8177bf9adfc318fef55967e6e98f1166b22555c769fcaeb66d61b70338b94183

Analysis

max time kernel
147s
max time network
136s
platform
windows10_x64
resource
win10-en-20210920
submitted
21-10-2021 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GuardCatAVSetup-Silent.exe.bin.exe
Size

9.3MB
MD5

127850a751efe17017e9c9be35dad10c
SHA1

45b18c91a7da7616838b89b4d4c9b465d60d619a
SHA256

8177bf9adfc318fef55967e6e98f1166b22555c769fcaeb66d61b70338b94183
SHA512

76ff77e65a34b2f5ff78d2be469119eefe740f38b350b7d572a430c54cabed6634ba473bbb2fa0595c060a410a3fbe01c27e163058c250abd31153647b00237d

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 18 IoCs

Processes:

AVInstaller.exeAVSetup.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeUpdaterSvc.exeServiceInstaller.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeGuardCatAV.exeServiceInstaller.exe

pid	process
2816	AVInstaller.exe
516	AVSetup.exe
1988	InstCtrl.exe
720	InstCtrl.exe
1252	InstCtrl.exe
1212	InstCtrl.exe
2504	InstCtrl.exe
2136	InstCtrl.exe
1284	UpdaterSvc.exe
1428	ServiceInstaller.exe
1748	InstCtrl.exe
3664	InstCtrl.exe
2996	InstCtrl.exe
2168	InstCtrl.exe
2208	InstCtrl.exe
1224	InstCtrl.exe
1432	GuardCatAV.exe
2044	ServiceInstaller.exe

Loads dropped DLL 64 IoCs

Processes:

GuardCatAVSetup-Silent.exe.bin.exeAVSetup.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeInstCtrl.exeUpdaterSvc.exeInstCtrl.exe

pid	process
2796	GuardCatAVSetup-Silent.exe.bin.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
1988	InstCtrl.exe
516	AVSetup.exe
516	AVSetup.exe
720	InstCtrl.exe
720	InstCtrl.exe
1252	InstCtrl.exe
1252	InstCtrl.exe
1212	InstCtrl.exe
1212	InstCtrl.exe
2504	InstCtrl.exe
2504	InstCtrl.exe
720	InstCtrl.exe
720	InstCtrl.exe
1284	UpdaterSvc.exe
1284	UpdaterSvc.exe
2136	InstCtrl.exe
2136	InstCtrl.exe
1252	InstCtrl.exe
1252	InstCtrl.exe
1284	UpdaterSvc.exe
1284	UpdaterSvc.exe
720	InstCtrl.exe
720	InstCtrl.exe
1212	InstCtrl.exe
1212	InstCtrl.exe
1252	InstCtrl.exe
1252	InstCtrl.exe
2504	InstCtrl.exe
2504	InstCtrl.exe
1284	UpdaterSvc.exe
1284	UpdaterSvc.exe
720	InstCtrl.exe
720	InstCtrl.exe
2136	InstCtrl.exe
2136	InstCtrl.exe
1252	InstCtrl.exe
1252	InstCtrl.exe
2504	InstCtrl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

GuardCatAV.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Windows\CurrentVersion\Run\GuardCatAV = "\"C:\\Program Files (x86)\\GuardCat AV\\GuardCatAV.exe\" /minimize"	GuardCatAV.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

Processes:

ServiceInstaller.exe

description	ioc	process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ServiceInstaller.exe.log	ServiceInstaller.exe

Drops file in Program Files directory 64 IoCs

Processes:

AVSetup.exeInstCtrl.exe

description	ioc	process
File created	C:\Program Files (x86)\GuardCat AV\GuardCatAV.exe.config	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\SecDel.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\TaskTool.exe.config	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ru\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\TaskTool.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\de\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\nl\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\nl\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\pt\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\sr-Latn-RS\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Updater.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\GuardCatAV.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Push.exe.config	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Toaster.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ja\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ru\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Runner.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\sr-Cyrl-RS\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\msvcp120.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Bo.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\InstCtrl.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\da\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\fr\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ICSharpCode.SharpZipLib.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ja\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\SecDelShell64.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\avupdate.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\updater.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\README.txt	InstCtrl.exe
File created	C:\Program Files (x86)\GuardCat AV\AvServiceEngine.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\fr\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\pt\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\avlib.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\libavunrar_iface.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\uninstall.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ComponentFactory.Krypton.Toolkit.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Push.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Toaster.exe.config	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\es\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\terms\terms.docx	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\updater.ini	InstCtrl.exe
File created	C:\Program Files (x86)\GuardCat AV\Helper.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ru\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\da\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\es\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ja\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\LabelSetup.ini	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\da\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\de\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\sr-Cyrl-RS\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\SecDelShell32.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\UpdaterSvc.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\pt\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\sr-Latn-RS\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\InstCtrl.exe.config	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\SecDel.exe.config	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\de\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\es\Toaster.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\fr\SecDel.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\nl\GuardCatAV.resources.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\ServiceInstaller.exe	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\libeay32.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Newtonsoft.Json.dll	AVSetup.exe
File created	C:\Program Files (x86)\GuardCat AV\Setup.dll	AVSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3520 1428 WerFault.exe ServiceInstaller.exe

pid	pid_target	process	target process
3520	1428	WerFault.exe	ServiceInstaller.exe

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\AVSetup\AVSetup.exe	nsis_installer_1
C:\Users\Admin\AppData\Roaming\AVSetup\AVSetup.exe	nsis_installer_2
C:\Users\Admin\AppData\Roaming\AvSetup\AvSetup.exe	nsis_installer_1
C:\Users\Admin\AppData\Roaming\AvSetup\AvSetup.exe	nsis_installer_2

Suspicious behavior: EnumeratesProcesses 23 IoCs

Processes:

powershell.exeAVSetup.exeWerFault.exe

pid	process
2040	powershell.exe
2040	powershell.exe
2040	powershell.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
516	AVSetup.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

Processes:

powershell.exeInstCtrl.exeInstCtrl.exeGuardCatAV.exeInstCtrl.exeWerFault.exe

description	pid	process
Token: SeDebugPrivilege	2040	powershell.exe
Token: SeIncreaseQuotaPrivilege	2040	powershell.exe
Token: SeSecurityPrivilege	2040	powershell.exe
Token: SeTakeOwnershipPrivilege	2040	powershell.exe
Token: SeLoadDriverPrivilege	2040	powershell.exe
Token: SeSystemProfilePrivilege	2040	powershell.exe
Token: SeSystemtimePrivilege	2040	powershell.exe
Token: SeProfSingleProcessPrivilege	2040	powershell.exe
Token: SeIncBasePriorityPrivilege	2040	powershell.exe
Token: SeCreatePagefilePrivilege	2040	powershell.exe
Token: SeBackupPrivilege	2040	powershell.exe
Token: SeRestorePrivilege	2040	powershell.exe
Token: SeShutdownPrivilege	2040	powershell.exe
Token: SeDebugPrivilege	2040	powershell.exe
Token: SeSystemEnvironmentPrivilege	2040	powershell.exe
Token: SeRemoteShutdownPrivilege	2040	powershell.exe
Token: SeUndockPrivilege	2040	powershell.exe
Token: SeManageVolumePrivilege	2040	powershell.exe
Token: 33	2040	powershell.exe
Token: 34	2040	powershell.exe
Token: 35	2040	powershell.exe
Token: 36	2040	powershell.exe
Token: SeDebugPrivilege	1988	InstCtrl.exe
Token: SeDebugPrivilege	2208	InstCtrl.exe
Token: SeDebugPrivilege	1432	GuardCatAV.exe
Token: SeDebugPrivilege	1224	InstCtrl.exe
Token: SeRestorePrivilege	3520	WerFault.exe
Token: SeBackupPrivilege	3520	WerFault.exe
Token: SeDebugPrivilege	3520	WerFault.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

GuardCatAV.exe

pid process

1432 GuardCatAV.exe
1432 GuardCatAV.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

GuardCatAV.exe

pid process

1432 GuardCatAV.exe
1432 GuardCatAV.exe

pid	process
1432	GuardCatAV.exe
1432	GuardCatAV.exe

pid	process
1432	GuardCatAV.exe
1432	GuardCatAV.exe

Suspicious use of WriteProcessMemory 50 IoCs

Processes:

GuardCatAVSetup-Silent.exe.bin.exeAVInstaller.exeAVSetup.exe

description	pid	process	target process
PID 2796 wrote to memory of 2816	2796	GuardCatAVSetup-Silent.exe.bin.exe	AVInstaller.exe
PID 2796 wrote to memory of 2816	2796	GuardCatAVSetup-Silent.exe.bin.exe	AVInstaller.exe
PID 2796 wrote to memory of 2816	2796	GuardCatAVSetup-Silent.exe.bin.exe	AVInstaller.exe
PID 2816 wrote to memory of 3756	2816	AVInstaller.exe	schtasks.exe
PID 2816 wrote to memory of 3756	2816	AVInstaller.exe	schtasks.exe
PID 2816 wrote to memory of 3756	2816	AVInstaller.exe	schtasks.exe
PID 2816 wrote to memory of 516	2816	AVInstaller.exe	AVSetup.exe
PID 2816 wrote to memory of 516	2816	AVInstaller.exe	AVSetup.exe
PID 2816 wrote to memory of 516	2816	AVInstaller.exe	AVSetup.exe
PID 516 wrote to memory of 2040	516	AVSetup.exe	powershell.exe
PID 516 wrote to memory of 2040	516	AVSetup.exe	powershell.exe
PID 516 wrote to memory of 1988	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1988	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1988	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 720	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 720	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 720	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1252	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1252	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1252	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1212	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1212	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1212	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2504	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2504	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2504	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2136	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2136	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2136	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1748	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1748	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1748	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 3664	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 3664	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 3664	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2996	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2996	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2996	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2168	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2168	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2168	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2208	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2208	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 2208	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1224	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1224	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1224	516	AVSetup.exe	InstCtrl.exe
PID 516 wrote to memory of 1432	516	AVSetup.exe	GuardCatAV.exe
PID 516 wrote to memory of 1432	516	AVSetup.exe	GuardCatAV.exe
PID 516 wrote to memory of 1432	516	AVSetup.exe	GuardCatAV.exe

C:\Users\Admin\AppData\Local\Temp\GuardCatAVSetup-Silent.exe.bin.exe
"C:\Users\Admin\AppData\Local\Temp\GuardCatAVSetup-Silent.exe.bin.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\Admin\AppData\Roaming\AvSetup\AVInstaller.exe
"C:\Users\Admin\AppData\Roaming\AvSetup\AVInstaller.exe" /q
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AVInstaller" /f
3⤵
PID:3756

C:\Users\Admin\AppData\Roaming\AVSetup\AVSetup.exe
"C:\Users\Admin\AppData\Roaming\AVSetup\AVSetup.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:516

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\sysnative\WindowsPowerShell\v1.0\powershell.exe -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsgF927.tmp\DisableWD.ps1"
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2040

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" updatedefs
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1988

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" mastertask
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:720

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" popuptask
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1252

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" defaultschedule
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1212

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" createini
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:2136

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" runservicetask
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2504

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" startserviceavsrv
4⤵
- Executes dropped EXE
PID:1748

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" startserviceavupdsrv
4⤵
- Executes dropped EXE
PID:3664

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" pendingfilerenameoperations
4⤵
- Executes dropped EXE
PID:2996

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" sbamdone
4⤵
- Executes dropped EXE
PID:2168

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" installpage
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2208

C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
"C:\Program Files (x86)\GuardCat AV\InstCtrl.exe" installstats
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1224

C:\Program Files (x86)\GuardCat AV\GuardCatAV.exe
"C:\Program Files (x86)\GuardCat AV\GuardCatAV.exe" afterinstallrun
4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1432

C:\Program Files (x86)\GuardCat AV\UpdaterSvc.exe
"C:\Program Files (x86)\GuardCat AV\UpdaterSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1284

C:\Program Files (x86)\GuardCat AV\ServiceInstaller.exe
"C:\Program Files (x86)\GuardCat AV\ServiceInstaller.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 2332
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3520

C:\Program Files (x86)\GuardCat AV\ServiceInstaller.exe
"C:\Program Files (x86)\GuardCat AV\ServiceInstaller.exe"
1⤵
- Executes dropped EXE
PID:2044

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GuardCat AV\AvServiceEngine.dll
MD5
c8d0dbb87812756d55f4fd06511eef3d

SHA1
24d61c85f6479a49fd9c654e2ed3e17d9e174979

SHA256
2e9004feedfadff38e327dc3e419c2251a8bc5fd9a68d0fedcdf40f7a1da3894

SHA512
eabc627564874b5ad658c7a9cb48d0ffca662fb95ee163092ff8ddd6f317ddc182f9d75e69016b333a3f44f2db8c4920a902551166423e224b3f1c28854efdee

Download Submit
C:\Program Files (x86)\GuardCat AV\Helper.dll
MD5
3f28993890b629a16db75ba443be54c9

SHA1
3fcc08b188a5214bc3cd0e7d8811d6c3fcca4e0d

SHA256
650c92e0578a789ac18c43b75ef640463cc3799348e5f0a5df7122e751d17595

SHA512
375d00e8381e7f6128d1fee0569570d112717c37bc7134ee3d4e0ec87b002adff215f03e999851c8383b9c3dd432d2ca5d94b067314fa9206fcec57b9cef871b

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
MD5
8920128b6b03a2aee3ffac8cb3467720

SHA1
42abdd6ca848e1af7383d592954f4ccace00622c

SHA256
1be6c4fabe45e7598dfb82fba30c4c257b614d6cb5fa88d2858da4b9e37d692e

SHA512
2685108c10cc0042fcc44aaf2ff97dbf2745bb2a9bbebc2812ecbfa6a4a7183a415229c9fa9477e0a45fe26f112d2cf27fc7c398ea06ad194e20e272d1ad1465

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
MD5
8920128b6b03a2aee3ffac8cb3467720

SHA1
42abdd6ca848e1af7383d592954f4ccace00622c

SHA256
1be6c4fabe45e7598dfb82fba30c4c257b614d6cb5fa88d2858da4b9e37d692e

SHA512
2685108c10cc0042fcc44aaf2ff97dbf2745bb2a9bbebc2812ecbfa6a4a7183a415229c9fa9477e0a45fe26f112d2cf27fc7c398ea06ad194e20e272d1ad1465

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
MD5
8920128b6b03a2aee3ffac8cb3467720

SHA1
42abdd6ca848e1af7383d592954f4ccace00622c

SHA256
1be6c4fabe45e7598dfb82fba30c4c257b614d6cb5fa88d2858da4b9e37d692e

SHA512
2685108c10cc0042fcc44aaf2ff97dbf2745bb2a9bbebc2812ecbfa6a4a7183a415229c9fa9477e0a45fe26f112d2cf27fc7c398ea06ad194e20e272d1ad1465

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
MD5
8920128b6b03a2aee3ffac8cb3467720

SHA1
42abdd6ca848e1af7383d592954f4ccace00622c

SHA256
1be6c4fabe45e7598dfb82fba30c4c257b614d6cb5fa88d2858da4b9e37d692e

SHA512
2685108c10cc0042fcc44aaf2ff97dbf2745bb2a9bbebc2812ecbfa6a4a7183a415229c9fa9477e0a45fe26f112d2cf27fc7c398ea06ad194e20e272d1ad1465

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
MD5
8920128b6b03a2aee3ffac8cb3467720

SHA1
42abdd6ca848e1af7383d592954f4ccace00622c

SHA256
1be6c4fabe45e7598dfb82fba30c4c257b614d6cb5fa88d2858da4b9e37d692e

SHA512
2685108c10cc0042fcc44aaf2ff97dbf2745bb2a9bbebc2812ecbfa6a4a7183a415229c9fa9477e0a45fe26f112d2cf27fc7c398ea06ad194e20e272d1ad1465

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
MD5
8920128b6b03a2aee3ffac8cb3467720

SHA1
42abdd6ca848e1af7383d592954f4ccace00622c

SHA256
1be6c4fabe45e7598dfb82fba30c4c257b614d6cb5fa88d2858da4b9e37d692e

SHA512
2685108c10cc0042fcc44aaf2ff97dbf2745bb2a9bbebc2812ecbfa6a4a7183a415229c9fa9477e0a45fe26f112d2cf27fc7c398ea06ad194e20e272d1ad1465

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe
MD5
8920128b6b03a2aee3ffac8cb3467720

SHA1
42abdd6ca848e1af7383d592954f4ccace00622c

SHA256
1be6c4fabe45e7598dfb82fba30c4c257b614d6cb5fa88d2858da4b9e37d692e

SHA512
2685108c10cc0042fcc44aaf2ff97dbf2745bb2a9bbebc2812ecbfa6a4a7183a415229c9fa9477e0a45fe26f112d2cf27fc7c398ea06ad194e20e272d1ad1465

Download Submit
C:\Program Files (x86)\GuardCat AV\InstCtrl.exe.config
MD5
8810b832f11b6e5a1afab929618059f2

SHA1
5e198d58851231b69595a5800739f06b875cca3d

SHA256
68cbb1295389a1bd6b830debfd0a8bb0a88bee2522304f5894c710912021194c

SHA512
b7ff97e5be1a9585a53a570445f25070e2124f3a8d8eed760dc062ca41a9828dc7e3a53136faf68673cabedfc8512cc02333ec5556c62050232f9be8e8337b64

Download Submit
C:\Program Files (x86)\GuardCat AV\LabelSetup.ini
MD5
28f9a5b68f30dda8fc976fd8fbd13cb5

SHA1
ea69d4ca0a7fcbebf70a7d57c153a2a0bda2761e

SHA256
fd6344e313fbbf64dff188931ff0c546ce1675e4395cd34e9539b6921f3c0630

SHA512
f5a60d7d42cbfc07ec08f6ae9bfd3ba32987a6d9d9d4dc9849874c8abbf7cbb0f2d15e2b8246112bb06cbe2f4ac82b4776a8655d92bee0b86923eaf9393864f5

Download Submit
C:\Program Files (x86)\GuardCat AV\Microsoft.Win32.TaskScheduler.dll
MD5
1cf1286a1cf06f4639421b90dc339ad6

SHA1
94c9d790eeebeafd507daba305d4d87f7461aa0c

SHA256
0aac410273e043c6668678566b2f426525d12d7838216da2d9ec6786a9613906

SHA512
c0009e9484e4be9a0ff1012184bf3595c1c292fb597926aa86ffe8ab8fb04bae90db52a5a2700eabce591bcf692a290b02622c865741ed2aa03c33b05352cc76

Download Submit
C:\Program Files (x86)\GuardCat AV\Runner.dll
MD5
fa62a014e33251b9b76a6913d42d5b1c

SHA1
66f1adde19b58e4003ea0bb1ce249d341deb71f1

SHA256
389cbfadad3c526a71829865744007c446eaafe9da6271a05583a925c9881e11

SHA512
bbcfcf85d4feab021b155ce3b6d51ae404e2ee4d92669e4255ef8260a2de1570462fd0229309a33260f035c425d729f6bbc9728bd625e431ac016f79a44df810

Download Submit
C:\Program Files (x86)\GuardCat AV\Setup.dll
MD5
a371eb6357697a2fd8bfa9248d7b6367

SHA1
af1189d8b1de97e9a18a183e6e4eaa0bc5907e84

SHA256
56f0f44dd19f37c89d0e5920865957ce66c8090fa24b9d471bb2136e6d94db0a

SHA512
e8ef77c2d3d82bb634e1d4d29e54d1c26335d13f3957704d88fd804bc6364794242ee06febc8d00a107c0ead37f769c3e5cf539c3acbd3413f5c1ed24b68344d

Download Submit
C:\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
C:\Program Files (x86)\GuardCat AV\UpdaterSvc.exe
MD5
2bfa5e094f6b802574c7c4ef168e09e3

SHA1
fb70c68c839df92d2aa342e36930cf511ac28ea5

SHA256
66ce4560b40d738c0d62609c4acd189d9ccaa19315c7d73987ab2df227276c54

SHA512
c003e03c2e9638e294fb6bbd64cd034557bcad3c9b7c81ba6450350a7413f50a5950a057bb4b3e91f2f1001d9329dc340f2329dade14b9fde8ddfb98416cafff

Download Submit
C:\Program Files (x86)\GuardCat AV\UpdaterSvc.exe
MD5
2bfa5e094f6b802574c7c4ef168e09e3

SHA1
fb70c68c839df92d2aa342e36930cf511ac28ea5

SHA256
66ce4560b40d738c0d62609c4acd189d9ccaa19315c7d73987ab2df227276c54

SHA512
c003e03c2e9638e294fb6bbd64cd034557bcad3c9b7c81ba6450350a7413f50a5950a057bb4b3e91f2f1001d9329dc340f2329dade14b9fde8ddfb98416cafff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstCtrl.exe.log
MD5
808e884c00533a9eb0e13e64960d9c3a

SHA1
279d05181fc6179a12df1a669ff5d8b64c1380ae

SHA256
2f6a0aab99b1c228a6642f44f8992646ce84c5a2b3b9941b6cf1f2badf67bdd6

SHA512
9489bdb2ffdfeef3c52edcfe9b34c6688eba53eb86075e0564df1cd474723c86b5b5aedc12df1ff5fc12cf97bd1e3cf9701ff61dc4ce90155d70e9ccfd0fc299

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgF927.tmp\DisableWD.ps1
MD5
515b997d0f2a706315303d849b1ca8ec

SHA1
ed79bd1513c1a6e78cdcf8d4676eece7253470d7

SHA256
d0c8923439a6daeef5b6a08defe5ca19c61601647b92c92c3368791bbb8fea99

SHA512
2b7d7dc169d2c8330bc7908626d7995bf3020da29376a611c1c439acb0ff54dcb5aad18a97fd45dab475b37e50c0e2a53c6b3f477baa70cf36039714e0210e67

Download Submit
C:\Users\Admin\AppData\Roaming\AVSetup\AVSetup.exe
MD5
89bdb6f4a7940b8666b5935ce6c0932e

SHA1
67aa59372d2598f30abc2502ca52a9dcca3d7b8e

SHA256
7ab45c4b53a7139aed87fec0e85ba635f9cdc2276b4e2ab4aa8ea977f31b5d18

SHA512
d219a64685149fc5d930bb08fb4001aa7a5033dd6f647304b5613d6011bda1f006debb99f3a5f88f0f74f39115ee21502e3cc6cc041b01da40da2f19d8237708

Download Submit
C:\Users\Admin\AppData\Roaming\AvSetup\AVInstaller.exe
MD5
3ff7c59d879e2f64b460df751c63294c

SHA1
8b0edc0b80b29ab21ec2a0d82dd463a0f5fe7bf0

SHA256
3098ce1ed846491c587220605255e0080d89901019cc0f93f344c03418b0c94a

SHA512
034808553897a92ebf39bf892f47dbe2f99805464193dd86362396cf4786a736ea8a6861ffee8d60525992f2462e6f71b5d62de95f927274e98c0f75508dd4a6

Download Submit
C:\Users\Admin\AppData\Roaming\AvSetup\AVInstaller.exe
MD5
3ff7c59d879e2f64b460df751c63294c

SHA1
8b0edc0b80b29ab21ec2a0d82dd463a0f5fe7bf0

SHA256
3098ce1ed846491c587220605255e0080d89901019cc0f93f344c03418b0c94a

SHA512
034808553897a92ebf39bf892f47dbe2f99805464193dd86362396cf4786a736ea8a6861ffee8d60525992f2462e6f71b5d62de95f927274e98c0f75508dd4a6

Download Submit
C:\Users\Admin\AppData\Roaming\AvSetup\AvSetup.exe
MD5
89bdb6f4a7940b8666b5935ce6c0932e

SHA1
67aa59372d2598f30abc2502ca52a9dcca3d7b8e

SHA256
7ab45c4b53a7139aed87fec0e85ba635f9cdc2276b4e2ab4aa8ea977f31b5d18

SHA512
d219a64685149fc5d930bb08fb4001aa7a5033dd6f647304b5613d6011bda1f006debb99f3a5f88f0f74f39115ee21502e3cc6cc041b01da40da2f19d8237708

Download Submit
\Program Files (x86)\GuardCat AV\AvServiceEngine.dll
MD5
c8d0dbb87812756d55f4fd06511eef3d

SHA1
24d61c85f6479a49fd9c654e2ed3e17d9e174979

SHA256
2e9004feedfadff38e327dc3e419c2251a8bc5fd9a68d0fedcdf40f7a1da3894

SHA512
eabc627564874b5ad658c7a9cb48d0ffca662fb95ee163092ff8ddd6f317ddc182f9d75e69016b333a3f44f2db8c4920a902551166423e224b3f1c28854efdee

Download Submit
\Program Files (x86)\GuardCat AV\AvServiceEngine.dll
MD5
c8d0dbb87812756d55f4fd06511eef3d

SHA1
24d61c85f6479a49fd9c654e2ed3e17d9e174979

SHA256
2e9004feedfadff38e327dc3e419c2251a8bc5fd9a68d0fedcdf40f7a1da3894

SHA512
eabc627564874b5ad658c7a9cb48d0ffca662fb95ee163092ff8ddd6f317ddc182f9d75e69016b333a3f44f2db8c4920a902551166423e224b3f1c28854efdee

Download Submit
\Program Files (x86)\GuardCat AV\AvServiceEngine.dll
MD5
c8d0dbb87812756d55f4fd06511eef3d

SHA1
24d61c85f6479a49fd9c654e2ed3e17d9e174979

SHA256
2e9004feedfadff38e327dc3e419c2251a8bc5fd9a68d0fedcdf40f7a1da3894

SHA512
eabc627564874b5ad658c7a9cb48d0ffca662fb95ee163092ff8ddd6f317ddc182f9d75e69016b333a3f44f2db8c4920a902551166423e224b3f1c28854efdee

Download Submit
\Program Files (x86)\GuardCat AV\AvServiceEngine.dll
MD5
c8d0dbb87812756d55f4fd06511eef3d

SHA1
24d61c85f6479a49fd9c654e2ed3e17d9e174979

SHA256
2e9004feedfadff38e327dc3e419c2251a8bc5fd9a68d0fedcdf40f7a1da3894

SHA512
eabc627564874b5ad658c7a9cb48d0ffca662fb95ee163092ff8ddd6f317ddc182f9d75e69016b333a3f44f2db8c4920a902551166423e224b3f1c28854efdee

Download Submit
\Program Files (x86)\GuardCat AV\Helper.dll
MD5
3f28993890b629a16db75ba443be54c9

SHA1
3fcc08b188a5214bc3cd0e7d8811d6c3fcca4e0d

SHA256
650c92e0578a789ac18c43b75ef640463cc3799348e5f0a5df7122e751d17595

SHA512
375d00e8381e7f6128d1fee0569570d112717c37bc7134ee3d4e0ec87b002adff215f03e999851c8383b9c3dd432d2ca5d94b067314fa9206fcec57b9cef871b

Download Submit
\Program Files (x86)\GuardCat AV\Helper.dll
MD5
3f28993890b629a16db75ba443be54c9

SHA1
3fcc08b188a5214bc3cd0e7d8811d6c3fcca4e0d

SHA256
650c92e0578a789ac18c43b75ef640463cc3799348e5f0a5df7122e751d17595

SHA512
375d00e8381e7f6128d1fee0569570d112717c37bc7134ee3d4e0ec87b002adff215f03e999851c8383b9c3dd432d2ca5d94b067314fa9206fcec57b9cef871b

Download Submit
\Program Files (x86)\GuardCat AV\Microsoft.Win32.TaskScheduler.dll
MD5
1cf1286a1cf06f4639421b90dc339ad6

SHA1
94c9d790eeebeafd507daba305d4d87f7461aa0c

SHA256
0aac410273e043c6668678566b2f426525d12d7838216da2d9ec6786a9613906

SHA512
c0009e9484e4be9a0ff1012184bf3595c1c292fb597926aa86ffe8ab8fb04bae90db52a5a2700eabce591bcf692a290b02622c865741ed2aa03c33b05352cc76

Download Submit
\Program Files (x86)\GuardCat AV\Microsoft.Win32.TaskScheduler.dll
MD5
1cf1286a1cf06f4639421b90dc339ad6

SHA1
94c9d790eeebeafd507daba305d4d87f7461aa0c

SHA256
0aac410273e043c6668678566b2f426525d12d7838216da2d9ec6786a9613906

SHA512
c0009e9484e4be9a0ff1012184bf3595c1c292fb597926aa86ffe8ab8fb04bae90db52a5a2700eabce591bcf692a290b02622c865741ed2aa03c33b05352cc76

Download Submit
\Program Files (x86)\GuardCat AV\Runner.dll
MD5
fa62a014e33251b9b76a6913d42d5b1c

SHA1
66f1adde19b58e4003ea0bb1ce249d341deb71f1

SHA256
389cbfadad3c526a71829865744007c446eaafe9da6271a05583a925c9881e11

SHA512
bbcfcf85d4feab021b155ce3b6d51ae404e2ee4d92669e4255ef8260a2de1570462fd0229309a33260f035c425d729f6bbc9728bd625e431ac016f79a44df810

Download Submit
\Program Files (x86)\GuardCat AV\Runner.dll
MD5
fa62a014e33251b9b76a6913d42d5b1c

SHA1
66f1adde19b58e4003ea0bb1ce249d341deb71f1

SHA256
389cbfadad3c526a71829865744007c446eaafe9da6271a05583a925c9881e11

SHA512
bbcfcf85d4feab021b155ce3b6d51ae404e2ee4d92669e4255ef8260a2de1570462fd0229309a33260f035c425d729f6bbc9728bd625e431ac016f79a44df810

Download Submit
\Program Files (x86)\GuardCat AV\Setup.dll
MD5
a371eb6357697a2fd8bfa9248d7b6367

SHA1
af1189d8b1de97e9a18a183e6e4eaa0bc5907e84

SHA256
56f0f44dd19f37c89d0e5920865957ce66c8090fa24b9d471bb2136e6d94db0a

SHA512
e8ef77c2d3d82bb634e1d4d29e54d1c26335d13f3957704d88fd804bc6364794242ee06febc8d00a107c0ead37f769c3e5cf539c3acbd3413f5c1ed24b68344d

Download Submit
\Program Files (x86)\GuardCat AV\Setup.dll
MD5
a371eb6357697a2fd8bfa9248d7b6367

SHA1
af1189d8b1de97e9a18a183e6e4eaa0bc5907e84

SHA256
56f0f44dd19f37c89d0e5920865957ce66c8090fa24b9d471bb2136e6d94db0a

SHA512
e8ef77c2d3d82bb634e1d4d29e54d1c26335d13f3957704d88fd804bc6364794242ee06febc8d00a107c0ead37f769c3e5cf539c3acbd3413f5c1ed24b68344d

Download Submit
\Program Files (x86)\GuardCat AV\Setup.dll
MD5
a371eb6357697a2fd8bfa9248d7b6367

SHA1
af1189d8b1de97e9a18a183e6e4eaa0bc5907e84

SHA256
56f0f44dd19f37c89d0e5920865957ce66c8090fa24b9d471bb2136e6d94db0a

SHA512
e8ef77c2d3d82bb634e1d4d29e54d1c26335d13f3957704d88fd804bc6364794242ee06febc8d00a107c0ead37f769c3e5cf539c3acbd3413f5c1ed24b68344d

Download Submit
\Program Files (x86)\GuardCat AV\Setup.dll
MD5
a371eb6357697a2fd8bfa9248d7b6367

SHA1
af1189d8b1de97e9a18a183e6e4eaa0bc5907e84

SHA256
56f0f44dd19f37c89d0e5920865957ce66c8090fa24b9d471bb2136e6d94db0a

SHA512
e8ef77c2d3d82bb634e1d4d29e54d1c26335d13f3957704d88fd804bc6364794242ee06febc8d00a107c0ead37f769c3e5cf539c3acbd3413f5c1ed24b68344d

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Program Files (x86)\GuardCat AV\Updater.dll
MD5
f0e0050f106c8d73ab2bda29d745009c

SHA1
08c7ac054b1c6131ab3f4aa511c9f0fdde951440

SHA256
facaefcc5828c09b752eab19bae96fd1fd6dcc1c8d608686f91858403656a62d

SHA512
06875a518f5bd50faa2ca5c59a47f72576472d69ccf9dbaec50cd9c18f16572249b2cd3df815e5908f620a9fecd2cfb2154745a816ed9aea15dc4fbb451efa4e

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\FindProcDLL.dll
MD5
75e7351a0f836b8659e6f315683c29f7

SHA1
66b733d1c978d68cadc245e7efbfcae32807429d

SHA256
7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee

SHA512
f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\FindProcDLL.dll
MD5
75e7351a0f836b8659e6f315683c29f7

SHA1
66b733d1c978d68cadc245e7efbfcae32807429d

SHA256
7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee

SHA512
f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\SimpleSC.dll
MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\StdUtils.dll
MD5
e6e1b2fa0f634b3a92cd798d7e1d1fcb

SHA1
f7e85f5117cfd4441f64601445b1e6976573e8a2

SHA256
9736e0e0d56e312b3f04f3e4e3af47b3968b92e221084eba35982c4de63c93d0

SHA512
ed7a69f0c6468b23eed478937fc79b9cfdc409d0f2c4c72592bf4e6637f013b14527cf166606ab787014fc2d45789d614f8b7a700af73f3483dc0b979dcf591b

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\System.dll
MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\nsExec.dll
MD5
b5a1f9dc73e2944a388a61411bdd8c70

SHA1
dc9b20df3f3810c2e81a0c54dea385704ba8bef7

SHA256
288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884

SHA512
b9c8d71b5da00f2aff7847b9ec3bd8a588afeb525f47a0df235b52f7b2233edb3928a2c8e0b493f287c923cc52a340ad6fee99822595d6591df0e97870de92a8

Download Submit
\Users\Admin\AppData\Local\Temp\nsgF927.tmp\nsExec.dll
MD5
b5a1f9dc73e2944a388a61411bdd8c70

SHA1
dc9b20df3f3810c2e81a0c54dea385704ba8bef7

SHA256
288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884

SHA512
b9c8d71b5da00f2aff7847b9ec3bd8a588afeb525f47a0df235b52f7b2233edb3928a2c8e0b493f287c923cc52a340ad6fee99822595d6591df0e97870de92a8

Download Submit
\Users\Admin\AppData\Local\Temp\nskE8EB.tmp\System.dll
MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
memory/516-122-0x0000000000000000-mapping.dmp

Download
memory/516-183-0x00000000007C0000-0x00000000007D3000-memory.dmp

Filesize
76KB

Download
memory/720-230-0x0000000000000000-mapping.dmp

Download
memory/720-313-0x0000000005B10000-0x0000000005B11000-memory.dmp

Filesize
4KB

Download
memory/1212-324-0x0000000005910000-0x0000000005911000-memory.dmp

Filesize
4KB

Download
memory/1212-234-0x0000000000000000-mapping.dmp

Download
memory/1224-451-0x0000000005480000-0x0000000005481000-memory.dmp

Filesize
4KB

Download
memory/1224-405-0x0000000000000000-mapping.dmp

Download
memory/1252-232-0x0000000000000000-mapping.dmp

Download
memory/1252-319-0x0000000004EF0000-0x0000000004EF1000-memory.dmp

Filesize
4KB

Download
memory/1284-333-0x00000000041E0000-0x00000000041E1000-memory.dmp

Filesize
4KB

Download
memory/1428-360-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/1432-470-0x0000000005370000-0x000000000586E000-memory.dmp

Filesize
5.0MB

Download
memory/1432-428-0x0000000000000000-mapping.dmp

Download
memory/1432-485-0x000000007ED50000-0x000000007ED51000-memory.dmp

Filesize
4KB

Download
memory/1432-477-0x0000000005370000-0x000000000586E000-memory.dmp

Filesize
5.0MB

Download
memory/1748-379-0x00000000057A0000-0x00000000057A1000-memory.dmp

Filesize
4KB

Download
memory/1748-356-0x0000000000000000-mapping.dmp

Download
memory/1988-224-0x0000000004C70000-0x0000000004C71000-memory.dmp

Filesize
4KB

Download
memory/1988-219-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

Filesize
4KB

Download
memory/1988-207-0x0000000004900000-0x0000000004901000-memory.dmp

Filesize
4KB

Download
memory/1988-213-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download
memory/1988-215-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

Filesize
4KB

Download
memory/1988-229-0x0000000004D40000-0x0000000004D41000-memory.dmp

Filesize
4KB

Download
memory/1988-202-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1988-197-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/1988-193-0x0000000000000000-mapping.dmp

Download
memory/2040-147-0x00000171483E0000-0x00000171483E2000-memory.dmp

Filesize
8KB

Download
memory/2040-139-0x000001714A670000-0x000001714A671000-memory.dmp

Filesize
4KB

Download
memory/2040-129-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-130-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-131-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-132-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-133-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-134-0x000001714A4C0000-0x000001714A4C1000-memory.dmp

Filesize
4KB

Download
memory/2040-135-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-128-0x0000000000000000-mapping.dmp

Download
memory/2040-148-0x00000171483E3000-0x00000171483E5000-memory.dmp

Filesize
8KB

Download
memory/2040-136-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-174-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-141-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-178-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-176-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-137-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-175-0x00000171483E8000-0x00000171483E9000-memory.dmp

Filesize
4KB

Download
memory/2040-138-0x000001712FD80000-0x000001712FD82000-memory.dmp

Filesize
8KB

Download
memory/2040-149-0x00000171483E6000-0x00000171483E8000-memory.dmp

Filesize
8KB

Download
memory/2044-500-0x0000000004400000-0x0000000004401000-memory.dmp

Filesize
4KB

Download
memory/2136-240-0x0000000000000000-mapping.dmp

Download
memory/2136-337-0x0000000005170000-0x0000000005171000-memory.dmp

Filesize
4KB

Download
memory/2168-440-0x0000000005B40000-0x0000000005B41000-memory.dmp

Filesize
4KB

Download
memory/2168-403-0x0000000000000000-mapping.dmp

Download
memory/2208-446-0x0000000004C60000-0x0000000004C61000-memory.dmp

Filesize
4KB

Download
memory/2208-404-0x0000000000000000-mapping.dmp

Download
memory/2504-328-0x00000000050F0000-0x00000000050F1000-memory.dmp

Filesize
4KB

Download
memory/2504-236-0x0000000000000000-mapping.dmp

Download
memory/2816-116-0x0000000000000000-mapping.dmp

Download
memory/2816-121-0x0000000000DA0000-0x0000000000FD8000-memory.dmp

Filesize
2.2MB

Download
memory/2996-411-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

Filesize
4KB

Download
memory/2996-389-0x0000000000000000-mapping.dmp

Download
memory/3664-380-0x0000000005690000-0x0000000005691000-memory.dmp

Filesize
4KB

Download
memory/3664-372-0x0000000000000000-mapping.dmp

Download
memory/3756-119-0x0000000000000000-mapping.dmp

Download