File name:

LetasoftSoundBooster1.11.0.514.exe

Full analysis: https://app.any.run/tasks/06cb97ed-69c8-4ccb-b83e-f0d65c7c0604
Verdict: Malicious activity
Analysis date: July 13, 2025, 13:01:00
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-startup
inno
installer
delphi
telegram
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

C0BBD46522ED45556001BC70F59F70BF

SHA1:

BB91D91D6F969D5EBEADD50FBD4BA1643108EDDE

SHA256:

1B885C9A10A6D5EB7532F46BFEA7C478DA69EA9E06D82AAFD337B7A969C73867

SSDEEP:

196608:z02Ciux2rKJ4ghl/qL/Pp4yBKNIX9pBNjemL:zI2rKJCL/PhmS/N/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • net.exe (PID: 1964)
      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Create files in the Startup directory

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Registers / Runs the DLL via REGSVR32.EXE

      • SoundBoosterTaskHost.exe (PID: 6664)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • LetasoftSoundBooster1.11.0.514.exe (PID: 728)
      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Process drops legitimate windows executable

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Reads the Windows owner or organization settings

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Reads security settings of Internet Explorer

      • SoundBoosterTaskHost.exe (PID: 6664)
      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1328)

    • There is functionality for taking screenshot (YARA)

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

  • INFO

    • Checks supported languages

      • LetasoftSoundBooster1.11.0.514.exe (PID: 728)
      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)
      • SoundBoosterTaskHost.exe (PID: 6664)
      • SoundBoosterService.exe (PID: 6764)
      • identity_helper.exe (PID: 7312)

    • Create files in a temporary directory

      • LetasoftSoundBooster1.11.0.514.exe (PID: 728)
      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • The sample compiled with russian language support

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Creates files in the program directory

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • The sample compiled with portuguese language support

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Detects InnoSetup installer (YARA)

      • LetasoftSoundBooster1.11.0.514.exe (PID: 728)
      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Creates files or folders in the user directory

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Launching a file from the Startup directory

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Reads the computer name

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)
      • SoundBoosterTaskHost.exe (PID: 6664)
      • SoundBoosterService.exe (PID: 6764)
      • identity_helper.exe (PID: 7312)

    • The sample compiled with english language support

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Creates a software uninstall entry

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Process checks computer location settings

      • SoundBoosterTaskHost.exe (PID: 6664)

    • Application launched itself

      • msedge.exe (PID: 3460)
      • msedge.exe (PID: 6700)
      • msedge.exe (PID: 4100)

    • Reads Environment values

      • identity_helper.exe (PID: 7312)

    • Compiled with Borland Delphi (YARA)

      • LetasoftSoundBooster1.11.0.514.tmp (PID: 7016)

    • Checks proxy server information

      • slui.exe (PID: 8116)

    • Manual execution by a user

      • msedge.exe (PID: 3460)

    • Reads the software policy settings

      • slui.exe (PID: 8116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37888
InitializedDataSize: 25600
UninitializedDataSize: -
EntryPoint: 0x9c14
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.11.0.514
ProductVersionNumber: 1.11.0.514
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: lrepacks.ru
FileDescription: Letasoft Sound Booster Setup
FileVersion: 1.11.0.514.0
LegalCopyright:
ProductName: Letasoft Sound Booster
ProductVersion: 1.11.0.514
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
195
Monitored processes
53
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start letasoftsoundbooster1.11.0.514.exe letasoftsoundbooster1.11.0.514.tmp net.exe no specs conhost.exe no specs net1.exe no specs soundboostertaskhost.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs soundboosterservice.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs letasoftsoundbooster1.11.0.514.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5900,i,12989103358001614675,6001816860044026639,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
504"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --disable-quic --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5708,i,12989103358001614675,6001816860044026639,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
728"C:\Users\admin\Desktop\LetasoftSoundBooster1.11.0.514.exe" C:\Users\admin\Desktop\LetasoftSoundBooster1.11.0.514.exe
explorer.exe
User:
admin
Company:
lrepacks.ru
Integrity Level:
HIGH
Description:
Letasoft Sound Booster Setup
Exit code:
0
Version:
1.11.0.514.0
Modules
Images
c:\users\admin\desktop\letasoftsoundbooster1.11.0.514.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1328 /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"C:\Windows\System32\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2748,i,12989103358001614675,6001816860044026639,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1964"net" stop "SoundBoosterService"C:\Windows\SysWOW64\net.exeLetasoftSoundBooster1.11.0.514.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2216"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --subproc-heap-profiling --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5272,i,12989103358001614675,6001816860044026639,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2368"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3724,i,12989103358001614675,6001816860044026639,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2996"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5972,i,12989103358001614675,6001816860044026639,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3392"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"C:\Windows\SysWOW64\regsvr32.exeSoundBoosterTaskHost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
9 966
Read events
9 819
Write events
146
Delete events
1

Modification events

(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files (x86)\Letasoft Sound Booster\unins000.exe" /SILENT
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:DisplayVersion
Value:
1.11.0.514
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:Publisher
Value:
lrepacks.ru
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:URLInfoAbout
Value:
http://www.letasoft.com/
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:NoModify
Value:
1
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:NoRepair
Value:
1
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:InstallDate
Value:
20250713
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:MajorVersion
Value:
1
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:MinorVersion
Value:
11
(PID) Process:(7016) LetasoftSoundBooster1.11.0.514.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Letasoft Sound Booster_is1
Operation:writeName:EstimatedSize
Value:
17598
Executable files
65
Suspicious files
519
Text files
108
Unknown types
0

Dropped files

PID
Process
Filename
Type
728LetasoftSoundBooster1.11.0.514.exeC:\Users\admin\AppData\Local\Temp\is-RS7JC.tmp\LetasoftSoundBooster1.11.0.514.tmpexecutable
MD5:F452ACB6931212C712E83C490CE03820
SHA256:4E2F6A65494716DD18C25E59201989D4F82EA4AA4969FC08787B7BFCF2DE95D1
7016LetasoftSoundBooster1.11.0.514.tmpC:\Users\admin\AppData\Local\Temp\is-OGVQI.tmp\_isetup\_RegDLL.tmpexecutable
MD5:0EE914C6F0BB93996C75941E1AD629C6
SHA256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
7016LetasoftSoundBooster1.11.0.514.tmpC:\Users\admin\AppData\Local\Temp\is-OGVQI.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
7016LetasoftSoundBooster1.11.0.514.tmpC:\Users\admin\AppData\Local\Temp\is-OGVQI.tmp\VclStylesInno.dllexecutable
MD5:B0CA93CEB050A2FEFF0B19E65072BBB5
SHA256:0E93313F42084D804B9AC4BE53D844E549CFCAF19E6F276A3B0F82F01B9B2246
7016LetasoftSoundBooster1.11.0.514.tmpC:\Users\admin\AppData\Local\Temp\is-OGVQI.tmp\_isetup\_setup64.tmpexecutable
MD5:4FF75F505FDDCC6A9AE62216446205D9
SHA256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
7016LetasoftSoundBooster1.11.0.514.tmpC:\Program Files (x86)\Letasoft Sound Booster\is-QSH4T.tmpexecutable
MD5:AD9567092E61E9C3CD609EC0E336AE1E
SHA256:37E21F684C36CDFC46121F4349383EB3861A1066D8C256E6D33B2B8B3ED23B0D
7016LetasoftSoundBooster1.11.0.514.tmpC:\Users\admin\AppData\Local\Temp\is-OGVQI.tmp\ISTask.dllexecutable
MD5:86A1311D51C00B278CB7F27796EA442E
SHA256:E916BDF232744E00CBD8D608168A019C9F41A68A7E8390AA48CFB525276C483D
7016LetasoftSoundBooster1.11.0.514.tmpC:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dllexecutable
MD5:EA3641C75404987F24521605034B0319
SHA256:223624EA747D66F06C94054EF32B34CC6598B2D0D35A2C8A9B9E6B2ABC6129A1
7016LetasoftSoundBooster1.11.0.514.tmpC:\Program Files (x86)\Letasoft Sound Booster\is-4U6MI.tmpexecutable
MD5:E8154119721584AD451EE0B00277F706
SHA256:1DB1FE09338F1D7B2413B621D2CD8C9200541A781AF1F04BCAB6E13E642735EE
7016LetasoftSoundBooster1.11.0.514.tmpC:\Program Files (x86)\Letasoft Sound Booster\is-H505I.tmpexecutable
MD5:76F4DB217E748C5111B346AB50B574AE
SHA256:6F216CA50A4FBAD5368E3242B66B13E1BA2FF5D88CC496506CAFB0B9F0BE1459
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
96
TCP/UDP connections
226
DNS requests
182
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2428
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2428
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6812
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:9szzTtnxMsJwQr4mXOkZ7EvqBPqt2TjBEqVZmABRZnE&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
GET
200
5.44.221.96:443
https://lrepacks.net/templates/biz-ideas/css/engine.css?ver=34213
unknown
POST
400
20.190.160.64:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
GET
200
92.123.104.45:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
binary
25 b
whitelisted
POST
400
20.190.160.64:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
40.126.32.76:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2428
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2428
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2428
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
login.live.com
  • 40.126.32.76
  • 20.190.160.66
  • 40.126.32.140
  • 20.190.160.65
  • 40.126.32.136
  • 40.126.32.133
  • 40.126.32.138
  • 20.190.160.4
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.19
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
lrepacks.ru
  • 5.44.221.96
whitelisted
copilot.microsoft.com
  • 92.123.104.45
  • 92.123.104.53
whitelisted

Threats

PID
Process
Class
Message
6812
msedge.exe
Misc activity
ET INFO Observed Telegram Domain (t .me in TLS SNI)
6812
msedge.exe
Misc activity
ET INFO Observed Telegram Domain (t .me in TLS SNI)
Misc activity
ET WEB_CLIENT Observed Hunter Obfuscator Code M1
Misc activity
ET WEB_CLIENT Observed Hunter Obfuscator Code M1
Misc activity
ET WEB_CLIENT Observed Hunter Obfuscator Code M1
6812
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
6812
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
LetasoftSoundBooster1.11.0.514.exe