2b21e6303beec2be165dd36917113d774356d9818c69f0b22550f5d938c4481a

Analysis

max time kernel
69s
max time network
65s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 03:41

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

EqualizerAPO64-1.3.exe
Size

8.3MB
MD5

5ae2cb071b72b8d1cb49c5ec43d75d61
SHA1

611c909d096ff7a70659abf93fcd1a138076fae6
SHA256

2b21e6303beec2be165dd36917113d774356d9818c69f0b22550f5d938c4481a
SHA512

e0b09dc9857bb07b42c30a4bfc997cb92963f7759cfae0a1289ad9ee95ad3acd0c7bc1b75cd868fdfea162dfcd4f3c36caccec50d6dbca58e944f23bae265680
SSDEEP

196608:xIhTPINUr/ZgT8NyLyD677ofOaOb75Rm67dm:xkPYC/OwY6U7ohON7dm

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1320	Configurator.exe
1248	Process not Found

Loads dropped DLL 28 IoCs

pid	Process
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1760	EqualizerAPO64-1.3.exe
1828	regsvr32.exe
1744	regsvr32.exe
1744	regsvr32.exe
1744	regsvr32.exe
1744	regsvr32.exe
1744	regsvr32.exe
1744	regsvr32.exe
1760	EqualizerAPO64-1.3.exe
1320	Configurator.exe
1320	Configurator.exe
1320	Configurator.exe
1248	Process not Found
1248	Process not Found
576	AUDIODG.EXE
576	AUDIODG.EXE
576	AUDIODG.EXE
576	AUDIODG.EXE
576	AUDIODG.EXE
576	AUDIODG.EXE

Registers COM server for autorun 1 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ = "C:\\Program Files\\EqualizerAPO\\EqualizerAPO.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ = "C:\\Program Files\\EqualizerAPO\\EqualizerAPO.dll"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 29 IoCs

description	ioc	Process
File created	C:\Program Files\EqualizerAPO\libfftw3f-3.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Qt5Widgets.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\vcruntime140_1.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\qt\imageformats\qgif.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\config\iir_lowpass.txt	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\EqualizerAPO.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Qt5Core.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\config\demo.txt	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\config\multichannel.txt	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Editor.exe	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\config\example.txt	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Benchmark.exe	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\msvcp140.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Configuration tutorial (online).url	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Uninstall.exe	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\VoicemeeterClient.exe	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\msvcp140_1.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Qt5Gui.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\libsndfile-1.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\qt\imageformats\qico.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\qt\imageformats\qjpeg.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\qt\styles\qwindowsvistastyle.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\config\selective_delay.txt	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\backup_High Definition Audio Device_Speakers.reg	Configurator.exe
File created	C:\Program Files\EqualizerAPO\Configurator.exe	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\vcruntime140.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\qt\platforms\qwindows.dll	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\Configuration reference (online).url	EqualizerAPO64-1.3.exe
File created	C:\Program Files\EqualizerAPO\config\config.txt	EqualizerAPO64-1.3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000015c25-134.dat	nsis_installer_1
behavioral1/files/0x0006000000015c25-134.dat	nsis_installer_2

Modifies registry class 37 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinorVersion = "0"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxOutputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinInputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ = "C:\\Program Files\\EqualizerAPO\\EqualizerAPO.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\Copyright = "Copyright (C) 2015"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\Flags = "13"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxInstances = "4294967295"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxOutputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ = "C:\\Program Files\\EqualizerAPO\\EqualizerAPO.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinInputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinOutputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\Copyright = "Copyright (C) 2015"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxInstances = "4294967295"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\Flags = "13"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\ = "EqualizerAPO Pre-Mix Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\ = "EqualizerAPO Post-Mix Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MajorVersion = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxInputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\NumAPOInterfaces = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MajorVersion = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinOutputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\NumAPOInterfaces = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\FriendlyName = "EqualizerAPO"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\FriendlyName = "EqualizerAPO"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinorVersion = "0"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxInputConnections = "1"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1320	Configurator.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1320	Configurator.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1320	Configurator.exe
Token: SeShutdownPrivilege	1760	EqualizerAPO64-1.3.exe
Token: 33	576	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	576	AUDIODG.EXE
Token: 33	576	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	576	AUDIODG.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1828	1760	EqualizerAPO64-1.3.exe	28
PID 1760 wrote to memory of 1828	1760	EqualizerAPO64-1.3.exe	28
PID 1760 wrote to memory of 1828	1760	EqualizerAPO64-1.3.exe	28
PID 1760 wrote to memory of 1828	1760	EqualizerAPO64-1.3.exe	28
PID 1760 wrote to memory of 1828	1760	EqualizerAPO64-1.3.exe	28
PID 1760 wrote to memory of 1828	1760	EqualizerAPO64-1.3.exe	28
PID 1760 wrote to memory of 1828	1760	EqualizerAPO64-1.3.exe	28
PID 1828 wrote to memory of 1744	1828	regsvr32.exe	29
PID 1828 wrote to memory of 1744	1828	regsvr32.exe	29
PID 1828 wrote to memory of 1744	1828	regsvr32.exe	29
PID 1828 wrote to memory of 1744	1828	regsvr32.exe	29
PID 1828 wrote to memory of 1744	1828	regsvr32.exe	29
PID 1828 wrote to memory of 1744	1828	regsvr32.exe	29
PID 1828 wrote to memory of 1744	1828	regsvr32.exe	29
PID 1760 wrote to memory of 1320	1760	EqualizerAPO64-1.3.exe	30
PID 1760 wrote to memory of 1320	1760	EqualizerAPO64-1.3.exe	30
PID 1760 wrote to memory of 1320	1760	EqualizerAPO64-1.3.exe	30
PID 1760 wrote to memory of 1320	1760	EqualizerAPO64-1.3.exe	30

C:\Users\Admin\AppData\Local\Temp\EqualizerAPO64-1.3.exe
"C:\Users\Admin\AppData\Local\Temp\EqualizerAPO64-1.3.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\EqualizerAPO\EqualizerAPO.dll"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1828
- - C:\Windows\system32\regsvr32.exe
    /s "C:\Program Files\EqualizerAPO\EqualizerAPO.dll"
    3⤵
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:1744
- C:\Program Files\EqualizerAPO\Configurator.exe
  "C:\Program Files\EqualizerAPO\Configurator.exe" /i
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1320

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:576

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\EqualizerAPO\Configurator.exe

Filesize
199KB

MD5
1e16a88b13a374ea87a50566cdb37ec5

SHA1
47444e6c0b00fbba9f51cb46eee189f56ca062c3

SHA256
a8c5ec7293302839c3261f49e3322c4e521ffe6159e9ee40df0be4cd21339370

SHA512
f84e5a690d2c6b1bc02f91d2469d1fd21d83c83d2f85be4f10a8e934557d4ef602c5619b0fe5d336b0a26f2fcb5e568c4a815c3bf822d2c6ada4c30243827b80

Download Submit
C:\Program Files\EqualizerAPO\EqualizerAPO.dll

Filesize
599KB

MD5
3f96577baa37bf625bb350776a91296b

SHA1
cb9150ed61774b428ee3c55b7ab61be62baa8e8a

SHA256
2cb094f9a14dad89d9acf29fae4b6e036d8896b7e8eac52d010248a31006fb1d

SHA512
62fe6ead155c9a176fe90bc2bbb848e9afa7d760add8b2d5e5ea1522997cc05c83d138ed1281d4c047599363f1658117070b85e425b4f3df3afee86bcd1a8e6d

Download Submit
C:\Program Files\EqualizerAPO\MSVCP140.dll

Filesize
552KB

MD5
111e00ce3412a863ddf3db65f237d62b

SHA1
58503f051d650d0d95ea36515682afce18f504af

SHA256
256492fbbcf3dc63987318f83e5f49eaacdbb6a9a5be54e403f0ddb437582881

SHA512
d586b8c2ee928aeed5e1e9f771dea24d209e09a47c8e84821ad0a5976e5fa16b77a04294100555f553aea85c5acdcfe49ad3aff6f645b5618fa8f482fcdb959b

Download Submit
C:\Program Files\EqualizerAPO\VCRUNTIME140.dll

Filesize
94KB

MD5
5797d2a762227f35cdd581ec648693a8

SHA1
e587b804db5e95833cbd2229af54c755ee0393b9

SHA256
c51c64dfb7c445ecf0001f69c27e13299ddcfba0780efa72b866a7487b7491c7

SHA512
5c4de4f65c0338f9a63b853db356175cae15c2ddc6b727f473726d69ee0d07545ac64b313c380548211216ea667caf32c5a0fd86f7abe75fc60086822bc4c92e

Download Submit
C:\Program Files\EqualizerAPO\VCRUNTIME140_1.dll

Filesize
36KB

MD5
63c1c3adf9da49ad6ae2e90fcdcb841e

SHA1
8022c1fb0ab11781cd93d4524b5245a156d219e4

SHA256
0d719fbe25194e3faa037bd736e07ec9184ab68e521ebbd72c2b13aed89b47a9

SHA512
36f4bba6a43fef4f0100a3bd40bd1061cf786852e332ef56e365d2d622f99941040e0961137bf8014aef4b3584e7a89ed0b328867412971520c176c0d09a65af

Download Submit
C:\Program Files\EqualizerAPO\config\config.txt

Filesize
157B

MD5
ec5e7c139a823f446158c30280e75803

SHA1
de9978e564a35efbf0ad31d95cd920f0508d4bed

SHA256
6dccce92c8fe2e244cf7440cf51b4163f87e57bd3dfbf8e2ce7f2636f53aef91

SHA512
4ddfc39403e38f07632cd79e85b55d197e2c3c93cf1959d9195d67d7daf23f8ec3bbc944b10a6aaedf5264f3ad45c75a95557b8c91ba5223e7b6423d175cd60b

Download Submit
C:\Program Files\EqualizerAPO\config\example.txt

Filesize
692B

MD5
d7facba3d4181d0289f46cebe05b73ff

SHA1
43c119148a0a62ee24da0f7b34e7d46ed7e4b836

SHA256
83f6d9063a14feb292632b7667c62b763baa52421345a4967f4078cf62385fd8

SHA512
fe1c19a59c2922beb5bd26f911ce98418f81517c98985ca48e9f227dd8648b2222232352ae21b21ef309346cb222352351d21c6e18a5362c89b6fa719564a31d

Download Submit
C:\Program Files\EqualizerAPO\libfftw3f-3.dll

Filesize
2.6MB

MD5
9bc1a19ef7fafb31b43a964895ed9dcb

SHA1
4e9eccb805eb876177a6b3a42f912ac52e9f20d2

SHA256
42ca18fff35dd12890e04478bc990005b3969cb744f6843976bd436ccd7f0a4c

SHA512
72c5bc879c8869f0d3c00dc32f9187b267969948e5b578ac1a86af8c83d7126297eb9a7958d6da156a5f348aaca60bee0822c5416c17240cc8850dc2cadc2d8e

Download Submit
C:\Program Files\EqualizerAPO\libsndfile-1.dll

Filesize
1.7MB

MD5
ab078f3f6241fddfd39637d7b9358834

SHA1
c895b2555e99a34bed57ecaa328c56bda4481b3b

SHA256
740dc79589813c83f5a6b8ea214b5c1031041881b4dc96703e295a7c04d09f5b

SHA512
f5646ce0255ae551308c6861447c39deade07f775ff33526bdc58e22a90132cae86ac44767b2b83c07633f54f8b516e06e2efdce75de98d9a0fa530d6e581d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\AccessControl.dll

Filesize
13KB

MD5
28c87a09fdb49060aa4ab558a2832109

SHA1
9213a24964cd479eac91d01ad54190f9c11d0c75

SHA256
933cadcd3a463484bbb3c45077afda0edbb539dfbe988efad79a88cae63bf95f

SHA512
413b3afe5a3b139a199f2a6954edc055eee3b312c3dffd568cfdbe1f740f07a7c27fbf7b2a0b6e3c3dd6ee358ce96cc1ca821883f055bf63ddebda854384700d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\NSISpcre.dll

Filesize
164KB

MD5
bfe060c22b44914e05d3f5367de6c9fe

SHA1
24c72b0b57b0066a5e8b235104a0502400e44b9a

SHA256
43041f8540dccbc33268bfbef53037d17170b037f6393e77c21429f303ae828f

SHA512
ad3a23edd8d62b198e4a2ccf03f6d607dee41fa23fd6f9dfabdc5ee424b5e22a6e00b8a28e50fe177829a2cc25ce05484423e97c682036fc5146e2adf560bc44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\StartMenu.dll

Filesize
7KB

MD5
26836307758e048d1ce0afe754d6a972

SHA1
23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc

SHA256
a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534

SHA512
aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\System.dll

Filesize
11KB

MD5
fccff8cb7a1067e23fd2e2b63971a8e1

SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91

SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\nsDialogs.dll

Filesize
9KB

MD5
1c8b2b40c642e8b5a5b3ff102796fb37

SHA1
3245f55afac50f775eb53fd6d14abb7fe523393d

SHA256
8780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c

SHA512
4ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57

Download Submit
\Program Files\EqualizerAPO\Benchmark.exe

Filesize
597KB

MD5
00a2301870f7e1448a57bb1bcd510d09

SHA1
d4703fb1324efc37955f1e4cc18b0109bcc33dac

SHA256
bf9fab0304607450788e84f4114f580b20b4a5162a7b391859e33048c929d3fd

SHA512
458c9c07398d189330f4a3c8da3e0960d5f2653417fd000186e913fb32938ee325f54756ab3167e42acfbd06e10fe5ac2c55b43ac1cc4eb40937ec6b7b24f6ff

Download Submit
\Program Files\EqualizerAPO\Configurator.exe

Filesize
199KB

MD5
1e16a88b13a374ea87a50566cdb37ec5

SHA1
47444e6c0b00fbba9f51cb46eee189f56ca062c3

SHA256
a8c5ec7293302839c3261f49e3322c4e521ffe6159e9ee40df0be4cd21339370

SHA512
f84e5a690d2c6b1bc02f91d2469d1fd21d83c83d2f85be4f10a8e934557d4ef602c5619b0fe5d336b0a26f2fcb5e568c4a815c3bf822d2c6ada4c30243827b80

Download Submit
\Program Files\EqualizerAPO\Configurator.exe

Filesize
199KB

MD5
1e16a88b13a374ea87a50566cdb37ec5

SHA1
47444e6c0b00fbba9f51cb46eee189f56ca062c3

SHA256
a8c5ec7293302839c3261f49e3322c4e521ffe6159e9ee40df0be4cd21339370

SHA512
f84e5a690d2c6b1bc02f91d2469d1fd21d83c83d2f85be4f10a8e934557d4ef602c5619b0fe5d336b0a26f2fcb5e568c4a815c3bf822d2c6ada4c30243827b80

Download Submit
\Program Files\EqualizerAPO\Configurator.exe

Filesize
199KB

MD5
1e16a88b13a374ea87a50566cdb37ec5

SHA1
47444e6c0b00fbba9f51cb46eee189f56ca062c3

SHA256
a8c5ec7293302839c3261f49e3322c4e521ffe6159e9ee40df0be4cd21339370

SHA512
f84e5a690d2c6b1bc02f91d2469d1fd21d83c83d2f85be4f10a8e934557d4ef602c5619b0fe5d336b0a26f2fcb5e568c4a815c3bf822d2c6ada4c30243827b80

Download Submit
\Program Files\EqualizerAPO\Configurator.exe

Filesize
199KB

MD5
1e16a88b13a374ea87a50566cdb37ec5

SHA1
47444e6c0b00fbba9f51cb46eee189f56ca062c3

SHA256
a8c5ec7293302839c3261f49e3322c4e521ffe6159e9ee40df0be4cd21339370

SHA512
f84e5a690d2c6b1bc02f91d2469d1fd21d83c83d2f85be4f10a8e934557d4ef602c5619b0fe5d336b0a26f2fcb5e568c4a815c3bf822d2c6ada4c30243827b80

Download Submit
\Program Files\EqualizerAPO\Configurator.exe

Filesize
199KB

MD5
1e16a88b13a374ea87a50566cdb37ec5

SHA1
47444e6c0b00fbba9f51cb46eee189f56ca062c3

SHA256
a8c5ec7293302839c3261f49e3322c4e521ffe6159e9ee40df0be4cd21339370

SHA512
f84e5a690d2c6b1bc02f91d2469d1fd21d83c83d2f85be4f10a8e934557d4ef602c5619b0fe5d336b0a26f2fcb5e568c4a815c3bf822d2c6ada4c30243827b80

Download Submit
\Program Files\EqualizerAPO\Editor.exe

Filesize
1.4MB

MD5
c4ae6f306de94177896289fdeda5d8dd

SHA1
11420af3a7b38346f556b0f7d03edd818e8f8523

SHA256
fbc2aebe94298309519250c39b4e6a9a583f07055c81e8f0e35bae234a9193b1

SHA512
fddb80644ec444628cf7af3c54b9bfcfa6bf7eb046edea9bee8bc478b72dfd5418b1774a0b197e88e7dfbfd47e7a2b14f2cbd55e577ef6cca7a45a09959af465

Download Submit
\Program Files\EqualizerAPO\EqualizerAPO.dll

Filesize
599KB

MD5
3f96577baa37bf625bb350776a91296b

SHA1
cb9150ed61774b428ee3c55b7ab61be62baa8e8a

SHA256
2cb094f9a14dad89d9acf29fae4b6e036d8896b7e8eac52d010248a31006fb1d

SHA512
62fe6ead155c9a176fe90bc2bbb848e9afa7d760add8b2d5e5ea1522997cc05c83d138ed1281d4c047599363f1658117070b85e425b4f3df3afee86bcd1a8e6d

Download Submit
\Program Files\EqualizerAPO\EqualizerAPO.dll

Filesize
599KB

MD5
3f96577baa37bf625bb350776a91296b

SHA1
cb9150ed61774b428ee3c55b7ab61be62baa8e8a

SHA256
2cb094f9a14dad89d9acf29fae4b6e036d8896b7e8eac52d010248a31006fb1d

SHA512
62fe6ead155c9a176fe90bc2bbb848e9afa7d760add8b2d5e5ea1522997cc05c83d138ed1281d4c047599363f1658117070b85e425b4f3df3afee86bcd1a8e6d

Download Submit
\Program Files\EqualizerAPO\EqualizerAPO.dll

Filesize
599KB

MD5
3f96577baa37bf625bb350776a91296b

SHA1
cb9150ed61774b428ee3c55b7ab61be62baa8e8a

SHA256
2cb094f9a14dad89d9acf29fae4b6e036d8896b7e8eac52d010248a31006fb1d

SHA512
62fe6ead155c9a176fe90bc2bbb848e9afa7d760add8b2d5e5ea1522997cc05c83d138ed1281d4c047599363f1658117070b85e425b4f3df3afee86bcd1a8e6d

Download Submit
\Program Files\EqualizerAPO\Uninstall.exe

Filesize
67KB

MD5
5a2b01974a4d489e3d1b8c22bba1ef21

SHA1
e8c58ca575b9e08e7425d6fe57040fac7d49d0a8

SHA256
9c61adbb3ffe422cfaeb0c35fd248ae3b320559d4a66ad191f697b9dc1c8d1a5

SHA512
0b6175de3b93bd046e6373dfcea0b59f48c5d13dad188bd32ce39b9678d003f2d38074c235ee705b98b41a05b5f5e03d25ecbbb292ac9e0c6a5f2e1b92f6420e

Download Submit
\Program Files\EqualizerAPO\libfftw3f-3.dll

Filesize
2.6MB

MD5
9bc1a19ef7fafb31b43a964895ed9dcb

SHA1
4e9eccb805eb876177a6b3a42f912ac52e9f20d2

SHA256
42ca18fff35dd12890e04478bc990005b3969cb744f6843976bd436ccd7f0a4c

SHA512
72c5bc879c8869f0d3c00dc32f9187b267969948e5b578ac1a86af8c83d7126297eb9a7958d6da156a5f348aaca60bee0822c5416c17240cc8850dc2cadc2d8e

Download Submit
\Program Files\EqualizerAPO\libfftw3f-3.dll

Filesize
2.6MB

MD5
9bc1a19ef7fafb31b43a964895ed9dcb

SHA1
4e9eccb805eb876177a6b3a42f912ac52e9f20d2

SHA256
42ca18fff35dd12890e04478bc990005b3969cb744f6843976bd436ccd7f0a4c

SHA512
72c5bc879c8869f0d3c00dc32f9187b267969948e5b578ac1a86af8c83d7126297eb9a7958d6da156a5f348aaca60bee0822c5416c17240cc8850dc2cadc2d8e

Download Submit
\Program Files\EqualizerAPO\libsndfile-1.dll

Filesize
1.7MB

MD5
ab078f3f6241fddfd39637d7b9358834

SHA1
c895b2555e99a34bed57ecaa328c56bda4481b3b

SHA256
740dc79589813c83f5a6b8ea214b5c1031041881b4dc96703e295a7c04d09f5b

SHA512
f5646ce0255ae551308c6861447c39deade07f775ff33526bdc58e22a90132cae86ac44767b2b83c07633f54f8b516e06e2efdce75de98d9a0fa530d6e581d78

Download Submit
\Program Files\EqualizerAPO\libsndfile-1.dll

Filesize
1.7MB

MD5
ab078f3f6241fddfd39637d7b9358834

SHA1
c895b2555e99a34bed57ecaa328c56bda4481b3b

SHA256
740dc79589813c83f5a6b8ea214b5c1031041881b4dc96703e295a7c04d09f5b

SHA512
f5646ce0255ae551308c6861447c39deade07f775ff33526bdc58e22a90132cae86ac44767b2b83c07633f54f8b516e06e2efdce75de98d9a0fa530d6e581d78

Download Submit
\Program Files\EqualizerAPO\msvcp140.dll

Filesize
552KB

MD5
111e00ce3412a863ddf3db65f237d62b

SHA1
58503f051d650d0d95ea36515682afce18f504af

SHA256
256492fbbcf3dc63987318f83e5f49eaacdbb6a9a5be54e403f0ddb437582881

SHA512
d586b8c2ee928aeed5e1e9f771dea24d209e09a47c8e84821ad0a5976e5fa16b77a04294100555f553aea85c5acdcfe49ad3aff6f645b5618fa8f482fcdb959b

Download Submit
\Program Files\EqualizerAPO\msvcp140.dll

Filesize
552KB

MD5
111e00ce3412a863ddf3db65f237d62b

SHA1
58503f051d650d0d95ea36515682afce18f504af

SHA256
256492fbbcf3dc63987318f83e5f49eaacdbb6a9a5be54e403f0ddb437582881

SHA512
d586b8c2ee928aeed5e1e9f771dea24d209e09a47c8e84821ad0a5976e5fa16b77a04294100555f553aea85c5acdcfe49ad3aff6f645b5618fa8f482fcdb959b

Download Submit
\Program Files\EqualizerAPO\msvcp140.dll

Filesize
552KB

MD5
111e00ce3412a863ddf3db65f237d62b

SHA1
58503f051d650d0d95ea36515682afce18f504af

SHA256
256492fbbcf3dc63987318f83e5f49eaacdbb6a9a5be54e403f0ddb437582881

SHA512
d586b8c2ee928aeed5e1e9f771dea24d209e09a47c8e84821ad0a5976e5fa16b77a04294100555f553aea85c5acdcfe49ad3aff6f645b5618fa8f482fcdb959b

Download Submit
\Program Files\EqualizerAPO\vcruntime140.dll

Filesize
94KB

MD5
5797d2a762227f35cdd581ec648693a8

SHA1
e587b804db5e95833cbd2229af54c755ee0393b9

SHA256
c51c64dfb7c445ecf0001f69c27e13299ddcfba0780efa72b866a7487b7491c7

SHA512
5c4de4f65c0338f9a63b853db356175cae15c2ddc6b727f473726d69ee0d07545ac64b313c380548211216ea667caf32c5a0fd86f7abe75fc60086822bc4c92e

Download Submit
\Program Files\EqualizerAPO\vcruntime140.dll

Filesize
94KB

MD5
5797d2a762227f35cdd581ec648693a8

SHA1
e587b804db5e95833cbd2229af54c755ee0393b9

SHA256
c51c64dfb7c445ecf0001f69c27e13299ddcfba0780efa72b866a7487b7491c7

SHA512
5c4de4f65c0338f9a63b853db356175cae15c2ddc6b727f473726d69ee0d07545ac64b313c380548211216ea667caf32c5a0fd86f7abe75fc60086822bc4c92e

Download Submit
\Program Files\EqualizerAPO\vcruntime140.dll

Filesize
94KB

MD5
5797d2a762227f35cdd581ec648693a8

SHA1
e587b804db5e95833cbd2229af54c755ee0393b9

SHA256
c51c64dfb7c445ecf0001f69c27e13299ddcfba0780efa72b866a7487b7491c7

SHA512
5c4de4f65c0338f9a63b853db356175cae15c2ddc6b727f473726d69ee0d07545ac64b313c380548211216ea667caf32c5a0fd86f7abe75fc60086822bc4c92e

Download Submit
\Program Files\EqualizerAPO\vcruntime140_1.dll

Filesize
36KB

MD5
63c1c3adf9da49ad6ae2e90fcdcb841e

SHA1
8022c1fb0ab11781cd93d4524b5245a156d219e4

SHA256
0d719fbe25194e3faa037bd736e07ec9184ab68e521ebbd72c2b13aed89b47a9

SHA512
36f4bba6a43fef4f0100a3bd40bd1061cf786852e332ef56e365d2d622f99941040e0961137bf8014aef4b3584e7a89ed0b328867412971520c176c0d09a65af

Download Submit
\Program Files\EqualizerAPO\vcruntime140_1.dll

Filesize
36KB

MD5
63c1c3adf9da49ad6ae2e90fcdcb841e

SHA1
8022c1fb0ab11781cd93d4524b5245a156d219e4

SHA256
0d719fbe25194e3faa037bd736e07ec9184ab68e521ebbd72c2b13aed89b47a9

SHA512
36f4bba6a43fef4f0100a3bd40bd1061cf786852e332ef56e365d2d622f99941040e0961137bf8014aef4b3584e7a89ed0b328867412971520c176c0d09a65af

Download Submit
\Program Files\EqualizerAPO\vcruntime140_1.dll

Filesize
36KB

MD5
63c1c3adf9da49ad6ae2e90fcdcb841e

SHA1
8022c1fb0ab11781cd93d4524b5245a156d219e4

SHA256
0d719fbe25194e3faa037bd736e07ec9184ab68e521ebbd72c2b13aed89b47a9

SHA512
36f4bba6a43fef4f0100a3bd40bd1061cf786852e332ef56e365d2d622f99941040e0961137bf8014aef4b3584e7a89ed0b328867412971520c176c0d09a65af

Download Submit
\Users\Admin\AppData\Local\Temp\nstE27.tmp\AccessControl.dll

Filesize
13KB

MD5
28c87a09fdb49060aa4ab558a2832109

SHA1
9213a24964cd479eac91d01ad54190f9c11d0c75

SHA256
933cadcd3a463484bbb3c45077afda0edbb539dfbe988efad79a88cae63bf95f

SHA512
413b3afe5a3b139a199f2a6954edc055eee3b312c3dffd568cfdbe1f740f07a7c27fbf7b2a0b6e3c3dd6ee358ce96cc1ca821883f055bf63ddebda854384700d

Download Submit
\Users\Admin\AppData\Local\Temp\nstE27.tmp\NSISpcre.dll

Filesize
164KB

MD5
bfe060c22b44914e05d3f5367de6c9fe

SHA1
24c72b0b57b0066a5e8b235104a0502400e44b9a

SHA256
43041f8540dccbc33268bfbef53037d17170b037f6393e77c21429f303ae828f

SHA512
ad3a23edd8d62b198e4a2ccf03f6d607dee41fa23fd6f9dfabdc5ee424b5e22a6e00b8a28e50fe177829a2cc25ce05484423e97c682036fc5146e2adf560bc44

Download Submit
\Users\Admin\AppData\Local\Temp\nstE27.tmp\StartMenu.dll

Filesize
7KB

MD5
26836307758e048d1ce0afe754d6a972

SHA1
23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc

SHA256
a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534

SHA512
aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746

Download Submit
\Users\Admin\AppData\Local\Temp\nstE27.tmp\System.dll

Filesize
11KB

MD5
fccff8cb7a1067e23fd2e2b63971a8e1

SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91

SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

Download Submit
\Users\Admin\AppData\Local\Temp\nstE27.tmp\nsDialogs.dll

Filesize
9KB

MD5
1c8b2b40c642e8b5a5b3ff102796fb37

SHA1
3245f55afac50f775eb53fd6d14abb7fe523393d

SHA256
8780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c

SHA512
4ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57

Download Submit
memory/576-186-0x0000000075690000-0x0000000075846000-memory.dmp

Filesize
1.7MB

Download
memory/576-187-0x0000000063740000-0x000000006398F000-memory.dmp

Filesize
2.3MB

Download
memory/884-185-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/1416-184-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download