Malware Analysis Report

2024-10-16 03:32

Sample ID 240908-x8lgjasbjn
Target http://www.anyplace-control.com/[email protected]&pas=aXBhZElPUzkuMy41
Tags
banload bootkit discovery downloader dropper persistence trojan upx phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://www.anyplace-control.com/[email protected]&pas=aXBhZElPUzkuMy41 was found to be: Known bad.

Malicious Activity Summary

banload bootkit discovery downloader dropper persistence trojan upx phishing

Banload

A potential corporate email address has been identified in the URL: [email protected]

UPX packed file

Checks computer location settings

Executes dropped EXE

Checks BIOS information in registry

Loads dropped DLL

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Drops file in Program Files directory

Drops file in Windows directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-08 19:31

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-08 19:31

Reported

2024-09-08 19:38

Platform

win10v2004-20240802-en

Max time kernel

398s

Max time network

380s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.anyplace-control.com/[email protected]&pas=aXBhZElPUzkuMy41

Signatures

Banload

trojan dropper downloader banload

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
N/A N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
N/A N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\hcs.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\hcs.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\hcs.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\hcs.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\hcs.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\hcs.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
N/A N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
N/A N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
N/A N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Anyplace Control\libspeex.dll C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.RUS C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.RUS.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostconfig.PTB C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\install.sss C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostConfig.PLK C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.ARA C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostConfig.ARA C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\anyplace-control.ini C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.PTB.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostconfig.DEU C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ESN.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.ITA C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostconfig.ESN C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\hcs.exe C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\$_Temp_$.$$$ C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostconfig.ITA C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\installerpath.txt C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.exe C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.RUS.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ARA.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.DEU.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.PTB.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\isHost.dat C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.FRA.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.FRA C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ITA.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ARA.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Uninstall.exe C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.DEU.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.DEU C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.PLK.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\libspeexdsp.dll C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.PTB C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ntv.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.ESN.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.PLK C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_host.exe C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_hostConfig.FRA.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ANYPLACE CONTROL\INSTALL.LOG C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\$_Temp_$.$$$ C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\installerpath.txt C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\isAdmin.dat C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostconfig.RUS C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\$_Temp_$.$$$ C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Anyplace Control.chm C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ITA.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.PLK.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_hostconfig.FRA C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\Uninstall.exe C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\install.sss C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\Languages\apc_Admin.ntv.lng C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\apc_Admin.ESN C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File created C:\Program Files (x86)\Anyplace Control\license.txt C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
File opened for modification C:\Program Files (x86)\Anyplace Control\license.txt C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\apcErrorsLog.txt C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\hcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Anyplace Control Support\hcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AnyplaceControlInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\iexplore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea125702b7698d479b1c3c8e0190d45f0000000002000000000010660000000100002000000004849e2539f5c9da48ab82f76bf269457d3fbcfca35d72d0acfbf13d46a44c77000000000e8000000002000020000000cc800c34f5e69b61fbb9255759181f4e49661b0cb5fd2d697893ecf18678350b200000008dbf77bee9b1e8355a8c3320be4772a6ffa37013aa1bc4edc58e6f508dcc4a70400000008ca9e413ded8a090be6e2b65e6d4bec862e6811f5ba3670890d82e2144043b10cf3574e194ae65b07edb00478d7d178021c25bdc5179acd89b85a5846373a9fc C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31130150" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1715001301" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1706094824" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31130150" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1715001301" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1706094824" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31130150" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208a25712602db01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea125702b7698d479b1c3c8e0190d45f000000000200000000001066000000010000200000007965ff112a4b7f02712794782cab0b1748d843fa14742f02ef9d7690992b5886000000000e8000000002000020000000b2ff4ef8c10cdc232a3587ee4e25aa5d439cc16eea185cd9c99b119a8f5b55e02000000033441cef94d0e420e4de6400d615491328bc2be1296cbe111a74103de06ac37940000000a64baca8603f20f08daca28f037977368c69cde5fa013d2fc88a7e30ab00475a99a5f81658dd292e47fd593613c22e172cd529afb1f43d0d8beb2ade934d61b9 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432589125" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8CB2276A-6E19-11EF-AC6B-4A4A300BA5D9} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31130150" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30cf20712602db01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702975026871233" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\InProcServer32\ = "%CommonProgramFiles%\\System\\Ole DB\\msdaps.dll" C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\qixwwjhay\ = "QyveHEN\\\\@auHb@ahXuP" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704} C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\qixwwjhay C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\rjckr\ = "\x7fbCULM@^icAujWvpG" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\GVsyIai\ = "funQHHqOQdr~" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ym{d[pUk|[TGlr[^^EOPeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai\ = "rrSaX\\jP`UOS" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\ = "PSFactoryBuffer" C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\LocalServer32\ = "C:\\PROGRA~2\\ANYPLA~1\\APC_AD~1.EXE" C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\frflfYqbc C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\Plbofa C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai\ = "rBSaX\\jv^am{" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\qixwwjhay C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704} C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\GVsyIai\ = "eenQHHpks}cR" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\ = "AudioMixer" C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\rNMoiK C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\frflfYqbc\ = "JIdIsG[uIed~TIB]ruZUfxqXY}Ft~" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\GVsyIai C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\frflfYqbc\ = "JIdIsG[uIed~TIB]rvJUfxqXY}Ft~" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\LocalServer32 C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\xuQllabo\ = "v~GYn}pKo[iQir_io\x7faHwNx" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\Plbofa C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai\ = "tRSaX\\iEDOcI" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\qixwwjhay\ = "QwHhm^idoWBCDdz_xHtP" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ymxd[pUk|[WGlr[^^EOPeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\apc_Admin.AudioMixer\ = "AudioMixer" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai\ = "srSaX\\jhQ^l@" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\apc_Admin.AudioMixer\Clsid C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\rjckr C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\apc_Admin.AudioMixer\Clsid\ = "{35F45D48-100C-4603-AA40-D10516B07704}" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ymxd[pUk|[WGlr[^^EmPeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ymxd[pUk|[WGlr[^^DKPeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ymxd[pUk|[WGlr[^^DZPeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\InProcServer32 C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\Plbofa\ = "izyelHU|skX]K_nQdk\\]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\ProgID\ = "APC_Admin.AudioMixer" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\GVsyIai\ = "dunQHHrNzBeW" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\frflfYqbc\ = "JIgIsG[uIeg~TIB]rwnUfxqXY}Ft~" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649} C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\APC_Admin.AudioMixer\Clsid C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ymxd[pUk|[WGlr[^^D{PeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\rjckr\ = "KZM~KhBaB[jBFD}ay" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\vgtaqw\ = "zUEnEoNeP^}[MxfMVDKjsfCjpR_{`" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ymxd[pUk|[WGlr[^^G[PeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\frflfYqbc\ = "JIdIsG[uIed~TIB]ruzUfxqXY}Ft~" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\GVsyIai\ = "cUnQHHqGm[Gh" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\vgtaqw\ = "D|N}lcMx|awyjWpaxrxVP[jdJG@NP" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai\ = "qrSaX\\ig{Toy" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\frflfYqbc\ = "JIdIsG[uIed~TIB]rvjUfxqXY}Ft~" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai\ = "sRSaX\\kbXfLZ" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\ProgID C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\ = "AudioMixer" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\GVsyIai\ = "dUnQHHs`qrh{" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\apc_Admin.AudioMixer\ = "AudioMixer" C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F45D48-100C-4603-AA40-D10516B07704}\LocalServer32\ = "C:\\PROGRA~2\\ANYPLA~1\\APC_AD~1.EXE" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\frflfYqbc\ = "JIdIsG[uIed~TIB]rvZUfxqXY}Ft~" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\frflfYqbc\ = "ymxd[pUk|[WGlr[^^E|PeZWeBy~f]" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{38BBF227-9F4E-5C9E-F8F4-01B55D7A2098}\GVsyIai\ = "sbSaX\\huijIV" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\{EF7F67C4-88BB-13D1-B2E4-0060975B8649}\GVsyIai\ = "cEnQHHs~WgOH" C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\ProgramData\TEMP:EF7F67C4 C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
File opened for modification C:\ProgramData\TEMP:EF7F67C4 C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\ProgramData\Anyplace Control Support\hcs.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\APC_Admin.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A
N/A N/A C:\Program Files (x86)\Anyplace Control\apc_host.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4944 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4944 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.anyplace-control.com/[email protected]&pas=aXBhZElPUzkuMy41

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb752dcc40,0x7ffb752dcc4c,0x7ffb752dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4900,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4916,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4920,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4508,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4292 /prefetch:8

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

"C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe"

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe /service

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

"" "/runsupportversion"

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe /service

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

"" "/runsupportversion"

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe /service

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

"" "/runsupportversion"

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe /service

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

"" "/runsupportversion"

C:\ProgramData\Anyplace Control Support\hcs.exe

"C:\ProgramData\Anyplace Control Support\hcs.exe" "/effects=onC:\ProgramData\Anyplace?Control?Support\apc-settings.ini"

C:\ProgramData\Anyplace Control Support\hcs.exe

"C:\ProgramData\Anyplace Control Support\hcs.exe" "/theme=onC:\ProgramData\Anyplace?Control?Support\apc-settings.ini"

C:\ProgramData\Anyplace Control Support\hcs.exe

"C:\ProgramData\Anyplace Control Support\hcs.exe" "/wallpaper=on"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4944,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4284 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4516,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3036,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4048,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3104,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=1444,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5080,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5168,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3164,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5536 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4972,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5936,i,18043414041167077175,208139379100709196,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:8

C:\Users\Admin\Downloads\AnyplaceControlInstall.exe

"C:\Users\Admin\Downloads\AnyplaceControlInstall.exe"

C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe

"C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe" /setup

C:\Program Files (x86)\Anyplace Control\apc_host.exe

"C:\Program Files (x86)\Anyplace Control\apc_host.exe" /uninstall /silent

C:\Program Files (x86)\Anyplace Control\apc_host.exe

"C:\Program Files (x86)\Anyplace Control\apc_host.exe" /install /silent

C:\Program Files (x86)\Anyplace Control\apc_host.exe

"C:\Program Files (x86)\Anyplace Control\apc_host.exe" /service

C:\Program Files (x86)\Anyplace Control\apc_host.exe

"C:\Program Files (x86)\Anyplace Control\apc_host.exe"

C:\Program Files (x86)\Anyplace Control\hcs.exe

"C:\Program Files (x86)\Anyplace Control\hcs.exe" "/effects=onC:\ProgramData\Anyplace?Control?4\apc-settings.ini"

C:\Program Files (x86)\Anyplace Control\hcs.exe

"C:\Program Files (x86)\Anyplace Control\hcs.exe" "/theme=onC:\ProgramData\Anyplace?Control?4\apc-settings.ini"

C:\Program Files (x86)\Anyplace Control\hcs.exe

"C:\Program Files (x86)\Anyplace Control\hcs.exe" "/wallpaper=on"

C:\Program Files (x86)\Anyplace Control\apc_Admin.exe

"C:\Program Files (x86)\Anyplace Control\apc_Admin.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\af41d0efcca74c4d98762267b3481407 /t 4812 /p 4412

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.anyplace-control.com/install.shtml?ver=7.7_Trial

C:\Program Files (x86)\Anyplace Control\APC_Admin.exe

"C:\Program Files (x86)\Anyplace Control\APC_Admin.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.anyplace-control.com/install.shtml?ver=7.7_Trial

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:664 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Anyplace Control\apc_host.exe

"C:\Program Files (x86)\Anyplace Control\apc_host.exe" /portable

C:\Program Files (x86)\Anyplace Control\apc_host.exe

"C:\Program Files (x86)\Anyplace Control\apc_host.exe" /service /portable

C:\Program Files (x86)\Anyplace Control\apc_host.exe

"C:\Program Files (x86)\Anyplace Control\apc_host.exe" /runportable

C:\Program Files (x86)\Anyplace Control\hcs.exe

"C:\Program Files (x86)\Anyplace Control\hcs.exe" "/effects=onC:\ProgramData\Anyplace?Control?Portable\apc-settings.ini"

C:\Program Files (x86)\Anyplace Control\hcs.exe

"C:\Program Files (x86)\Anyplace Control\hcs.exe" "/theme=onC:\ProgramData\Anyplace?Control?Portable\apc-settings.ini"

C:\Program Files (x86)\Anyplace Control\hcs.exe

"C:\Program Files (x86)\Anyplace Control\hcs.exe" "/wallpaper=on"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

"C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe"

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe /service

C:\Users\Admin\Downloads\support-bWFjb3NmYW5nYW1lckBkaXNyb290Lm9yZyBpcGFkSU9TOS4zLjUgaXBhZElPUzkuMy41.exe

"" "/runsupportversion"

C:\ProgramData\Anyplace Control Support\hcs.exe

"C:\ProgramData\Anyplace Control Support\hcs.exe" "/effects=onC:\ProgramData\Anyplace?Control?Support\apc-settings.ini"

C:\ProgramData\Anyplace Control Support\hcs.exe

"C:\ProgramData\Anyplace Control Support\hcs.exe" "/theme=onC:\ProgramData\Anyplace?Control?Support\apc-settings.ini"

C:\ProgramData\Anyplace Control Support\hcs.exe

"C:\ProgramData\Anyplace Control Support\hcs.exe" "/wallpaper=on"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.anyplace-control.com udp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:443 www.anyplace-control.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
US 8.8.8.8:53 s7.addthis.com udp
GB 2.22.69.243:80 s7.addthis.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
GB 2.22.69.243:443 s7.addthis.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 30.128.153.160.in-addr.arpa udp
US 8.8.8.8:53 243.69.22.2.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 74.125.71.154:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.201.99:443 www.google.co.uk tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 154.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 anyplace-gateway.work udp
US 216.158.90.159:443 anyplace-gateway.work tcp
US 8.8.8.8:53 159.90.158.216.in-addr.arpa udp
US 216.158.90.159:443 anyplace-gateway.work tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
NL 160.153.128.30:443 www.anyplace-control.com tcp
NL 160.153.128.30:443 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
GB 216.58.201.99:443 www.google.co.uk udp
US 8.8.8.8:53 s7.addthis.com udp
NL 160.153.128.30:80 www.anyplace-control.com tcp
GB 2.22.69.243:443 s7.addthis.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.201.99:443 www.google.co.uk udp
US 8.8.8.8:53 www.anyplace-control.com udp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
US 8.8.8.8:53 s7.addthis.com udp
GB 2.22.69.243:80 s7.addthis.com tcp
GB 2.22.69.243:80 s7.addthis.com tcp
GB 2.22.69.243:443 s7.addthis.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
FR 157.240.196.35:443 www.facebook.com tcp
FR 157.240.196.35:443 www.facebook.com tcp
GB 2.22.69.243:443 s7.addthis.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.179.227:80 o.pki.goog tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
NL 160.153.128.30:80 www.anyplace-control.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 25.58.98.181:5279 tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 216.158.90.159:443 anyplace-gateway.work tcp
US 216.158.90.159:443 anyplace-gateway.work tcp

Files

\??\pipe\crashpad_4944_BONUUIXDRBOVXCBW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Unconfirmed 784753.crdownload

MD5 ef4721dad9aa243d4ffeb92ad201a170
SHA1 a40e84fdb3344d5df64c27cc601d9e3f5c09e144
SHA256 10acb760be8c1d2c60d8d67fe8ad71c15fd57edcc3d000208572234312299a8e
SHA512 e21a211909a1d8d4cda07e7ea3bc0c28e0d77bdae63c66a381051f849230ddc49571c60b7c58a64e6bfccd57948d4e57119985f0ddc619c78832d76ab7c10684

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5e9c36a52e84ae012f71ad74c4480f7c
SHA1 a0583792fba1a148bac8d4ce08fe2d3a47113f11
SHA256 d2970ba92cbc79971b646c98ff50b6eb395163436a2e7f57cfa7066fa0473385
SHA512 8e0f5310707b5ece20da923c88c0becf3714c8686dd06eb70bdb62d48c32de26ba126e1e45ef266f9ee4f8b4fdb1aabc489902fa6d1afdb4bd5cf0e38cc21d74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2b6af96654d3e66099e4123ddc1dc00f
SHA1 e3be35b44ac032b2757158e58e13165dc64bd32d
SHA256 fcf2cd57de73ae14733b8fbbc7c488881f32340191dbe840efa0d745c260f6e8
SHA512 754e8f52d48433d38b41cb2ed4099241308298299218f96f4bb8c92776b1ba0f3b583ad406d2436d78a77cb40f940adc834584126e6bb8603e42f3ef4dac9042

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6240f23ceef3e4191205e3f04a3fca4
SHA1 c717a686c8c1f174c654192673f031e762ff4337
SHA256 35d125fc5e6c5c560f616acd59700cec3af50368a1ca867039edf4114770f3be
SHA512 71d0feccb2479c06af2ba2f04bce337824561d6afebce20b4ed18ba38681431df668070a62f49e503a58ed8cce0b1e16f523830141c28fd01c042c90028e3ce3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ad48094ad9a67aee870608933eb8151
SHA1 c42f7f1755e9d13b208f801e38b0147ebfecb9e9
SHA256 e2b79239a23b6d38d441b0de3e29d4f2f877de90694dce91e6b2de36ace57706
SHA512 bb001a8097f3f02c1007b341d5b22e3356fc689dbb33c95403887e60cc2f3c7f95700caec6e9cbac5f52a2849abd8c6ee2a0416d108300c44cec640ea7f37e81

memory/3584-75-0x00000000008F0000-0x00000000008F1000-memory.dmp

C:\ProgramData\Anyplace Control Support\sessionID.txt

MD5 a5ea0ad9260b1550a14cc58d2c39b03d
SHA1 f0aedf295071ed34ab8c6a7692223d22b6a19841
SHA256 f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04
SHA512 7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

memory/1100-81-0x00000000006B0000-0x00000000006B1000-memory.dmp

memory/1100-84-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\ProgramData\Anyplace Control Support\hcs.exe

MD5 ac5933067b2c38299ae1443331a61511
SHA1 f1176f9bd6540bb4c1d9a7b723a42ff12c98b8b9
SHA256 8c305bb4c07fac5c88ad1906e6195dd8176f7b6e5014e8fb3e081a45161cf72a
SHA512 c53d784fd5d37e1b753b3397711e36aa3f6d323d1c9f82a7a8c6ae4947b21c125a64517ac76278350beee30faa53ef985c975f19007a43766594423bca4f1727

C:\ProgramData\Anyplace Control Support\libspeexdsp.dll

MD5 9a8608bb0b654c650743221914d87ac2
SHA1 bc4dde9361fe4170a93e6e9af80cb8a2aaf70f66
SHA256 f15b0408096eafc700fe069b716ffa921854b4e95bed33ad08524a59cc8ad57b
SHA512 ceac4b5b61528832eedfc98c050fda907df88ad9ad342257c2fb2e15d8e185cc1b7f73e0c773950b7a63a5266c900d3ada4d96a2135fa2b791b4577e0f27258f

C:\ProgramData\Anyplace Control Support\libspeex.dll

MD5 e10db82c997a756a01b6f954e86b83e0
SHA1 411fca36d8639b0ba78d8b3cfe1421626a33e6b4
SHA256 65a9bbd5b3b9161c0dd61a9e185e391cfa68f31171e1a5fcfad20bcc9eb09480
SHA512 ad3915a619e139a39d9587975f20374852255437fbb31621be94252794beb553ac710ce5fd15ea562be753788c47ff49babd7f5361cb4665e748c8aada01ac8b

memory/1020-96-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\ProgramData\Anyplace Control Support\apcErrorsLog.txt

MD5 84d3f2ec9d92ad118ea2555cd96a965b
SHA1 522a6fa7f23ae318ecc207ccb435daf3f11b9ca2
SHA256 fc7001b7650439d3f4aa4997ee28c0d82ea1f514a209ee7ede10c4a930f78f2f
SHA512 b8f55a2dbb60bc56e47ed144b472f2d57d2352d3824ac3d653b50e0fa9a55bafb5695f1aac48e5f80abc4451697d7fb8434590b2159c9ca01c5a0a17ad1af781

memory/1928-108-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\ProgramData\Anyplace Control Support\apcErrorsLog.txt

MD5 5b2c0d77fe5386a7f6b56b6a99121543
SHA1 9415ad7e5e7fc73b6c71f0b6db7f148736d678ac
SHA256 cd3fe9230d4e8da08829515afc93cc3e7f8c68232f99eeacc3ab4e22c7b8cc8d
SHA512 88a5495b03e04e7093dba3bea0bf3ce8ac44597493428231b95bbf44883c92ffabe3014a021c164ac282230a21f654e0e6e284ce2f74503266d323dbd7f47557

memory/3584-112-0x0000000000400000-0x00000000005DC000-memory.dmp

memory/116-113-0x0000000000400000-0x00000000005DC000-memory.dmp

memory/2736-121-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\ProgramData\Anyplace Control Support\apcErrorsLog.txt

MD5 04042f92c28db2187fcfdb8483fb650b
SHA1 6a1fcb050ef1e776dcc9561fae692ae1269eb8c6
SHA256 c1d9330b8ca29d72a45979f114d07a066feca04b3d3fc475fcdac3e7a4ec9db4
SHA512 142b30c85228c35e66cb3ad5051aaee31b64979652c68e3156746bb82303a025ac364e663abe18828f6d653637a33d8bc84164cfc937cc24b461a5a501325066

memory/4596-125-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\ProgramData\Anyplace Control Support\apcErrorsLog.txt

MD5 35ce5da2fec3eecd376a9b4421c9c58c
SHA1 f6318d51e53ab775dd7fe227b82d0393263cb520
SHA256 9a7e8acbc8f05e574d7eab139ff019262e561600beb683a62da6029fbcc1e721
SHA512 ed43306acd8a18de4d75cbb2d46ee9c0b532cbb2da26aa270dd2715075d9009ae0a5cbd89336969b188f1a47cbb18069cfd6406e348d6cc389040a06dd79b5a5

memory/3568-137-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\ProgramData\Anyplace Control Support\apc-settings.ini

MD5 fa8126804ceaeafc067868d6d23734ac
SHA1 4d64c63322d4dfab5246b745cca8d2f79fb5d2fd
SHA256 73c2d9a0f0bb7af4115e0ae343629bebd2eab55327078b371c9b0d4d1d0f35ef
SHA512 bb689a79c564845ab879155ddb779c926b3552e7663504500dd7254241ea4726d801bca4ab0e9b1fd231b37f1cfaec485711f4643122437668286b95ffcf5a87

memory/3476-147-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5072-148-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2920-149-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5020-155-0x0000000003090000-0x00000000030BB000-memory.dmp

C:\ProgramData\Anyplace Control Support\hostaccount.ini

MD5 c1c5d4d96ed7f07e85c9e5d127ee46ed
SHA1 915b2e6ee734d1a626b2817577e206103271cbeb
SHA256 288a472eb969b29b9cd16925a36d1d36d7766120762bcac6cb107b025260854c
SHA512 233a4b4c78b20e01357ae4c7d55ea10f9f97ef3a963c75117600e2acc6d1b5b28601c2017fec941c7c13bb4c706a1693ee7bf4633863593b33f0ca38e11bc6d6

C:\ProgramData\Anyplace Control Support\hoststate.dat

MD5 633effab2e017c9eb53aeb94756d2a67
SHA1 37fedc3e552b5cc558844523c626211af90851d5
SHA256 321b509184b50734b014538a58e336d802dc4a81033c723da1c49242811a3690
SHA512 ebec8b46c6a57163975b083de4589570996c819aa6fb1ced60f15340b5ea542c512789e027bf737ce735ff4eeeda4c78f34d74479eaa1e8bda57fa602557dc1c

C:\ProgramData\Anyplace Control Support\hostaccount.ini

MD5 13bfc149dc5da5783ecdaf7f897a27dd
SHA1 0f395f43086c18acd767f84a822875c7d3c38113
SHA256 cf3247e3d70514088a1e2a9bb1fd91c40137be7b32e5708f18ea583c44dd1b43
SHA512 6ed774acc2541afc4e93cbe9c94bcf888f0fa9d3ba7fc5d9435306035b56d11c33a0b84e6560d8b12ad131813e398afdc12a611da23e5360b3019b94071ea3ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c425cec1fa28aa9cd4b43b3e9a26c50a
SHA1 c14444efff4613af13b33ed0a541fd01db399072
SHA256 d6ddb6fc3094847a6426122e00448da016cba49689daecfc2886cda71620d324
SHA512 6b7520b6198c49a68015e7109ccc6d588e4f598acb90717bbcd8554dd22c66cdea0b5b813b1c837d05bb5ff3f88ff32668922d0b758404b3705405c8f2b9d6d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f85d751257c637e9252df76f44785781
SHA1 4689b2f8eead91676c99cca3ea614c42ea33d420
SHA256 94ff7dda7712f286b47286518e2c151288bd50cf74bb7fa0e4c219555e797987
SHA512 a6b79aa1dbd5a73a39ca63494606cd039ea8db5303084fd5286a38df0b007ae15e1e1381a783ead5b947b2312451cdb45698ea0a8fddcded08c02f8db7931436

memory/5020-218-0x0000000000400000-0x00000000005DC000-memory.dmp

memory/5020-239-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13d9e6b4c6cd006be6a84de8a30cd98f
SHA1 0b878cef282e31870142a2e4ca3f5b692512dcc9
SHA256 9ee619f2f0cca215d9908c4530ac1fc6c73e021f49cb47ea7d09c2b5d531a4b3
SHA512 3e084732339da9c4af228235989602c4f345e1c664fae891ff92b3a517dd26ab587b32d28d9b5b15aa80e4eb1e6a04aa13ccb8331378691a2b82d4277d1376b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f8d5e6e54a76d76378c011810b15af0e
SHA1 752c4920502e2a8007d4d783d919520fb1431a8d
SHA256 ee9dd700727797938851809bf602d8274f6af9db5fee8a955aa36d32639cdcdf
SHA512 393ef2552052e96785ef0c6159a6c1fb75189e64a81a65088bb60de90e4d8c576704a242fad58ec03ef3f6d7ce68f9a9ccd154e11bfc6887f5199ec9253e35ba

memory/5020-278-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc74d483f757d915560f1122a0ef1cfd
SHA1 9b037532691bd3ec6a5dc15b8058ad4387b71664
SHA256 c8832eccd511519b2ea3ac6d4be5005ed9b6a7aab3b6d3d44038d2222b65b68c
SHA512 583017d8b4e9f36f457f71576f2ed2395c7166b4c5978bce8c477b0b36a25feb943459fbc2f87fedc21c01fb5e84e9f64e38b643c05acec1f2429780b46cd248

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae8ad021-6a67-48e6-9657-2d20eaed23cb.tmp

MD5 ea19b1e2cb82a810415c0c86b316182a
SHA1 cd4be20126a8fe06c72f742250c0aa5cad91337b
SHA256 c3a6ec272f0fa51cc0c59cc98e153934be0cb57cd3692567767ee28f31617f89
SHA512 74aa32c91d58a6aff06eeff82a874d4fb75b2d753f79cb0a0b479ccfefa8f8d31e4f02fbe78b126aebd5aad4d74427bc2d99aff12bace9b79acd7910135ee1a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f0cb2a70c592735b29fad9671afacd54
SHA1 0d16d7867db536116222dfc5bc57d8cedac662ee
SHA256 911126018c447bd20e7ccd750aab10ee7a66e4e2913a69a30eadc2716e2e3107
SHA512 69a96facf870141a95d6fd630c5d63c04c57717f0c41862c36c83423f63f85fb09920f6602c28526fdfa856a604d2e0909a5a2ded184ff3b717e8e60645a9a29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b0c475a5842278c2eedaeb974128eb6
SHA1 d84a75b8c3a3eddef9ff79b74294a097cc4e5700
SHA256 80c24590f5d35fc579fbdda59026513725d528dc47c116c2575d0300d63dff01
SHA512 e88a8929b43f155972d1f4e038fed80eb8861201a802ba634a821259c6f20ffc17f08736e8caf0b94b5628dbecf3e16946f1c19c90e9142bc427cc10b5e7ea5a

memory/5020-394-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0d304b8b98913e7a9e52adaa4e5988a
SHA1 b3ae44913ec74eff733f6c017dd3f0f6ff34558d
SHA256 9e6aa652a47b52b20375c175befd51f74ea6aeb76c469e418e80fbbcd4165663
SHA512 76f13a4d2c6104c179a7f08722dfbb4cf069dabb296f2df12ff796584981bb830f882904ae5704165169de25cb17e8878c1a95aec0d50f06696afb043d82eddf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63b93b9cc3265611925d755ff0440b1d
SHA1 e642278b4825173ecbad462491b6a7a29adf6798
SHA256 12ff9b618564c865e98a9e0c60705e28ff64156dad848201b8a7c64eef5ee9f0
SHA512 8bde0f1b60ebec057123e570cc4818910355c1494188a42c8231b8081a5528072e7a35e70af1c4acd381169b4aa921c002bea453f391feffc0d9e1390d76546c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 438c767c3ee96a87bbe56b2b352155c3
SHA1 a4ee1adc74b6efe8d39ff211c00acff7e54190a2
SHA256 5a07658c184a606b5c32b7a653154cfef986417a9ad39dcee61467149ca9681c
SHA512 9542d7ff9490fa4f74b4ff2253c1ad2451aecbebca13ddd9b33eac90c646e90a01a740d283c975504c4194bd207b17e42f9a402ba7641114bcdca43688742c7a

C:\ProgramData\Anyplace Control Support\hoststate.dat

MD5 e211696a2de61daa2dd28ff12447b7ae
SHA1 21a276f5723d849e8aa1b28cc66f001c1811b6bd
SHA256 91c1ece3a9a2f0be4b84a9e209a88def0323ef7c42f2d476a6e5af0ac6a1d2bd
SHA512 9b470387a1a828df2f986d5066911199b1a2e89e0a857518ccb6104b5e49ef57cd2947005b5c77898b62529b6eeff808d23f71c52ccb1c1745f84015fee57446

memory/5020-580-0x0000000000400000-0x00000000005DC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b73517fc34cf3e20b04b9b9d46364454
SHA1 6bdfd69d217d46a0bdab29be9b5129860f545b7c
SHA256 366ac2d34d3ca2d7ff8d0f732a5a568aaa57cb0eeba59f7e529b597f720731ad
SHA512 2c645909b5f3c53713c6a3bcbe0f3eb37b96aa5b0b9b4c801f7ac82c6d1b9b5e951fe40d436013aab3c338a25747e8c8df78dd480626e2a9e959878cd9d7f39d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8722a1692a91f256640b6976f97640a
SHA1 0ffb4c192e2fb3b00c25dcc6e5e4930725c6cd35
SHA256 fe88e53b47edcdcb019168d1bb3a3c50b0a4688b1e85be028c19b4c48feb37a1
SHA512 8924d40862a360f91b8dd21455cd738e33127205520a078811e164017bce59bdbbcbdf005fae83f1d2f68a4bcb817cf189531cf7c7057bbdebe74e74322a151a

C:\Users\Admin\Downloads\AnyplaceControlInstall.exe

MD5 de3f653561daa3c88bea49b8a6df874b
SHA1 08720bc41df746aa0a2eb4a4c46ebbbecca0f123
SHA256 a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3
SHA512 a8d237ba7cf89d7101fe42ed4a1c841c934f222ccc2041494bf49f67c4cc9bf190988a7a138860a9aec3e6862cb99663dcde96c93ba40b81a923fc68dae2ac7f

memory/2064-630-0x0000000000400000-0x0000000000469000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\unpack.dll

MD5 e619dbc708231336467add6b6f6ff99c
SHA1 cd9b0168d3d8259709098edea0d83834d580fbfb
SHA256 c66742cee46087844c244af84c91a464eeab5ac0fe57be6d9c7aef6daea54793
SHA512 5e5fb37db93eb11f7e0e7f5249e5733e6ecda3395ad51323d22bb1fbbf3e3b137c4554600faee5e53368426a0827add13862c3b400a7f54acbbbb2d9becfaf1e

memory/2064-637-0x0000000002300000-0x0000000002327000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\AnyplaceControlInstall\plugins\0\CustomUI.dll

MD5 0fe39de528a1afa32ed1f5f10a02aa4e
SHA1 8651305d45126ad268b498eecab7db5cae570b7c
SHA256 2ad7b88bea948708cef7dd539567686b0662692802edf0bb544594306cef7c73
SHA512 74a2f59e7d2a788dda76c2566d7c827ecde4f3b5e16191586fbcab69b04f1436e0963b8dff97fbbe383e9c580c9fffe5a9a5fe11da8ede6b8d06dcb040c09e27

memory/2064-688-0x0000000002C70000-0x0000000002CCD000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b76772362da4027203c2d267346304d7
SHA1 6c267ad301026b35c9863a607b3bbb984054f61b
SHA256 391ae7ee9b65e803f1918d8a1e19a29f9efe0a4f5eee51fe32fff73fae29fe13
SHA512 8c32c6befce5594e01158856af4df54baf9e5dd2c6c14d745a8093627c212fb0060ddde81d17eea46c197d19ecec428ef010c121a8c387b5ace970afe6f87209

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\AnyplaceControlInstall\presetup\banner.bmp

MD5 2ac80f5708a0dd77f84668df5b2b6861
SHA1 4450aca3617f4448b98fba5b69fe3bbc0156c300
SHA256 88ec1c664c1fcc891c305d8f420fa3b9f4dbd7a9a9b615d92b1f3ca2eb96f076
SHA512 85d081de227b85747f3467e5fddf4306005b08cf3b3b4eec948f5a70019dc6d886a84eb872017712ad1f34e3fe27f03d8205c0546a3654a7daa770f19203e576

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61936f5e2a52c1bdc486dbf7e4563e2d
SHA1 2233677cb6f41214d82448f94f7e082d3575857e
SHA256 545e7e15d4f53fbca6357d848abd21291c989e0956ed1b9479097fac18757dce
SHA512 a613ac3f59f8b6b1971beeb5b6eaec50151513cae3db9dddd192aace54afd84a0ee01e61a4bffdc7b05408cbfcad28e49b1f2bc140cbdd1cd8a5c3aebbb072c0

memory/2064-751-0x0000000000400000-0x0000000000469000-memory.dmp

memory/2064-748-0x0000000000400000-0x0000000000469000-memory.dmp

memory/2064-749-0x0000000002C70000-0x0000000002CCD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\AnyplaceControlInstall\presetup\license.txt

MD5 d706f418d80726d8704a937a5dab89d4
SHA1 f2565d8accdc5db34041d496d2fcd1bec8c55815
SHA256 f920b0b71732f8dbc8de799122bcaee92cf84a16613d1054d79eebb8d81640c8
SHA512 c0fea9ed6e7531934d3ea9ff60040c470dfa30888c74a4f9fe1c9521ca15169df3e3eb60f7eefe929ca87e1dd3ef2d78595970f65935ceacfde92e274c38521b

C:\Program Files (x86)\Anyplace Control\apc_Admin.exe

MD5 9d85b5b8ed5e380246827006e8ccef54
SHA1 0f73d88de310da8566ddfcc8d64ea32b2775f482
SHA256 b37b163faa092ee98b72a7c7705107e89563447256ca8cc887792cd3b0400e15
SHA512 6772e202a43ad6d0269c5c321e20035f7d0823522fa1bb4c0f57e18a59a50ef123f8aefabeffe96a5039d386bfb15e44887801f33fa2af94533f77f6549445d6

C:\Program Files (x86)\Anyplace Control\apc_host.exe

MD5 c10838acc1c8548cdc5eb2f002ea557b
SHA1 3edb222ffdc070437dfe50a54bcca6eaa232b759
SHA256 2f1d18574cfcbb0191a778054f2074adb08d85c1a1b12ce8348e0cdd8e18140f
SHA512 81e2c74c46f04d9e4f34c63825d1a8e1aedc1d6cb15d03d16a6bd993f770c899b618d9799df0b4baa1ab6690d4cd7165c35c25bf8520b26bcc84972ad51b1296

C:\Program Files (x86)\Anyplace Control\apc_hostconfig.exe

MD5 d207193c113475c2b95b76011a6594e9
SHA1 192d9137aec5e98458fb26a37f96126b98e90aff
SHA256 37bcc78a9f9df453dc849db5e04fc8297c19959ef36bbf17a3adbe16d6ca6a7f
SHA512 e959936444cc32e17808ff3fc4d22af2979744f6fb98e4e6be0b0659a6f2c8d6a2b7eb0df675ddd48dfcf3f2f4f6558a50784e5014b2b0d329bfe7d007be4430

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6d3fa543646eb4d8ae41bf8f7b946af
SHA1 1ef0ec5406f6768a4def7cbfed82225b87140a4e
SHA256 7890c7277784464100e13d1ed400acdd11142069557fc96855e5fc969f9685f3
SHA512 7d93af59783a57f3bfc7766dd0f3700a215b3adb0e0a74879e6a2ce305a4beef00e351b2588997b5c3f97cbe7b7aacb7606822e9a7bd774636eeb24056b8da62

memory/5020-875-0x0000000000400000-0x00000000005DC000-memory.dmp

memory/4636-876-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/748-877-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Program Files (x86)\Anyplace Control\hcs.exe

MD5 cba8f7b9f88ba02c83c93ac4b6f1b2e8
SHA1 6327cda6cadac368b756e8f46c46b77f2593380b
SHA256 17417530a3212eb8fa7beb17715b60f40056e20210ff77d8f32675c38963612a
SHA512 a7cc264e0483bdb3ba4ec435400f90e1072a0d4bea726cc109db4cd07b33c78f7298d5f7a86130d2e0a0c132acbbdc2b98f4c46c1ecfbfbb4bbd8e9468096425

memory/1928-883-0x0000000000400000-0x0000000000421000-memory.dmp

memory/1672-884-0x0000000000400000-0x0000000000421000-memory.dmp

memory/2440-885-0x0000000000400000-0x0000000000421000-memory.dmp

memory/3836-886-0x0000000002DF0000-0x0000000002E1B000-memory.dmp

C:\ProgramData\Anyplace Control 4\hostaccount.ini

MD5 97fe7c7b7457acef6a3a8083d57ec606
SHA1 c4804a8f573864c1c0194a983ae39fd1de95a3ac
SHA256 e53eab77e449a2271201ace529453c52e28a49624b7d1247b167b5248d2ac578
SHA512 e92158ece07b0b76c131ab2ea0f8214a5537bd9f00525903c95abb4c7935c1abaceea2cb93fdddc4bde2d4f87e0ec301d0f9a50e070fe21158cca5828b6bd83a

memory/2064-903-0x0000000000400000-0x0000000000469000-memory.dmp

memory/2064-904-0x0000000002C70000-0x0000000002CCD000-memory.dmp

memory/3812-905-0x0000000000400000-0x0000000000700000-memory.dmp

memory/4780-906-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/2064-909-0x0000000002C70000-0x0000000002CCD000-memory.dmp

memory/3836-910-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8c521632cf631cab7cc55c9dd3555ab
SHA1 b96ad0c18744ead48823221c1b248439101de3d3
SHA256 ad7961ff49c192535ffbdbcc9d228e72a076469cb446098a98ee52f6afab0bf3
SHA512 4db815784a21405edf4179d63f1bc5144e73cbab2ad6fc8c479187b8cc2fa8233a595367ed30a11404f3a8b32152294d1fc5b9ec8f6f2b5cccb2b3db1478619a

memory/3812-920-0x0000000000400000-0x0000000000700000-memory.dmp

memory/4780-921-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bac82a6ef1459e0ef8300b200024f55a
SHA1 f57c60336fafb3a15ccf3dc8b9db7c5b3eba4e9f
SHA256 5978b8b570c037d04046727a4954890314eb5e55d915961a4384e7809ef8f476
SHA512 95e4f525d1c8789fd18a4dc9a38625a683aacce32e1c77d044287d98d044a87838ff45eb00904d02c35a40c90586f03c98e4367e6fd3f4d066771282b7a153af

memory/4780-935-0x0000000000400000-0x00000000004AD000-memory.dmp

memory/3812-939-0x0000000000400000-0x0000000000700000-memory.dmp

memory/4780-940-0x0000000000400000-0x00000000004AD000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dae14f09d273e7319de887113a7856aa
SHA1 721e6c85c8bbccbbc2f0149120fdeecf0030bab9
SHA256 f5d1f7e12466fc8b062c34c2011650ca50e0898c86291b46665ff582ba26bb87
SHA512 0c755f1f6a64505590a241118cb65483065cda432f6f7eb0b4bf292b5caaac03a76868bfe781a8acb216bea89a103b1d148efdc990cddb49a43b8450dc57ba5e

memory/2064-951-0x0000000002C70000-0x0000000002CCD000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d71de72524b9e5f36e422665cf826351
SHA1 53ddc52c8be213b2112e19263a2b7dd18aa9dfdd
SHA256 e3ec69bf55ef8c590ab7b285788bd1b0275755e8a9f2e7af2daed4e2e487a4ab
SHA512 4f9c51fa28946e3bb99170b8123d32953315883e94f42c452815dbcff4d135e7f357bb5ce5551e5ff75f850dd449d2c889755118635999529543dfdeee874a2f

memory/3812-963-0x0000000000400000-0x0000000000700000-memory.dmp

memory/4412-965-0x0000000002E80000-0x0000000003085000-memory.dmp

memory/4412-970-0x0000000000400000-0x0000000000CA4000-memory.dmp

C:\ProgramData\Anyplace Control 4\apc-settings.ini

MD5 cd33bafabe9c3bd380c569c43b61563f
SHA1 8bf03fddf400034d77150e2380ea4aa4c668198f
SHA256 cee33b725d72d3dcb2882f9e8776637a1cade6ba7df47d38410638ca7f9e3028
SHA512 455ed24519115019b0659093540b4466eefb5fcb1e39657570701fad0fcfe75c46ca67c07bca81e5442d5a6862441d9a0edd6f33d0f5e19fbea1ccc9615766fa

C:\ProgramData\Anyplace Control 4\installerpath.txt

MD5 b5645107869e09472275159beda89d27
SHA1 a74c06b2f32b4c658b9e2b32d66c66aabce49951
SHA256 12734f9c2b26afb1db706131705f320b3892a3ab081423db53431c319ca58b96
SHA512 779c88e355d8e678d87fd9dc2abc9626c198f21a7edbb0b0522abcf875b4354329ff645926829fabaa097a6bbef4f2a3433d210ef7d37c2acf4da2c473447517

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b8ba69befcaf8a01970c9cff747957d
SHA1 a087112a80cfe50bfb60cc80a3e12fe188fd9898
SHA256 58f2a477defa17d1e55f137b7375079a8428c9a4915e1407f5925080613e8fcb
SHA512 8455c70b6a4280ab5aa39e51021f122408a5f8dab72f18c3a48033f1b86a5c6f23b79684debe0129e04f441972b0d96d204cd39c42496427cfacc576f3f3d10b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6eb6f1efa4bd49d990b70c5a21b81474
SHA1 143a8e750a7bcdc220680c465f75b465d0b759c4
SHA256 6a650b14b8620ac4a45fb84d72e549a075fbac64f21b2177dac71e81dd40157a
SHA512 620e7db178100f48e5006e80a2fca1169eecdb1a95c9ea41c6392fbd04685e3990de7a616da37ca0b1246135ad1e58acdd01441ad10c3489e3d935dc4d8fc204

memory/4412-1073-0x0000000000400000-0x0000000000CA4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1f1bb1ce5c823fc2bd5cb608a56a9d5
SHA1 7ad03ba69688e96a20ff82cd7ab07ab2664ec925
SHA256 a8aeccbf9104460ab6404ccc7a11da23da5d1531239cdbc73c1cc32ac0cf7c8f
SHA512 f84a096258d293314b73d8c05b6747a6ac8cb00e678e94ca44449738556106d56e0f96b1baedb55636bf70c3e0b34a985d26e6a6a4bb10431d9bc4d8044c009e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6fd7ec9d0628dd6c39fb16fe1b01dd3d
SHA1 6db02a9d70289bcbd27507cb380e7855c61dc3c2
SHA256 1a7034a7645a69d473f3826378a7402684f54390f5393ea0ed3bf665d3152a76
SHA512 a2b737f4622c199019dafbc85c3f1853ce72868c84e3d1a0645d9afbc8f136bd6833793d473dbd4536c7f69355e58c4bc1b795cb453261c4dd018daad9a3016b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 733fe70b87d80e878faf01a76c3190f8
SHA1 7be228eef80f9a87176dd43ec984c2643ada1008
SHA256 b092bdd8acdaee2913d1f585692ad4e2016b3176887cb8aea084f356188b3e1e
SHA512 946ddc063e7426292fbf6d5921c4a585e3d9eda88365933fd4fd1f54ba1419d7091e14506cc8c909c816b4144367ff243f09d07bfe5cc3b0796f56720b14bc06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 79f0a6a8a3b0f611d35a21faaf63dade
SHA1 dd01915f12e3ac429499688cc8c4e68360242576
SHA256 44c07453054a57909f115cba9c83a2a407d0f480beab7b440aa0b47b7145d0df
SHA512 ed034086040e5a04374c520990457be84423f6b32a4f044631bab32f63221d23fd158214aceda981076d433ad253b93f03e7340e1cbb148b9c4c5c6e55caeeff

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\AnyplaceControlInstall\languages

MD5 2c5134b2bd1e4af89a2572e896fd31e2
SHA1 0f7bc0f984501f6d3cae9807d34bdd985a999141
SHA256 01b6847ba2161f17dfe38dd752fdd0684e4496fe424ad73c0ed54efb425170b8
SHA512 4924615a4d707b3d52d632783ace9ec364bf9547b657b871e2fc6d1ed1879a89770d96e618ca02b7b3deda5a0a8df053ff0fde27d21ad02c779954a38a0e5c8d

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\AnyplaceControlInstall\presetup\watermark.bmp

MD5 04cd48a87a7aa1d2eee8098a55ff64dc
SHA1 04d72ff8628bf07dbcef244878691d1661c31d7c
SHA256 d9f88b7cad552d3117c1c9b700def1e60ba901420778fab68e1a3d3f96daea44
SHA512 1e22a05a18e1df0c1f7f4edf27ffec6ff7693d29ca0917729bab3cc69e463bdf23494cba574c4c5de174dd7b53d945152d4f11427af7e2b0ae174365242f3b69

memory/2064-1223-0x0000000000400000-0x0000000000469000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\AnyplaceControlInstall\maindb

MD5 f472cf8771749410a0225dfe4bbe9fc2
SHA1 335f08a23cfb03548e9cf58b754a413efd8458b9
SHA256 25fa7b9b80d88c6fd3e26acb02c7fbecf68a7c7191a2581bcd606e653b8ab074
SHA512 40717dc1f55c6a8e42fd538de687083e0e7ad1eac8d66c64c618d041afaa53ec71b49de51a110d11c600e7f0a39a1a9d2fac62f716fc3a58ede6b11161b0f882

C:\Users\Admin\AppData\Local\Temp\1LD6MV6H\AnyplaceControlInstall\packagedb

MD5 20716d05949ae0e74594a2cee336e61d
SHA1 90c81b1ec63b903fc45afa7efb6f76c2162b259c
SHA256 cc426a2472399f0ed54c008a82de94c35cbcff165dae37cde0b33463276e7b44
SHA512 77df714082353d2f8d950acff36596e21a6fc314db4942f6817075eb804daf9405f647c871bde69e358e152d80ae3758071d4bbffea580ac79e434643638c67c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3GJVVK7B\favicon[1].ico

MD5 928f7712fc3295843c332514bc276202
SHA1 f123bf5fe215c9ab8742c3b1d1e2ee80304f4c14
SHA256 cf06fa3dde8493b6308351ca6167644925d5d4f73a2acd0f52789c7fb8fa7a37
SHA512 32bfa8cc3bfbe77f2816c885b99c30addd2d58eba8ecc4c07b9dbe84bddaff000465674522aa7ca5063394a9f4e174c692c00b5e28123d1ce09796982aea38dc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verECFC.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\02PT5J1W\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/2212-1447-0x0000000000400000-0x0000000000CA4000-memory.dmp