File name:

AnyplaceControlInstall.exe

Full analysis: https://app.any.run/tasks/12bbe0bb-6f83-4e80-bdea-72fad73ef839
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Malware Trends Tracker     >>>
Analysis date: November 15, 2024, 21:39:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
remote
anyplace
rat
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

DE3F653561DAA3C88BEA49B8A6DF874B

SHA1:

08720BC41DF746AA0A2EB4A4C46EBBBECCA0F123

SHA256:

A2FA034D006BDBC3EE2A15E55EB647F8097355C288A858DA1E309FE8AC1CF0A3

SSDEEP:

98304:OynNntIOKBhenYprw8/gOEgVjcRgUeOyYOPhBhJC5cOHkFQlkOJ1BXoRYiRVUr2k:3OEFauYqd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • apc_Admin.exe (PID: 6648)
      • apc_Admin.exe (PID: 6224)
      • apc_Admin.exe (PID: 2068)
      • apc_Admin.exe (PID: 5652)

    • Connects to the CnC server

      • apc_host.exe (PID: 7912)

    • ANYPLACE has been detected (SURICATA)

      • apc_host.exe (PID: 7912)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • AnyplaceControlInstall.exe (PID: 3644)

    • Executes as Windows Service

      • apc_host.exe (PID: 2280)
      • apc_host.exe (PID: 5612)

    • Application launched itself

      • apc_host.exe (PID: 2280)
      • apc_Admin.exe (PID: 6648)
      • apc_host.exe (PID: 5612)

  • INFO

    • UPX packer has been detected

      • AnyplaceControlInstall.exe (PID: 3644)

    • Manual execution by a user

      • msedge.exe (PID: 1244)
      • apc_Admin.exe (PID: 2068)
      • apc_Admin.exe (PID: 5652)

    • Application launched itself

      • msedge.exe (PID: 8108)
      • msedge.exe (PID: 1244)
      • msedge.exe (PID: 4144)
      • msedge.exe (PID: 7572)

    • Sends debugging messages

      • apc_Admin.exe (PID: 6224)
      • apc_Admin.exe (PID: 5652)
      • apc_Admin.exe (PID: 6648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (38.2)
.exe | Win32 EXE Yoda's Crypter (37.5)
.dll | Win32 Dynamic Link Library (generic) (9.2)
.exe | Win32 Executable (generic) (6.3)
.exe | Win16/32 Executable Delphi generic (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 139264
InitializedDataSize: 12288
UninitializedDataSize: 274432
EntryPoint: 0x65190
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 7.7.0.0
ProductVersionNumber: 7.7.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: ASCII
Company: Anyplace Control Software
FileDescription: Anyplace Control 7.7_Trial
FileVersion: 7.7_Trial
LegalCopyright: Copyright (C) 2022 Anyplace Control Software
ProductName: Anyplace Control 7.7_Trial
ProductVersion: 7.7_Trial
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
246
Monitored processes
108
Malicious processes
3
Suspicious processes
4

Behavior graph

Click at the process to see the details
start anyplacecontrolinstall.exe sppextcomobj.exe no specs slui.exe apc_hostconfig.exe no specs apc_host.exe no specs apc_host.exe no specs apc_host.exe no specs apc_host.exe no specs hcs.exe no specs hcs.exe no specs hcs.exe no specs slui.exe iexplore.exe no specs apc_admin.exe iexplore.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs apc_admin.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs apc_host.exe no specs apc_host.exe no specs #ANYPLACE apc_host.exe hcs.exe no specs hcs.exe no specs hcs.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs apc_admin.exe no specs apc_admin.exe msedge.exe no specs anyplacecontrolinstall.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5156 --field-trial-handle=2376,i,16393787150941737523,6821458544480877936,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2432,i,951540332045671616,12744285398109366143,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1244"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=8 --flag-switches-begin --flag-switches-end --do-not-de-elevate -- http://www.anyplace-control.com/install.shtml?ver=7.7_TrialC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1376"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffbcb145fd8,0x7ffbcb145fe4,0x7ffbcb145ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1396"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5292 --field-trial-handle=2260,i,4014746871975679911,12648371454248639948,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2376,i,16393787150941737523,6821458544480877936,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1884"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2560 --field-trial-handle=2376,i,16393787150941737523,6821458544480877936,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2068"C:\Program Files (x86)\Anyplace Control\apc_Admin.exe" C:\Program Files (x86)\Anyplace Control\apc_Admin.exeexplorer.exe
User:
admin
Company:
Anyplace Control Software
Integrity Level:
MEDIUM
Description:
Anyplace Control www.anyplace-control.com
Exit code:
3221226540
Version:
7.7.0.0
Modules
Images
c:\program files (x86)\anyplace control\apc_admin.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x2a0,0x2a4,0x2a8,0x298,0x2b0,0x7ffbcb145fd8,0x7ffbcb145fe4,0x7ffbcb145ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6056 --field-trial-handle=2260,i,4014746871975679911,12648371454248639948,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
16 084
Read events
15 602
Write events
143
Delete events
339

Modification events

(PID) Process:(4224) apc_host.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Anyplace Control-Host
Value:
(PID) Process:(4224) apc_host.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices
Operation:delete valueName:Anyplace Control-Host
Value:
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:DisplayName
Value:
Anyplace Control 7.7_Trial
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:ModifyPath
Value:
"C:\Program Files (x86)\Anyplace Control\Uninstall.exe" "C:\Program Files (x86)\Anyplace Control\install.log"
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\Anyplace Control\Uninstall.exe" "C:\Program Files (x86)\Anyplace Control\install.log" -u
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Anyplace Control
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:InstallSource
Value:
C:\Users\admin\AppData\Local\Temp
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:InstallSourceFile
Value:
C:\Users\admin\AppData\Local\Temp\AnyplaceControlInstall.exe
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:InstallDate
Value:
11/15/2024
(PID) Process:(3644) AnyplaceControlInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A6FE998-A146-4D34-93DF-DC47D00F0830}
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\Anyplace Control\apc_Admin.exe
Executable files
18
Suspicious files
410
Text files
158
Unknown types
4

Dropped files

PID
Process
Filename
Type
3644AnyplaceControlInstall.exeC:\Windows\apcErrorsLog.txt
MD5:
SHA256:
3644AnyplaceControlInstall.exeC:\ProgramData\Anyplace Control 4\apcErrorsLog.txt
MD5:
SHA256:
3644AnyplaceControlInstall.exeC:\Temp\1NG7E1SP\AnyplaceControlInstall\presetup\butt_inf.bmpimage
MD5:30C329D00A541432E06B4E834040AEFF
SHA256:FFD33DC73D3744259701039190463AED3B7ED4E4A3DE5034494EE753DD9D15F9
3644AnyplaceControlInstall.exeC:\Temp\1NG7E1SP\AnyplaceControlInstall\presetup\maintenance.bmpimage
MD5:96B330E8E04B491B0F7C1FD5C2C46A87
SHA256:B1FF81F1C6640413153DC4136FD111F815311748195CE89DA21A943B595487C2
3644AnyplaceControlInstall.exeC:\Temp\1NG7E1SP\AnyplaceControlInstall\presetup\unbanner.bmpimage
MD5:CBBA7EA044E942C03BB05DE1E78E19D7
SHA256:B40F3772EDE3F93A063F656FC36A38E1C60D6C2B10D5076E5670E50010BB1684
3644AnyplaceControlInstall.exeC:\Program Files (x86)\Anyplace Control\anyplace-control.initext
MD5:E25EC5F2679CA91503F4FEEB2DF38120
SHA256:AB6099B829B1D43F02CAA06ACD3D747D43D4BDEAA6408CDA8BCB933D59A5F06E
3644AnyplaceControlInstall.exeC:\Temp\1NG7E1SP\AnyplaceControlInstall\presetup\unwatermark.bmpimage
MD5:3CD2EF4F3374DDBD04A75F7739AD4142
SHA256:8E7ECFF5894DB405492F2E2F7912D6A67B32A9061700B32D080284B5C3891E46
3644AnyplaceControlInstall.exeC:\Temp\1NG7E1SP\comregc.exeexecutable
MD5:B1135B4E3A66A57AA43E4DAE7391CBD2
SHA256:1176A10788BAB070BD20A7D2830698BB37544FCA445385EA70D15113E0B9FF38
3644AnyplaceControlInstall.exeC:\Users\admin\AppData\Roaming\Anyplace Control 4\anyplace-control.initext
MD5:E25EC5F2679CA91503F4FEEB2DF38120
SHA256:AB6099B829B1D43F02CAA06ACD3D747D43D4BDEAA6408CDA8BCB933D59A5F06E
3644AnyplaceControlInstall.exeC:\ProgramData\Anyplace Control 4\anyplace-control.initext
MD5:E25EC5F2679CA91503F4FEEB2DF38120
SHA256:AB6099B829B1D43F02CAA06ACD3D747D43D4BDEAA6408CDA8BCB933D59A5F06E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
56
TCP/UDP connections
127
DNS requests
116
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5036
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.164:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5332
msedge.exe
GET
160.153.128.30:80
http://www.anyplace-control.com/install.shtml?ver=7.7_Trial
unknown
unknown
5956
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5332
msedge.exe
GET
200
160.153.128.30:80
http://www.anyplace-control.com/images/simple_border.png
unknown
unknown
5956
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5332
msedge.exe
GET
200
160.153.128.30:80
http://www.anyplace-control.com/images/second_menu_bg.png
unknown
unknown
5332
msedge.exe
GET
200
160.153.128.30:80
http://www.anyplace-control.com/images/r_module_left_bottom.png
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4360
SearchApp.exe
2.16.204.160:443
www.bing.com
Akamai International B.V.
DE
whitelisted
6308
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.164:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
5852
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.16.204.160
  • 2.16.204.134
  • 2.16.204.138
  • 2.16.204.143
  • 2.16.204.155
  • 2.16.204.139
  • 2.16.204.142
  • 2.16.204.136
  • 2.16.204.150
  • 2.16.204.161
  • 2.16.204.135
  • 2.16.204.147
  • 2.16.204.153
whitelisted
crl.microsoft.com
  • 23.48.23.164
  • 23.48.23.180
  • 23.48.23.169
  • 23.48.23.143
  • 23.48.23.167
  • 23.48.23.145
  • 23.48.23.141
whitelisted
www.microsoft.com
  • 23.37.237.227
whitelisted
google.com
  • 142.250.185.142
whitelisted
login.live.com
  • 20.190.159.64
  • 40.126.31.73
  • 20.190.159.23
  • 40.126.31.71
  • 20.190.159.0
  • 20.190.159.75
  • 20.190.159.2
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 69.192.162.125
  • 184.28.89.167
whitelisted
th.bing.com
  • 2.16.204.138
  • 2.16.204.136
  • 2.16.204.153
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted

Threats

PID
Process
Class
Message
7912
apc_host.exe
Misc activity
ET INFO Anyplace Remote Access Initial Connection Attempt (005)
7912
apc_host.exe
Misc activity
ET INFO Anyplace Remote Access Initial Connection Attempt (005)
7912
apc_host.exe
Misc activity
ET INFO Anyplace Remote Access Checkin (051)
7912
apc_host.exe
Generic Protocol Command Decode
SURICATA HTTP Response invalid status
7912
apc_host.exe
Misc activity
ET INFO Anyplace Remote Access Checkin (051)
7912
apc_host.exe
Misc activity
ET INFO Anyplace Remote Access Initial Connection Attempt (005)
7912
apc_host.exe
Misc activity
ET INFO Anyplace Remote Access Initial Connection Attempt (005)
7912
apc_host.exe
Generic Protocol Command Decode
SURICATA HTTP Response invalid status
Process
Message
apc_Admin.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
apc_Admin.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
apc_Admin.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
apc_Admin.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
apc_Admin.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
apc_Admin.exe
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AnyplaceControlInstall.exe