27bd00f8c50be0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N2PTP.tmp\SoundBoosterSetup.tmp

Filesize
1.4MB

MD5
d56369c0ff7b704bbe260b09fc2bcc0e

SHA1
04ff25c290e157f3346dc74654eb3da109daded9

SHA256
c34f9e5bef1bc48e18bd099a0456545a5cc73b492fb751381273f340ba4496f8

SHA512
860c774891c62f5240c5c9e1f4fd08a1a0df42a2e7958155c05749afff302261845a117617daf66ff796b66aa1a55cf90a5c501c8637209d27bd00f8c50be0d0

Download Submit
memory/1652-144-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1652-141-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1652-241-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1652-138-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/1652-146-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1652-250-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/1652-142-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/3296-242-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/3296-238-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/3296-264-0x0000000076910000-0x0000000076911000-memory.dmp

Filesize
4KB

Download
memory/3296-255-0x0000000074B80000-0x0000000074DBE000-memory.dmp

Filesize
2.2MB

Download
memory/3296-262-0x0000000074B80000-0x0000000074DBE000-memory.dmp

Filesize
2.2MB

Download
memory/3296-288-0x0000000074B80000-0x0000000074DBE000-memory.dmp

Filesize
2.2MB

Download
memory/3296-287-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/3296-261-0x0000000077A10000-0x0000000077A11000-memory.dmp

Filesize
4KB

Download
memory/4188-302-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/4188-303-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/4188-307-0x0000000074B80000-0x0000000074DBE000-memory.dmp

Filesize
2.2MB

Download
memory/4188-310-0x0000000074B80000-0x0000000074DBE000-memory.dmp

Filesize
2.2MB

Download
memory/4188-315-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/5004-305-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/5004-309-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/5004-313-0x0000000074B80000-0x0000000074DBE000-memory.dmp

Filesize
2.2MB

Download
memory/5004-316-0x0000000074B80000-0x0000000074DBE000-memory.dmp

Filesize
2.2MB

Download
memory/5004-319-0x0000000000030000-0x000000000058B000-memory.dmp

Filesize
5.4MB

Download
memory/5112-133-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/5112-140-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/5112-251-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download