banload | a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3

Resubmissions

30-06-2024 18:29

240630-w47crssckh 10

30-06-2024 18:24

240630-w2dyfasbmb 7

Analysis

max time kernel
136s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyplaceControlInstall.exe
Size

5.9MB
MD5

de3f653561daa3c88bea49b8a6df874b
SHA1

08720bc41df746aa0a2eb4a4c46ebbbecca0f123
SHA256

a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3
SHA512

a8d237ba7cf89d7101fe42ed4a1c841c934f222ccc2041494bf49f67c4cc9bf190988a7a138860a9aec3e6862cb99663dcde96c93ba40b81a923fc68dae2ac7f
SSDEEP

98304:FtUY9cZjRMe8g7dF1OPYtugGpbNer/xZssPZ31x+B10Q3RAss685EL4bD/vcMTL:FjqN1NZF1OAtugM6vZYRAZiyD/vcMTL

Score

10^/10

banload bootkit discovery downloader dropper persistence trojan upx

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	APC_Admin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	APC_Admin.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	apc_hostconfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	AnyplaceControlInstall.exe

Executes dropped EXE 9 IoCs

pid	Process
4624	apc_hostconfig.exe
4428	apc_host.exe
1464	apc_host.exe
884	apc_host.exe
2452	apc_host.exe
400	hcs.exe
3916	hcs.exe
3800	hcs.exe
1116	APC_Admin.exe

Loads dropped DLL 10 IoCs

pid	Process
2248	AnyplaceControlInstall.exe
2248	AnyplaceControlInstall.exe
2248	AnyplaceControlInstall.exe
2248	AnyplaceControlInstall.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
1116	APC_Admin.exe
1116	APC_Admin.exe
1116	APC_Admin.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2248-0-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/2248-63-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/files/0x0007000000023580-174.dat	upx
behavioral2/memory/2248-191-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/2248-366-0x0000000000400000-0x0000000000469000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	APC_Admin.exe
File opened for modification	\??\PhysicalDrive0	APC_Admin.exe

Drops file in Program Files directory 55 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.RUS.lng	AnyplaceControlInstall.exe
File created	C:\Program Files (x86)\Anyplace Control\$_Temp_$.$$$	apc_hostconfig.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.DEU.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostconfig.RUS	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\license.txt	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Uninstall.exe	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.FRA.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.FRA	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.DEU	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.PLK.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostConfig.ARA	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.exe	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostconfig.PTB	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostconfig.DEU	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostconfig.ESN	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\libspeexdsp.dll	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.ESN	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.PTB	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.PTB.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostconfig.FRA	AnyplaceControlInstall.exe
File created	C:\Program Files (x86)\Anyplace Control\license.txt	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\isHost.dat	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.DEU.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ITA.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\install.sss	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.RUS	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.PLK	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.RUS.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ARA.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ntv.lng	AnyplaceControlInstall.exe
File created	C:\Program Files (x86)\Anyplace Control\installerpath.txt	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ARA.lng	AnyplaceControlInstall.exe
File created	C:\Program Files (x86)\Anyplace Control\anyplace-control.ini	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostConfig.PLK	AnyplaceControlInstall.exe
File created	C:\Program Files (x86)\Anyplace Control\Uninstall.exe	AnyplaceControlInstall.exe
File opened for modification	C:\PROGRAM FILES (X86)\ANYPLACE CONTROL\INSTALL.LOG	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ntv.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ESN.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.ITA	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\libspeex.dll	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\installerpath.txt	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\isAdmin.dat	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_host.exe	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.PLK.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ESN.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.FRA.lng	AnyplaceControlInstall.exe
File created	C:\Program Files (x86)\Anyplace Control\install.sss	AnyplaceControlInstall.exe
File created	C:\Program Files (x86)\Anyplace Control\$_Temp_$.$$$	APC_Admin.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_Admin.ARA	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ITA.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.PTB.lng	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\apc_hostconfig.ITA	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\hcs.exe	AnyplaceControlInstall.exe
File opened for modification	C:\Program Files (x86)\Anyplace Control\Anyplace Control.chm	AnyplaceControlInstall.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\apcErrorsLog.txt	AnyplaceControlInstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31116059"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3461440230"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3461440230"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31116059"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F96E8959-370E-11EF-B8C0-527CD1CC5F27} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE

Modifies registry class 25 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\InprocServer32	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\VersionIndependentProgID\ = "DXImageTransform.Microsoft.Iris"	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\InprocServer32\ThreadingModel = "Both"	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\ToolBoxBitmap32	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\ToolBoxBitmap32\ = "C:\\Windows\\SysWOW64\\Dxtmsft.dll,235"	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\VersionIndependentProgID	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\ = "AudioMixer"	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\LocalServer32	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\Implemented Categories	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\ProgID	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\ProgID\ = "APC_Admin.AudioMixer"	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\ = "Iris"	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\ProgID\ = "DXImageTransform.Microsoft.Iris.1"	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\APC_Admin.AudioMixer\Clsid\ = "{35F45D48-100C-4603-AA40-D10516B07704}"	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\InprocServer32\ = "C:\\Windows\\SysWOW64\\Dxtmsft.dll"	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\LocalServer32\ = "C:\\PROGRA~2\\ANYPLA~1\\APC_AD~1.EXE"	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\APC_Admin.AudioMixer\Clsid	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\ProgID	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\Programmable	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\Implemented Categories\{C501EDBE-9E70-11D1-9053-00C04FD9189D}	APC_Admin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\APC_Admin.AudioMixer\ = "AudioMixer"	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}	APC_Admin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\APC_Admin.AudioMixer	APC_Admin.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe
884	apc_host.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1116	APC_Admin.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	3916	hcs.exe
Token: SeIncBasePriorityPrivilege	400	hcs.exe
Token: SeIncBasePriorityPrivilege	3800	hcs.exe
Token: 33	1116	APC_Admin.exe
Token: SeIncBasePriorityPrivilege	1116	APC_Admin.exe
Token: SeIncBasePriorityPrivilege	1116	APC_Admin.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2604	IEXPLORE.EXE
1116	APC_Admin.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
1116	APC_Admin.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe
2452	apc_host.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4624	apc_hostconfig.exe
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
3540	IEXPLORE.EXE
3540	IEXPLORE.EXE
1116	APC_Admin.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 4624	2248	AnyplaceControlInstall.exe	96
PID 2248 wrote to memory of 4624	2248	AnyplaceControlInstall.exe	96
PID 2248 wrote to memory of 4624	2248	AnyplaceControlInstall.exe	96
PID 4624 wrote to memory of 4428	4624	apc_hostconfig.exe	100
PID 4624 wrote to memory of 4428	4624	apc_hostconfig.exe	100
PID 4624 wrote to memory of 4428	4624	apc_hostconfig.exe	100
PID 4624 wrote to memory of 1464	4624	apc_hostconfig.exe	101
PID 4624 wrote to memory of 1464	4624	apc_hostconfig.exe	101
PID 4624 wrote to memory of 1464	4624	apc_hostconfig.exe	101
PID 884 wrote to memory of 2452	884	apc_host.exe	103
PID 884 wrote to memory of 2452	884	apc_host.exe	103
PID 884 wrote to memory of 2452	884	apc_host.exe	103
PID 2452 wrote to memory of 400	2452	apc_host.exe	104
PID 2452 wrote to memory of 400	2452	apc_host.exe	104
PID 2452 wrote to memory of 400	2452	apc_host.exe	104
PID 2452 wrote to memory of 3916	2452	apc_host.exe	105
PID 2452 wrote to memory of 3916	2452	apc_host.exe	105
PID 2452 wrote to memory of 3916	2452	apc_host.exe	105
PID 2452 wrote to memory of 3800	2452	apc_host.exe	106
PID 2452 wrote to memory of 3800	2452	apc_host.exe	106
PID 2452 wrote to memory of 3800	2452	apc_host.exe	106
PID 2248 wrote to memory of 5060	2248	AnyplaceControlInstall.exe	107
PID 2248 wrote to memory of 5060	2248	AnyplaceControlInstall.exe	107
PID 2248 wrote to memory of 5060	2248	AnyplaceControlInstall.exe	107
PID 5060 wrote to memory of 2604	5060	iexplore.exe	109
PID 5060 wrote to memory of 2604	5060	iexplore.exe	109
PID 2248 wrote to memory of 1116	2248	AnyplaceControlInstall.exe	108
PID 2248 wrote to memory of 1116	2248	AnyplaceControlInstall.exe	108
PID 2248 wrote to memory of 1116	2248	AnyplaceControlInstall.exe	108
PID 2604 wrote to memory of 3540	2604	IEXPLORE.EXE	111
PID 2604 wrote to memory of 3540	2604	IEXPLORE.EXE	111
PID 2604 wrote to memory of 3540	2604	IEXPLORE.EXE	111

C:\Users\Admin\AppData\Local\Temp\AnyplaceControlInstall.exe
"C:\Users\Admin\AppData\Local\Temp\AnyplaceControlInstall.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe
  "C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe" /setup
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4624
- - C:\Program Files (x86)\Anyplace Control\apc_host.exe
    "C:\Program Files (x86)\Anyplace Control\apc_host.exe" /uninstall /silent
    3⤵
    - Executes dropped EXE
    PID:4428
- - C:\Program Files (x86)\Anyplace Control\apc_host.exe
    "C:\Program Files (x86)\Anyplace Control\apc_host.exe" /install /silent
    3⤵
    - Executes dropped EXE
    PID:1464
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.anyplace-control.com/install.shtml?ver=7.7_Trial
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5060
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.anyplace-control.com/install.shtml?ver=7.7_Trial
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:17410 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3540
- C:\Program Files (x86)\Anyplace Control\APC_Admin.exe
  "C:\Program Files (x86)\Anyplace Control\APC_Admin.exe"
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=2860,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8
1⤵
PID:3636

C:\Program Files (x86)\Anyplace Control\apc_host.exe
"C:\Program Files (x86)\Anyplace Control\apc_host.exe" /service
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files (x86)\Anyplace Control\apc_host.exe
  "C:\Program Files (x86)\Anyplace Control\apc_host.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Program Files (x86)\Anyplace Control\hcs.exe
    "C:\Program Files (x86)\Anyplace Control\hcs.exe" "/effects=onC:\ProgramData\Anyplace?Control?4\apc-settings.ini"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:400
- - C:\Program Files (x86)\Anyplace Control\hcs.exe
    "C:\Program Files (x86)\Anyplace Control\hcs.exe" "/theme=onC:\ProgramData\Anyplace?Control?4\apc-settings.ini"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3916
- - C:\Program Files (x86)\Anyplace Control\hcs.exe
    "C:\Program Files (x86)\Anyplace Control\hcs.exe" "/wallpaper=on"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ARA.lng

Filesize
44KB

MD5
7764e37f150f70775c6ef91d9c7760ba

SHA1
9f319704b17e1b06d162f5d40f5ea4496b638a13

SHA256
a3b337303f3c6df1719f70a231a68ea8d598feef888d4397500f3b82f466c76a

SHA512
727938caa240f2cab575f8544b4e0f5e06b0eaba0e51bf690850a999de8ee4e2e3bce903eddd0b160d8ae2b2c8f981e101939ff3d903e1537bab4b830552f194

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.DEU.lng

Filesize
49KB

MD5
02fef8483e07c70c4d50d88254a77442

SHA1
f01d858771e5b4da487c936efe93d3fb9b29da5c

SHA256
2e24e66b727b0666345f3d5122bba078194b58b4a9fb47611001686a5b898940

SHA512
454d48052a0a1e2cb31e30d8607b420e484aa7202fc560964e9a4b1923953034aa531bba88b26321c193f9f2656be90219384a384cb2f04658824f26c6f350c5

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ESN.lng

Filesize
47KB

MD5
3945ddc928d3e686bc75f9c0ee653d54

SHA1
4bd8923acf7b55b8c39a08962a28f341fed25d71

SHA256
776376937dfbad4a9d35091deb95a6ae6bfe8545b56531f80c26664df0995dd7

SHA512
018bb391c63e8fbde470bf19771e1890efe757d011f964dcf4b68ccab56d86a2182c794a676f8b64cb05451a107c148a82fc84549bf80d96132ff1d5c3d8501f

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.FRA.lng

Filesize
47KB

MD5
1c10410c63b59c7eefce0bd9ac741597

SHA1
e63b0018274b998446425733598c82b1dc6bff7f

SHA256
b5b8c3b38ff51fcbdac500857ba3afbaf9141aab0bf3428db885b2c3c5dec89c

SHA512
aec0f8f1034278c458c6f6f9b9754c4b52135d38e03ff6d36cbf586dadbec30c0c54c67577f9710db7a56d77cd1ed5f4b2e777b46e3eb336eb21e982f342ff60

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ITA.lng

Filesize
44KB

MD5
ad47f681788e149e62a66b30118a2ba8

SHA1
c11ae14e90e91a4d22f2abee1a255b5c04947672

SHA256
e88622e04f72207c13f91872be9a889074e99251e8ccb301a67eee4f85255cdc

SHA512
ebe457ad5a196dd7a0389b7922afcab6f68518b7ea90c12330b66d02522e1128f7fb7515bf8009e56b903e46a548993cf6c801a73e8aa68fef557122673b9979

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.PLK.lng

Filesize
46KB

MD5
e875e728e92f608b6f4fb1c1067fefd5

SHA1
de30099e326b34f24adda52293eb2f77947b2008

SHA256
2c11bab97fa3e56de9848b835219cae84fdb2c67bfc4d9b86bf070e8bcc0ea2f

SHA512
90c43e31cf0c440868e1b1108a8f5bedc3caa85c109f241457252da0c46631379e1f39c378a6da3451203f66db0fefce7eaa5a11a18e9f50c9e584342ad0c55f

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.PTB.lng

Filesize
43KB

MD5
cdc5f474b8995b47cefa21a431c48d4d

SHA1
7172b8f61576da51e37597eeed0887d0fe2ecb77

SHA256
e4ab8b7e00976c24d9d931a6b9c534feb03d99ef48a915d6e19bcfd020e4682c

SHA512
5c21b48e94195990941b089e17203254c4540e08193113aaef4239f29e70ec044d35375a3f67db00375ff35ffbebfeb46ced4d84bc8c2446c2e7c3afbea8f258

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.RUS.lng

Filesize
48KB

MD5
5ffd107d5a91c1b65497b2d7e068cad9

SHA1
e404114f1f53e5bbe7cf47f056d75b1749e53d67

SHA256
7ce30a40be65366c3a5f0a6d3cd58cf65ddf88c4584abe3816cf1290fae4e453

SHA512
eea77a9f6b56cdaa786865b3351bd856ba6ab76ab50cdcbfd4f4994c48ebd8a46fc12d680012afb393d135849e79775c5033b85dc607bc35276fb35bd9496911

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ntv.lng

Filesize
41KB

MD5
6d54dbaa36442c5ed70d9f4a3c9e4f6c

SHA1
97ff076996e24e7214ca995a4136ce6d1910b6d2

SHA256
d24f4e092844feaafb5fd40356aec339844c0e368ac01193307168fa1836796e

SHA512
00fdabd8e0bbaed09e00f8cbcdc03698851a58ce0e8e4615cb0920cbe86443b4e10457228b2703512bdd837bd3cc2e539e40876107e597baa86d7d0d972278d6

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ARA.lng

Filesize
15KB

MD5
29505760b01b20e3a345290acb79e380

SHA1
a2868ae6f743e5fa5223ae86dcac030ba26a718d

SHA256
94baad8ca3b4a175227d222c6c46c73aed77765955c7f2448972b81babd86d5f

SHA512
d7e6223e44fb1606de6949a421ddcd70d57f117bbbe1806716eb1cfadc32542ed73cf9efa73ff1db5801f0eab5e16f943bd35774c013403fdb11a691de903e67

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.DEU.lng

Filesize
16KB

MD5
96c15deca3303bb6314a6a85ed982343

SHA1
f98f4af6af45533a2a3383145fdd59a4e7a1b305

SHA256
7233ae2ec27a5c9629e5d8cfd257e2d134d2dff61112009e0dc3e8e87e5d2df9

SHA512
1bd747e5069d8254cdb7b91f0839c9a490e46465a3c4fca9331541254b86a7dd1a07cb3ad509510cd7ca27a25b7fb811ca595f1336541a3927d1d4129ba3f265

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ESN.lng

Filesize
15KB

MD5
2709136e66a75d553165731499f25727

SHA1
ecc9f4d0317b63ab369b1cae3241d1bdab3e1be7

SHA256
f2c9b0ac2d4ade74b06e424236fa22995ae6bf1d8566c49a14e6bba1be4bd761

SHA512
f2aa1621445ee6f3f16b28c7e0c93589a72b4c32cde3f03f3d78f00e2d5f0fba9ef64e03c999be8eae5d355999bc5c86a2b081ea133bec01a85f4ad12fb13925

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.FRA.lng

Filesize
16KB

MD5
bab1debe33fbba25db36184d2f8758ed

SHA1
9ac04c558ffe671475ae184cb092b849f0b68096

SHA256
640d2f9862083bcccb424d3577cf208a494048e440ddf33e9e2ea3c9b48aeb65

SHA512
2cc14816eaa422b720d4c685c2787809db9df2106eddee7075c2cf791dd3e56140ec7ade35ac693aa22d107a80c647bb452590b6cecb47b5b2c92caae0831071

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ITA.lng

Filesize
15KB

MD5
7f06681ac374281dad659daaf2693f04

SHA1
038deb2e88411a25ad54f86d8aadbcd031f05dca

SHA256
68ba10772d872b7e23ccd3548968c8162e9d10560fc1b6246fdd5a0d71095130

SHA512
6d1ec6b98ef61c21ee9e1be6a75afab17e30060364f5cc952a487523ff6cff8d070c54fbff4da70b6177841967b5e919f0674a723e4abdede8636c954df58e29

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.PLK.lng

Filesize
15KB

MD5
1c8930e03b014f7b077ca7b91741a0ed

SHA1
9d464a2940f980a1214a62a93c3b50fbc52b47a4

SHA256
9e2202a403904e8781ac07c568fd881132996b92bfb6385f59e6802c96754c68

SHA512
0a0014ced3b4a83903e83ebb151ab70b34b7d4ae23d62b761ed06b416c34821f6aa629998d21351889601bbf9331b3b44a6b03d01f69f05fb99356763673634c

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.PTB.lng

Filesize
14KB

MD5
c23b3e00798d63bd7ab04bf907445ca7

SHA1
b48afd4a8be27c760621d2981bcb4daad4f77994

SHA256
21cb670bd92b38dd59c8ff9871d56d507711dd4ff441990b7e5dd0c58ff77db1

SHA512
97eb6b2eb9e50b3ff75ef542e8e8d44c75d31bdb1a151b617a8a352da1096c8d3c2e2e304a6fe6c1caa03c9e07aae16f14b736c0f663e242904c4a0a06bbe9db

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.RUS.lng

Filesize
16KB

MD5
90332ae9fc903395f24946d069e83b24

SHA1
6b580bba051b56a30e22d19b79dbb2e06965392e

SHA256
648a671f6118f3686bd799d27750805e2511e17f1ea2babb60c5ca412c2ca0cb

SHA512
2cde055a2ca971db6d5e28b1f0b553edf08a84f42fb72dc810b1c983ddc1588618895486b03d478c56cffa14468c362a5028b21fa90fd9f39d3b1b34cbe5975f

Download Submit
C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ntv.lng

Filesize
14KB

MD5
cff2a653432f66665d908a5c28da6715

SHA1
a3b2dee9b0eecdfb2b2ba2e3c7ee947f83fdc2bf

SHA256
bad55c30ee336760cd008631bad031d8434509c53d1a7c0a8da7c7676b89d2aa

SHA512
4c6cfb1a87b6ad99f1d763a835ab52b550111c97260d17d1eea6a070bd993e1202092c47cb79acfc751459f254ec8d46e918d684d3715ae63d917b9292a09d18

Download Submit
C:\Program Files (x86)\Anyplace Control\Uninstall.exe

Filesize
448KB

MD5
030c84790f00aabadf034f07d6230041

SHA1
fd041ad10b6aef19eb8c49fdd653f974935db2ba

SHA256
437b05725d805498db25a19525f19f40e6583554648b6551618f2fa99e3f12da

SHA512
63f898e594ca49a5358cf496678ffb5997b77b531a76a3725eb3070bb0e65d28799099cc068fa9c9a053a18be888d85c0be04cb15455954ce7d1c5fc9624b7d5

Download Submit
C:\Program Files (x86)\Anyplace Control\apc_Admin.exe

Filesize
4.1MB

MD5
9d85b5b8ed5e380246827006e8ccef54

SHA1
0f73d88de310da8566ddfcc8d64ea32b2775f482

SHA256
b37b163faa092ee98b72a7c7705107e89563447256ca8cc887792cd3b0400e15

SHA512
6772e202a43ad6d0269c5c321e20035f7d0823522fa1bb4c0f57e18a59a50ef123f8aefabeffe96a5039d386bfb15e44887801f33fa2af94533f77f6549445d6

Download Submit
C:\Program Files (x86)\Anyplace Control\apc_host.exe

Filesize
658KB

MD5
c10838acc1c8548cdc5eb2f002ea557b

SHA1
3edb222ffdc070437dfe50a54bcca6eaa232b759

SHA256
2f1d18574cfcbb0191a778054f2074adb08d85c1a1b12ce8348e0cdd8e18140f

SHA512
81e2c74c46f04d9e4f34c63825d1a8e1aedc1d6cb15d03d16a6bd993f770c899b618d9799df0b4baa1ab6690d4cd7165c35c25bf8520b26bcc84972ad51b1296

Download Submit
C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe

Filesize
3.0MB

MD5
d207193c113475c2b95b76011a6594e9

SHA1
192d9137aec5e98458fb26a37f96126b98e90aff

SHA256
37bcc78a9f9df453dc849db5e04fc8297c19959ef36bbf17a3adbe16d6ca6a7f

SHA512
e959936444cc32e17808ff3fc4d22af2979744f6fb98e4e6be0b0659a6f2c8d6a2b7eb0df675ddd48dfcf3f2f4f6558a50784e5014b2b0d329bfe7d007be4430

Download Submit
C:\Program Files (x86)\Anyplace Control\hcs.exe

Filesize
113KB

MD5
cba8f7b9f88ba02c83c93ac4b6f1b2e8

SHA1
6327cda6cadac368b756e8f46c46b77f2593380b

SHA256
17417530a3212eb8fa7beb17715b60f40056e20210ff77d8f32675c38963612a

SHA512
a7cc264e0483bdb3ba4ec435400f90e1072a0d4bea726cc109db4cd07b33c78f7298d5f7a86130d2e0a0c132acbbdc2b98f4c46c1ecfbfbb4bbd8e9468096425

Download Submit
C:\Program Files (x86)\Anyplace Control\libspeex.dll

Filesize
166KB

MD5
e10db82c997a756a01b6f954e86b83e0

SHA1
411fca36d8639b0ba78d8b3cfe1421626a33e6b4

SHA256
65a9bbd5b3b9161c0dd61a9e185e391cfa68f31171e1a5fcfad20bcc9eb09480

SHA512
ad3915a619e139a39d9587975f20374852255437fbb31621be94252794beb553ac710ce5fd15ea562be753788c47ff49babd7f5361cb4665e748c8aada01ac8b

Download Submit
C:\Program Files (x86)\Anyplace Control\libspeexdsp.dll

Filesize
153KB

MD5
9a8608bb0b654c650743221914d87ac2

SHA1
bc4dde9361fe4170a93e6e9af80cb8a2aaf70f66

SHA256
f15b0408096eafc700fe069b716ffa921854b4e95bed33ad08524a59cc8ad57b

SHA512
ceac4b5b61528832eedfc98c050fda907df88ad9ad342257c2fb2e15d8e185cc1b7f73e0c773950b7a63a5266c900d3ada4d96a2135fa2b791b4577e0f27258f

Download Submit
C:\ProgramData\Anyplace Control 4\anyplace-control.ini

Filesize
47B

MD5
e25ec5f2679ca91503f4feeb2df38120

SHA1
3a283f1928198b130aba633ba970fbead9dd9434

SHA256
ab6099b829b1d43f02caa06acd3d747d43d4bdeaa6408cda8bcb933d59a5f06e

SHA512
b07f5a3fd195a365fc53332c7a7d32679d7b1ba8dfb84f938d08d9a788dbb9dfe70edf022d8280559d40f9e39bd265209e7ad538878d0c2a07c2bd3f80d33603

Download Submit
C:\ProgramData\Anyplace Control 4\apc-settings.ini

Filesize
115B

MD5
90ded55728410fb5fd1dbf2e390007b6

SHA1
e89e157395934b728e94437b361505f67869c75d

SHA256
aa523c9447b5b208f4c44fd38dc387da5d401bbe5a2443b3acff98a42ef65227

SHA512
24b02cc39ce2593a8f005a4c52d05187567d528174b74182d866af3ad2ff293fee6022e964dc82ad417852e13ec457c084ef88687ef7961703c66a3e3be2b284

Download Submit
C:\ProgramData\Anyplace Control 4\hostaccount.ini

Filesize
133B

MD5
75b3cde6505cd08c92905faabfcf53c5

SHA1
1b698d0f499c9c543ba2618938c5365c88ca2c7f

SHA256
92374f55a7ac668d78f871f3cd480f5f99e0cc239ae3fb08877890555e7dc379

SHA512
2084eed4fe2dcd106ad76228e45bbeeff9cb0f0ab8827bc8ae942a51facb7ec454b9956b38c3127c23b5628dd03550394c9e1f4d38db366101d7467f1d88a9fb

Download Submit
C:\ProgramData\Anyplace Control 4\installerpath.txt

Filesize
33B

MD5
33a6417430acf3de0d63ce51ea379446

SHA1
1edd015375aafbcfb019fbbff2e5f155fdc56bd0

SHA256
4fe93a90b2deab9e438b21127815cefebb8c3686c301b0cb110eb8ac18ec403a

SHA512
4f1f28fb96463b82403a43cb559b3a8a27d617864995adeb74b34f2d2856e5a9c11c1f562b28a867859cf7f59bf2b303a6434f27474e8d5e3fb9d3b8acb2faa3

Download Submit
C:\Temp\1J96B6OL\AnyplaceControlInstall\languages

Filesize
174KB

MD5
2c5134b2bd1e4af89a2572e896fd31e2

SHA1
0f7bc0f984501f6d3cae9807d34bdd985a999141

SHA256
01b6847ba2161f17dfe38dd752fdd0684e4496fe424ad73c0ed54efb425170b8

SHA512
4924615a4d707b3d52d632783ace9ec364bf9547b657b871e2fc6d1ed1879a89770d96e618ca02b7b3deda5a0a8df053ff0fde27d21ad02c779954a38a0e5c8d

Download Submit
C:\Temp\1J96B6OL\AnyplaceControlInstall\maindb

Filesize
16KB

MD5
f472cf8771749410a0225dfe4bbe9fc2

SHA1
335f08a23cfb03548e9cf58b754a413efd8458b9

SHA256
25fa7b9b80d88c6fd3e26acb02c7fbecf68a7c7191a2581bcd606e653b8ab074

SHA512
40717dc1f55c6a8e42fd538de687083e0e7ad1eac8d66c64c618d041afaa53ec71b49de51a110d11c600e7f0a39a1a9d2fac62f716fc3a58ede6b11161b0f882

Download Submit
C:\Temp\1J96B6OL\AnyplaceControlInstall\packagedb

Filesize
69KB

MD5
20716d05949ae0e74594a2cee336e61d

SHA1
90c81b1ec63b903fc45afa7efb6f76c2162b259c

SHA256
cc426a2472399f0ed54c008a82de94c35cbcff165dae37cde0b33463276e7b44

SHA512
77df714082353d2f8d950acff36596e21a6fc314db4942f6817075eb804daf9405f647c871bde69e358e152d80ae3758071d4bbffea580ac79e434643638c67c

Download Submit
C:\Temp\1J96B6OL\AnyplaceControlInstall\plugins\0\CustomUI.dll

Filesize
345KB

MD5
0fe39de528a1afa32ed1f5f10a02aa4e

SHA1
8651305d45126ad268b498eecab7db5cae570b7c

SHA256
2ad7b88bea948708cef7dd539567686b0662692802edf0bb544594306cef7c73

SHA512
74a2f59e7d2a788dda76c2566d7c827ecde4f3b5e16191586fbcab69b04f1436e0963b8dff97fbbe383e9c580c9fffe5a9a5fe11da8ede6b8d06dcb040c09e27

Download Submit
C:\Temp\1J96B6OL\AnyplaceControlInstall\presetup\banner.bmp

Filesize
10KB

MD5
2ac80f5708a0dd77f84668df5b2b6861

SHA1
4450aca3617f4448b98fba5b69fe3bbc0156c300

SHA256
88ec1c664c1fcc891c305d8f420fa3b9f4dbd7a9a9b615d92b1f3ca2eb96f076

SHA512
85d081de227b85747f3467e5fddf4306005b08cf3b3b4eec948f5a70019dc6d886a84eb872017712ad1f34e3fe27f03d8205c0546a3654a7daa770f19203e576

Download Submit
C:\Temp\1J96B6OL\AnyplaceControlInstall\presetup\license.txt

Filesize
5KB

MD5
d706f418d80726d8704a937a5dab89d4

SHA1
f2565d8accdc5db34041d496d2fcd1bec8c55815

SHA256
f920b0b71732f8dbc8de799122bcaee92cf84a16613d1054d79eebb8d81640c8

SHA512
c0fea9ed6e7531934d3ea9ff60040c470dfa30888c74a4f9fe1c9521ca15169df3e3eb60f7eefe929ca87e1dd3ef2d78595970f65935ceacfde92e274c38521b

Download Submit
C:\Temp\1J96B6OL\AnyplaceControlInstall\presetup\watermark.bmp

Filesize
58KB

MD5
04cd48a87a7aa1d2eee8098a55ff64dc

SHA1
04d72ff8628bf07dbcef244878691d1661c31d7c

SHA256
d9f88b7cad552d3117c1c9b700def1e60ba901420778fab68e1a3d3f96daea44

SHA512
1e22a05a18e1df0c1f7f4edf27ffec6ff7693d29ca0917729bab3cc69e463bdf23494cba574c4c5de174dd7b53d945152d4f11427af7e2b0ae174365242f3b69

Download Submit
C:\Temp\1J96B6OL\unpack.dll

Filesize
34KB

MD5
e619dbc708231336467add6b6f6ff99c

SHA1
cd9b0168d3d8259709098edea0d83834d580fbfb

SHA256
c66742cee46087844c244af84c91a464eeab5ac0fe57be6d9c7aef6daea54793

SHA512
5e5fb37db93eb11f7e0e7f5249e5733e6ecda3395ad51323d22bb1fbbf3e3b137c4554600faee5e53368426a0827add13862c3b400a7f54acbbbb2d9becfaf1e

Download Submit
memory/400-213-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/884-313-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/884-253-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/884-240-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/884-268-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/884-263-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/884-258-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/884-247-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/1116-371-0x0000000000400000-0x0000000000CA4000-memory.dmp

Filesize
8.6MB

Download
memory/1116-375-0x0000000000400000-0x0000000000CA4000-memory.dmp

Filesize
8.6MB

Download
memory/1116-373-0x0000000000400000-0x0000000000CA4000-memory.dmp

Filesize
8.6MB

Download
memory/1116-376-0x0000000000400000-0x0000000000CA4000-memory.dmp

Filesize
8.6MB

Download
memory/1116-326-0x0000000002F10000-0x0000000003115000-memory.dmp

Filesize
2.0MB

Download
memory/1116-330-0x0000000002F10000-0x0000000003115000-memory.dmp

Filesize
2.0MB

Download
memory/1116-325-0x0000000000400000-0x0000000000CA4000-memory.dmp

Filesize
8.6MB

Download
memory/1464-201-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/2248-252-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-63-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2248-192-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-191-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2248-306-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-6-0x0000000000A50000-0x0000000000A77000-memory.dmp

Filesize
156KB

Download
memory/2248-237-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-0-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2248-64-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-266-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-243-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-56-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/2248-366-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2452-241-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/2452-219-0x0000000002F10000-0x0000000002F3B000-memory.dmp

Filesize
172KB

Download
memory/2452-269-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/3800-212-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3916-211-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4428-198-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4624-239-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4624-307-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download
memory/4624-195-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download
memory/4624-303-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download
memory/4624-238-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download
memory/4624-180-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4624-267-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download
memory/4624-244-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download
memory/4624-257-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download
memory/4624-249-0x0000000000400000-0x0000000000700000-memory.dmp

Filesize
3.0MB

Download