General Info

File name

AppCheckSetup.exe

Full analysis
https://app.any.run/tasks/ee0a2f29-72fb-4172-b148-c9de580ffaf0
Verdict
Malicious activity
Analysis date
12/6/2018, 14:54:11
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

00c32adc782782a72d1e9ca27a89d196

SHA1

165ed23f585ee8e9295f2dbe9209ea8346763288

SHA256

5f78824b8f9e563608db75e58a6625b78fa145526f972f5cf6fb243f98b0e807

SSDEEP

196608:VY4ticKDycjsWjhmF1Fnxx1cOqd/vnrBkVxt6RNvrZLl3xBx/2wKA3QFe:VvccyRu1F+vd/9kV6R3h3xX2/A3QFe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • AppCheckC.exe (PID: 2392)
  • AppCheckC.exe (PID: 1416)
  • AppCheckC.exe (PID: 2932)
  • AppCheck.exe (PID: 3700)
  • nsB2AA.tmp (PID: 3420)
  • nsB470.tmp (PID: 3524)
  • AppCheckS.exe (PID: 2460)
  • AppCheck.exe (PID: 3996)
Loads dropped or rewritten executable
  • AppCheckC.exe (PID: 1416)
  • AppCheckC.exe (PID: 2392)
  • AppCheckC.exe (PID: 2932)
  • AppCheck.exe (PID: 3700)
  • AppCheckS.exe (PID: 2460)
  • AppCheck.exe (PID: 3996)
  • AppCheckSetup.exe (PID: 2476)
Actions looks like stealing of personal data
  • AppCheckC.exe (PID: 2932)
Changes settings of System certificates
  • AppCheckSetup.exe (PID: 2476)
Changes the autorun value in the registry
  • AppCheckSetup.exe (PID: 2476)
Creates files in the program directory
  • AppCheckC.exe (PID: 1416)
  • AppCheck.exe (PID: 3700)
  • AppCheckC.exe (PID: 2932)
  • AppCheckS.exe (PID: 2460)
  • AppCheck.exe (PID: 3996)
  • AppCheckSetup.exe (PID: 2476)
Adds / modifies Windows certificates
  • AppCheckSetup.exe (PID: 2476)
Starts SC.EXE for service management
  • nsB470.tmp (PID: 3524)
Creates or modifies windows services
  • AppCheck.exe (PID: 3996)
Creates files in the Windows directory
  • AppCheckSetup.exe (PID: 2476)
Starts application with an unusual extension
  • AppCheckSetup.exe (PID: 2476)
Creates a software uninstall entry
  • AppCheckSetup.exe (PID: 2476)
Executable content was dropped or overwritten
  • AppCheckSetup.exe (PID: 2476)
Reads settings of System Certificates
  • AppCheck.exe (PID: 3700)
  • AppCheckS.exe (PID: 2460)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:08:01 02:33:59+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
25600
InitializedDataSize:
141824
UninitializedDataSize:
2048
EntryPoint:
0x3489
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2.5.18.6
ProductVersionNumber:
2.5.18.6
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
CheckMAL Inc.
FileDescription:
AppCheck Installer
LegalCopyright:
© CheckMAL Inc. All rights reserved.
ProductName:
AppCheck
ProductVersion:
2.5.18.6
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
01-Aug-2017 00:33:59
Detected languages
English - United States
Japanese - Japan
Korean - Korea
CompanyName:
CheckMAL Inc.
FileDescription:
AppCheck 설치 프로그램
LegalCopyright:
© CheckMAL Inc. All rights reserved.
ProductName:
AppCheck
ProductVersion:
2.5.18.6
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
01-Aug-2017 00:33:59
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000063D1 0x00006400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.47945
.rdata 0x00008000 0x0000138E 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.14383
.data 0x0000A000 0x00020358 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.00074
.ndata 0x0002B000 0x0002D000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00058000 0x00005DB8 0x00005E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.30144
Resources
1

2

3

102

103

105

106

107

111

202

203

205

206

207

211

302

303

305

306

307

311

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
47
Monitored processes
13
Malicious processes
9
Suspicious processes
0

Behavior graph

+
drop and start drop and start start appchecksetup.exe no specs appchecksetup.exe nsb2aa.tmp no specs appcheck.exe nsb470.tmp no specs sc.exe no specs appchecks.exe explorer.exe no specs explorer.exe no specs appcheck.exe appcheckc.exe appcheckc.exe appcheckc.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3260
CMD
"C:\Users\admin\AppData\Local\Temp\AppCheckSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\AppCheckSetup.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
CheckMAL Inc.
Description
AppCheck Installer
Version
Modules
Image
c:\systemroot\system32\ntdll.dll

PID
2476
CMD
"C:\Users\admin\AppData\Local\Temp\AppCheckSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\AppCheckSetup.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CheckMAL Inc.
Description
AppCheck Installer
Version
Modules
Image
c:\users\admin\appdata\local\temp\appchecksetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsm787e.tmp\userinfo.dll
c:\users\admin\appdata\local\temp\nsm787e.tmp\system.dll
c:\users\admin\appdata\local\temp\nsm787e.tmp\stdutils.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsm787e.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\checkmal\appcheck\appcheck.exe
c:\program files\checkmal\appcheck\appcheckc.exe
c:\program files\checkmal\appcheck\uninstall.exe
c:\users\admin\appdata\local\temp\nsm787e.tmp\nsexec.dll
c:\users\admin\appdata\local\temp\nsm787e.tmp\nsb2aa.tmp
c:\users\admin\appdata\local\temp\nsm787e.tmp\nsb470.tmp
c:\users\admin\appdata\local\temp\nsm787e.tmp\inetc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\netutils.dll

PID
3420
CMD
"C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsB2AA.tmp" "C:\Program Files\CheckMAL\AppCheck\AppCheck.exe" /Register
Path
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsB2AA.tmp
Indicators
No indicators
Parent process
AppCheckSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsm787e.tmp\nsb2aa.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\checkmal\appcheck\appcheck.exe

PID
3996
CMD
"C:\Program Files\CheckMAL\AppCheck\AppCheck.exe" /Register
Path
C:\Program Files\CheckMAL\AppCheck\AppCheck.exe
Indicators
Parent process
nsB2AA.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CheckMAL Inc.
Description
AppCheck Anti-Ransomware
Version
2.5.18.6
Modules
Image
c:\program files\checkmal\appcheck\appcheck.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\checkmal\appcheck\mfc140u.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\checkmal\appcheck\vcruntime140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\checkmal\appcheck\ucrtbase.dll
c:\program files\checkmal\appcheck\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l2-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-localization-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-synch-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-string-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-math-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-time-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\checkmal\appcheck\msvcp140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\checkmal\appcheck\mfc140enu.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3524
CMD
"C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsB470.tmp" C:\Windows\system32\sc start appcheck
Path
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsB470.tmp
Indicators
No indicators
Parent process
AppCheckSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsm787e.tmp\nsb470.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2344
CMD
C:\Windows\system32\sc start appcheck
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
nsB470.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
2460
CMD
"C:\Program Files\CheckMAL\AppCheck\AppCheckS.exe"
Path
C:\Program Files\CheckMAL\AppCheck\AppCheckS.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
CheckMAL Inc.
Description
AppCheck Anti-Ransomware Service
Version
2.5.18.6
Modules
Image
c:\program files\checkmal\appcheck\appchecks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\fltlib.dll
c:\program files\checkmal\appcheck\msvcp140.dll
c:\program files\checkmal\appcheck\vcruntime140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\checkmal\appcheck\ucrtbase.dll
c:\program files\checkmal\appcheck\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l2-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-localization-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-synch-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-string-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-math-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-time-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\appcheck32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\program files\checkmal\appcheck\appcheckc.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll

PID
3936
CMD
"C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppCheck\AppCheck Anti-Ransomware.lnk"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
AppCheckSetup.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll

PID
2788
CMD
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\checkmal\appcheck\appcheck.exe
c:\windows\system32\mpr.dll

PID
3700
CMD
"C:\Program Files\CheckMAL\AppCheck\AppCheck.exe"
Path
C:\Program Files\CheckMAL\AppCheck\AppCheck.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
CheckMAL Inc.
Description
AppCheck Anti-Ransomware
Version
2.5.18.6
Modules
Image
c:\program files\checkmal\appcheck\appcheck.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\checkmal\appcheck\mfc140u.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\checkmal\appcheck\vcruntime140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\checkmal\appcheck\ucrtbase.dll
c:\program files\checkmal\appcheck\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l2-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-localization-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-synch-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-string-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-math-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-time-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\checkmal\appcheck\msvcp140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\checkmal\appcheck\mfc140enu.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2932
CMD
"C:\Program Files\CheckMAL\AppCheck\AppCheckC.exe" /Start
Path
C:\Program Files\CheckMAL\AppCheck\AppCheckC.exe
Indicators
Parent process
AppCheckS.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CheckMAL Inc.
Description
AppCheck Cleaner
Version
2.5.18.6
Modules
Image
c:\program files\checkmal\appcheck\appcheckc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\checkmal\appcheck\mfc140u.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\checkmal\appcheck\vcruntime140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\checkmal\appcheck\ucrtbase.dll
c:\program files\checkmal\appcheck\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l2-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-localization-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-synch-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-string-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-math-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-time-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\checkmal\appcheck\mfc140enu.dll
c:\program files\checkmal\appcheck\aida.dll
c:\program files\checkmal\appcheck\msvcp140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\netutils.dll

PID
1416
CMD
"C:\Program Files\CheckMAL\AppCheck\AppCheckC.exe" /Start
Path
C:\Program Files\CheckMAL\AppCheck\AppCheckC.exe
Indicators
Parent process
AppCheckS.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CheckMAL Inc.
Description
AppCheck Cleaner
Version
2.5.18.6
Modules
Image
c:\program files\checkmal\appcheck\appcheckc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\checkmal\appcheck\mfc140u.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\checkmal\appcheck\vcruntime140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\checkmal\appcheck\ucrtbase.dll
c:\program files\checkmal\appcheck\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l2-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-localization-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-synch-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-string-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-math-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-time-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\checkmal\appcheck\mfc140enu.dll
c:\program files\checkmal\appcheck\aida.dll
c:\program files\checkmal\appcheck\msvcp140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\netutils.dll

PID
2392
CMD
"C:\Program Files\CheckMAL\AppCheck\AppCheckC.exe" /Start
Path
C:\Program Files\CheckMAL\AppCheck\AppCheckC.exe
Indicators
Parent process
AppCheckS.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CheckMAL Inc.
Description
AppCheck Cleaner
Version
2.5.18.6
Modules
Image
c:\program files\checkmal\appcheck\appcheckc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\checkmal\appcheck\mfc140u.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\checkmal\appcheck\vcruntime140.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\checkmal\appcheck\ucrtbase.dll
c:\program files\checkmal\appcheck\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l2-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-localization-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-synch-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\checkmal\appcheck\api-ms-win-core-file-l1-2-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-string-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-math-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-time-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\program files\checkmal\appcheck\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\checkmal\appcheck\mfc140enu.dll

Registry activity

Total events
649
Read events
555
Write events
94
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\CheckMAL\AppCheck
C:\Program Files\CheckMAL\AppCheck
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\CheckMAL\AppCheck
ProductVersion
2.5.18.6
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AppCheck Tray
"C:\Program Files\CheckMAL\AppCheck\AppCheck.exe" /Tray
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
DisplayName
AppCheck Anti-Ransomware
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
DisplayVersion
2.5.18.6
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
DisplayIcon
C:\Program Files\CheckMAL\AppCheck\AppCheck.exe
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
Publisher
CheckMAL Inc.
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
UninstallString
C:\Program Files\CheckMAL\AppCheck\Uninstall.exe
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
HelpLink
https://www.checkmal.com/manual/uninstall/
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
URLInfoAbout
https://www.checkmal.com/product/appcheck/
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
Comments
Anti-Ransomware Software
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters
EnableECP
1
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE36751-D1AA-4021-A7D4-85909B56D610}
EstimatedSize
12078
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASAPI32
EnableFileTracing
0
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASAPI32
EnableConsoleTracing
0
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASAPI32
FileTracingMask
4294901760
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASAPI32
ConsoleTracingMask
4294901760
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASAPI32
MaxFileSize
1048576
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASAPI32
FileDirectory
%windir%\tracing
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASMANCS
EnableFileTracing
0
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASMANCS
EnableConsoleTracing
0
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASMANCS
FileTracingMask
4294901760
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASMANCS
ConsoleTracingMask
4294901760
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASMANCS
MaxFileSize
1048576
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AppCheckSetup_RASMANCS
FileDirectory
%windir%\tracing
2476
AppCheckSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2476
AppCheckSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2476
AppCheckSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2476
AppCheckSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2476
AppCheckSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
2476
AppCheckSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3996
AppCheck.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppCheckD
DependOnService
FltMgr
3996
AppCheck.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppCheckD
Group
FSFilter Anti-Virus
3996
AppCheck.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppCheckD\Instances
DefaultInstance
AppCheckD Instance
3996
AppCheck.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppCheckD\Instances\AppCheckD Instance
Altitude
329180
3996
AppCheck.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppCheckD\Instances\AppCheckD Instance
Flags
0
2460
AppCheckS.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2460
AppCheckS.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\CheckMAL\AppCheck
LastReportDAU
12/6/2018 1:55:56 PM
2788
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2788
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3700
AppCheck.exe
write
HKEY_CURRENT_USER\Software\CheckMAL\AppCheck
AppCheckTrayWnd
262536
3700
AppCheck.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2932
AppCheckC.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\CheckMAL\AppCheck
Reboot
0
2932
AppCheckC.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2932
AppCheckC.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\CheckMAL\AppCheck
CleanerDatabaseVersion
2018.12.05.01
1416
AppCheckC.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\CheckMAL\AppCheck
Reboot
0

Files activity

Executable files
63
Suspicious files
1
Text files
5
Unknown types
7

Dropped files

PID
Process
Filename
Type
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\UserInfo.dll
executable
MD5: a0efe0f3ef127dce9c59f407583061d9
SHA256: 4506ff20ddc5eefb21d690e954f52df3da46fa47ec263ea965d86a683e74db40
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-memory-l1-1-0.dll
executable
MD5: 536f07c04c316aac61ab64a492ed9191
SHA256: 50bf87da10ae3f442c457e42d6666993b0fca7c5d4df521e8cd0959995fbcddc
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\mfc140u.dll
executable
MD5: 091ee5699b4f0143dc99127fe6ccbd0e
SHA256: ade1f7da10cad016181f62399a6d903b5b76cbf73bcadb4cca157583db052c49
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-namedpipe-l1-1-0.dll
executable
MD5: 87b1814412cdac3d08fad8dd3a79ebad
SHA256: 2f4690b3c2587c0bfb81ab701d50e497406994613151faf007423c59ca5e2281
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsB470.tmp
executable
MD5: 48ae036ea5f9100bab7a41d1c61edcfe
SHA256: 1298c1a1e5adae488a5924d711767aec709de66097389b427f482473e5fa3755
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\vcruntime140.dll
executable
MD5: a2523ea6950e248cbdf18c9ea1a844f6
SHA256: 6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\mfc140kor.dll
executable
MD5: 6a30299aeca91700cd692b3d2a3cd913
SHA256: b1e0f6209439f9cc18589e187f8eec9b637fb0b48f76def8ac9792c4b477516d
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-processthreads-l1-1-1.dll
executable
MD5: f43a8e9cd787b6d91bb29dbb8eb1a4e5
SHA256: 5bacbbe62e36ad0f6d7742e70361f26bc56a44dbd28cc0291f588420e0c218a6
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\mfc140enu.dll
executable
MD5: 2bcdb3a7b2bf9100c21e1a2c4f032b36
SHA256: 2584db1ac9e444b38ad0762f65e0befa85edc7bf2e0f8e4e4dde76d53d9a648f
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-processenvironment-l1-1-0.dll
executable
MD5: 87e0ef2d5df6f6e18e6ea9171e3d77e7
SHA256: 9b5a5536aed84d45a00da1056af4762fec805eaba742c6bf2d2fca60993711bb
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\mfc140jpn.dll
executable
MD5: cf2025d110a84c030152eb36444f3753
SHA256: d6c48443025992792543085fcf6a7cc978796e81868c18cc8fa83ccddd270bf9
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-profile-l1-1-0.dll
executable
MD5: a616102234ec5ab394ff1c77da34f6c0
SHA256: 619e5120bfdd11461672ce8798da00166e57c528b9afd80404d2c9cbe87e2c07
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-synch-l1-1-0.dll
executable
MD5: a0dfbd2a68a979d1152e2b9153bb497b
SHA256: bff7ea28e198c7dbee45d35fd98ae03696e9e252d46bec9ff7b7823cba1681f1
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsB2AA.tmp
executable
MD5: 48ae036ea5f9100bab7a41d1c61edcfe
SHA256: 1298c1a1e5adae488a5924d711767aec709de66097389b427f482473e5fa3755
2476
AppCheckSetup.exe
C:\Windows\system32\AppCheck32.dll
executable
MD5: e85dd7005a63238968aef5d39d06b056
SHA256: c4eeb049e006afe6f1c270ed5470d97429dde36e9431de528cfb5ebba9700cad
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-rtlsupport-l1-1-0.dll
executable
MD5: 0ae94670fbd69ed5f8c923b75ce2c0bd
SHA256: 6d541b215cfa452e54dc6af9317a7fc24043fa465ef2b561e0f245a4870b2705
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-processthreads-l1-1-0.dll
executable
MD5: 066874ff22e1c100dc56c4ae76d2e1c2
SHA256: 979ff0e25e7ea00b8714c9ef2dc8417e69afac137ea88f77f8f5a9ffeaa31923
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsExec.dll
executable
MD5: 35200be9cf105f3defe2ae0ee44cea12
SHA256: 0096ae873c75f4e4d802dc97eec9893acc0749a7346e63f25a8d52ba8e11c527
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\INetC.dll
executable
MD5: 640bff73a5f8e37b202d911e4749b2e9
SHA256: c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-debug-l1-1-0.dll
executable
MD5: 405bb6a7cd56cbf5276c3a8dc631963d
SHA256: f654e56c4299f507bc34271b6baa29290fd4919b853e17d7470596cad779f063
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-heap-l1-1-0.dll
executable
MD5: 0aeaf9ce58cbd0af1e30d03b45c21f81
SHA256: 9a5952c82cbcb1a8ece9c51c258667d9ab96d13ec6455873999ff0bf78c3cab0
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\msvcp140.dll
executable
MD5: d25c3ff7a4cbbffc7c9fff4f659051ce
SHA256: 9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-string-l1-1-0.dll
executable
MD5: e65f76759251845fa1e6a3cf41b5f231
SHA256: 034a8abf2bf027ad950fdf8fbdf488188c8d02eba8e160aa95de376ff1f32fe6
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-synch-l1-2-0.dll
executable
MD5: 2674310f6fc087862b215b26a5d6da5b
SHA256: e29eaa099be15958cb65d03d47959cae2dac342402856c5f0e4da672193c329d
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-localization-l1-2-0.dll
executable
MD5: 41a0d67ba3833d230f1229ff058be057
SHA256: 4f11443a2fa6c714d3e33597f0d08de4e11a6a2fdb7de2e4a01addd5977665c5
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-datetime-l1-1-0.dll
executable
MD5: e205de17a85b0c3352a6857ef9b3c6dd
SHA256: 29b23370474be0c459cc47863603167cc7191f58318bd29877225fcbf2454215
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\AppCheckC.exe
executable
MD5: f5327543eed99ac21c22a811e1211407
SHA256: 1734eae14bdf1ffbfd832c162ed9f92bdf85f02dabfbebb4afb24f704ef0467a
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-sysinfo-l1-1-0.dll
executable
MD5: 1a16ab59d63a2d6a37d3abd032958631
SHA256: 81926c2b97a7b01061c5042da0005f0b64fe9e07852478b2a65e8a8eb5560b1f
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-handle-l1-1-0.dll
executable
MD5: 0a0084d4b3635e4d8ebab587dcfcc16c
SHA256: 5089484c8c56ac8e095cadc3dc971df71edeb52f856940632821fd37e81ae5ca
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-console-l1-1-0.dll
executable
MD5: f4604e259459f5a0d5be6914a6d4c5fb
SHA256: bce066193feb60b08edf4cbeb490aaaa5dffeb8a63a720cadf948748a9af4b8f
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\AppCheckD.sys
executable
MD5: b31d78f82722b1c0a09d08bdd3fe2570
SHA256: 35cf864219803db342b6622a976ea14986a360ac50b25908b31b3bb168952eb8
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-util-l1-1-0.dll
executable
MD5: 1b5a116daf8d01fdd0488666803db17f
SHA256: 48d491b08d395a8ac47cc22a70d1c3f5e84d716afe2678e825f24492e8ff2ed4
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-interlocked-l1-1-0.dll
executable
MD5: 13bbf7740afc464172b00f9638bc4f81
SHA256: ff482f69f2183b5fd3c1b45d9006156524b8f8a5f518e33d6e92ea079787e64d
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\Uninstall.exe
executable
MD5: 09f080a01dad4cae1020b8845330710c
SHA256: 8e890019ecfd46b1f232edd53d6a33d493e1f7964af08ad01bd4c13ad01caf42
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\AppCheckB.exe
executable
MD5: 5c94fb998fb333eab55133e9df251318
SHA256: 6408ea3a1b11121fdeed395264a7ef13f8773d37cf61874936487e6094d46ce7
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-conio-l1-1-0.dll
executable
MD5: 93fd7c2f4a8007521e2d1a73b6c21e6f
SHA256: 3737d7875668eb4812ab01fe82226d758d480128c76bc234806bfd40694cf048
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-libraryloader-l1-1-0.dll
executable
MD5: 8f239c629f09e1b49cf1f03304ab8e69
SHA256: d8d74fb87f94a587582d56934816362b992b712e47c39f13d957058f17724886
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-utility-l1-1-0.dll
executable
MD5: f7af6bb63229721005c8ac85dc86f5c2
SHA256: fa10f7e2ab54c2ebcd4688e39bc4af1544fa21b73be7fd0562b3ff7cff041f7a
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\AppCheckS.exe
executable
MD5: 0fa5190ddb7448d6485238e94eeee772
SHA256: 4dbe7cfc0e89fe4f47ef74a7492e6a888ff50949edcf052372c752519d34441a
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-convert-l1-1-0.dll
executable
MD5: bc0be695e63548171105c57d2e9b98e7
SHA256: d16c5b0e19870e86354b5e6cdc4c81e80777749f6bbe6b675f680cec0ffae35d
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-file-l2-1-0.dll
executable
MD5: ad895b2a99a3ec18f1690bbac1e2037a
SHA256: a11c772b2451b0c9c706b03381819e4a1def3e2fbbba8362509bbe57dbd5c666
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-time-l1-1-0.dll
executable
MD5: 1622347a34eba068916713cf28f46b67
SHA256: 9766c4200b3f51630097fce8d4f10b33383e663601802ada72660604876c99e9
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\AppCheck.exe
executable
MD5: 43b3f418cb0d8f956078c650facc6379
SHA256: 211217537aa6382a3db2dff915908d5721c2b70c1439db975ec049997cbc8bd4
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-environment-l1-1-0.dll
executable
MD5: 6bfbf95b7253f32a77bacdf119b678f3
SHA256: 9fc2486ed5d3fff78deb69a7386f4575451d43b67f759afb056ac66b82041e3d
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-file-l1-2-0.dll
executable
MD5: ea4ae42721460002dc31515f295ad1c4
SHA256: 668f91e94e76db4457184909e6a1ab4655e81a8ef37dc37b4ecfe93146c29a88
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-heap-l1-1-0.dll
executable
MD5: cb4e401ce4fc657ccebb85f96840cc8b
SHA256: b90bffa9e03ffd4ecf1d0d709c60f61d13490e84c4550ef06586bc9b1024ed00
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\nsDialogs.dll
executable
MD5: d2e45dd852a659e11897df573832f381
SHA256: 86c8ee210e6611383a634dcb8c60455063ddae3d7adccbeacf3adf7bf2a46676
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-filesystem-l1-1-0.dll
executable
MD5: 07ba5f40c64134e5749df0e8cfee082e
SHA256: 136e5de4b535aabf6368c06f82339d2ef6c34165661f40433bcef4ebb90b30fe
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\ucrtbase.dll
executable
MD5: d2c5233317767ee9329f470c39b046b1
SHA256: f085b1b009ab89049ba95dd4ffde276d5b1f6fa0055f58dc3fc0d4b03ae8116d
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-locale-l1-1-0.dll
executable
MD5: b53d96644f5774fe29ba8bb12d6e5f66
SHA256: be19250a19ed49ce247999d6f0b953edc2ab7c66b46f1cfbd0c24be91b84b297
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\StdUtils.dll
executable
MD5: 33b4e69e7835e18b9437623367dd1787
SHA256: 72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-multibyte-l1-1-0.dll
executable
MD5: 66f65b59dff2f8927dc3c8045d8c3a0a
SHA256: 414a2bd84b042e2ccf758270647bcfa02d78eb0125c0584dd53f7245481d66b9
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-file-l1-1-0.dll
executable
MD5: 6b937fe1eff0e440b124bbb9334df34d
SHA256: 71c87c14bc1bd0b20d9f68d4943e93c4c6ddc1b6cf252938bb15fe562552f93e
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-private-l1-1-0.dll
executable
MD5: bf090f2290c18f96fd359a6596ea4233
SHA256: 5710e3ed5819ccaa9cf558ab57534bc880c610c06f2a44adfafbfab5bfc38c2b
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\System.dll
executable
MD5: 9625d5b1754bc4ff29281d415d27a0fd
SHA256: c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-process-l1-1-0.dll
executable
MD5: e4d419a1897b507e01f75ef88457979f
SHA256: 3a2355a23874342777391b4a06c5cdcd990ded287cc4a27fdf0a071ac3b229ad
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-errorhandling-l1-1-0.dll
executable
MD5: 9a4fc3727aaf02c3285b47df5ee56244
SHA256: 891ccfeb349116283326262c27b8894b43cdc89b8afd5ba7d21b891814a68075
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-stdio-l1-1-0.dll
executable
MD5: d67520bff673cab4b2ed1af12de37a1f
SHA256: 44bbb2aec747e1cbc63fc7c4d2e8c5ec1ca9f9d026835ac2ccb0d60971b6107a
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-math-l1-1-0.dll
executable
MD5: 49a69484b524c6f9fd641e015dd15154
SHA256: 69c637c0be7ddfe0690d8c642ec6d0850085617c3c3dda9531cac818f06f66e8
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-crt-runtime-l1-1-0.dll
executable
MD5: 11218c9f81404a51d1eb6b56ba60f9ab
SHA256: 882da90b6368056908e9cd21c4719a016e9a3ca597eca9183892a5806b4a8d4a
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-timezone-l1-1-0.dll
executable
MD5: fd14fcd1550f17701fbf239645b606fa
SHA256: a5453cd2b5e98d40ca17dd20a8f5974f29de7236a076867a3bc3cbca441be928
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\api-ms-win-core-string-l1-1-0.dll
executable
MD5: 4c745dc13735b4822ff160cb18b61e22
SHA256: 550d4fc902f25f2a0c09f475b5cecee43fb3a0a042126479560b0001db5c4891
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\Aida.dll
executable
MD5: a918ad5270c5debabd2ed25e77dfa364
SHA256: 0d14608c5fb829b8fc611bca981551e1a87b8fec3c2c176fb3413e2208e60c67
2476
AppCheckSetup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppCheck\AppCheck Anti-Ransomware.lnk
lnk
MD5: f4955e3d2c48f4166fcbedebc38a2313
SHA256: e1b0d5f8904015d68e6bfb26a46da064946c360b59c7b372c04afe6e9c7da0f0
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nshB878.tmp
––
MD5:  ––
SHA256:  ––
2476
AppCheckSetup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppCheck\AppCheck Cleaner.lnk
lnk
MD5: db8d45d069996fc24752ce4c9a51bd8e
SHA256: 6dab84428efe8876e621f4b590d5e55803d0fbbff56aa679cf7e405501fa0db5
2476
AppCheckSetup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppCheck\Uninstall AppCheck.lnk
lnk
MD5: 89caadb2dc7001fc12238e980ca5adca
SHA256: e5b860eaf599d6fb59f110eedf2f2aee64703251a28bbc565470d58754b674fc
3996
AppCheck.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db-journal
––
MD5:  ––
SHA256:  ––
3996
AppCheck.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db
sqlite
MD5: 9add3b40da82cce6749c15cd7e31640f
SHA256: 712cf63f7aff6c00d9cb062ed775cbcc91ccc6c0c2523a14416cbc7b86ae3960
2460
AppCheckS.exe
C:\ProgramData\CheckMAL\AppCheck\VirusLog.db-journal
––
MD5:  ––
SHA256:  ––
2460
AppCheckS.exe
C:\ProgramData\CheckMAL\AppCheck\Quarantine.db-journal
––
MD5:  ––
SHA256:  ––
2476
AppCheckSetup.exe
C:\Program Files\CheckMAL\AppCheck\Policy.pol
text
MD5: 5fd35b5c8d2487169ba61ceedae22de7
SHA256: 021aad2296a2b7403c49dee4d5b756dc44d203e0b5d82f4dae3571e25658a2b4
2460
AppCheckS.exe
C:\ProgramData\CheckMAL\AppCheck\ScanLog.db-journal
––
MD5:  ––
SHA256:  ––
2476
AppCheckSetup.exe
C:\ProgramData\CheckMAL\AppCheck\aida.db
––
MD5:  ––
SHA256:  ––
2460
AppCheckS.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db-journal
––
MD5:  ––
SHA256:  ––
1416
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\logs\AppCheckC1.log
text
MD5: de60eeec27eb9050ba6193a5fc3ef687
SHA256: e8a95219d46e59aab5bba78c8dc6c601b648b1a8e40c17809493961ed56df30c
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787D.tmp
––
MD5:  ––
SHA256:  ––
3700
AppCheck.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db-journal
––
MD5:  ––
SHA256:  ––
2932
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\aida.2018.12.05.01
compressed
MD5: 4c018f0cee823442a5d5715bce5f1a86
SHA256: 27ef1fe89a4158aa3644f467c7dca2e59d081807ad687e83253d1635d29df589
2932
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\aida.db.tmp
––
MD5:  ––
SHA256:  ––
2932
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\aida.db
––
MD5:  ––
SHA256:  ––
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\modern-wizard.bmp
image
MD5: 321875395f1bdf15170e43816a4f362b
SHA256: e2d18cda52521b57266c543a86fe8d26223e7b8c18029e3df829d76dcc6a1104
2476
AppCheckSetup.exe
C:\Users\admin\AppData\Local\Temp\nsm787E.tmp\modern-header.bmp
image
MD5: 8c74c79c212e336dd9b003c16069d0cd
SHA256: 6bce5c53a89243173c7e7a204fcbbd3585090480b8c63d8419196d8637295212
2932
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db-journal
––
MD5:  ––
SHA256:  ––
2932
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db
sqlite
MD5: 72199da835c69d27e2bf68f5b814aa65
SHA256: 8c046850facb08d58f9f5201f71d24e4f37af3e30c4d5fcd82171ace258f5d4e
1416
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db-journal
––
MD5:  ––
SHA256:  ––
1416
AppCheckC.exe
C:\ProgramData\CheckMAL\AppCheck\EventLog.db
sqlite
MD5: 1067a7bfc538da3f8b9a921bd5df2896
SHA256: 6e458eba16f22c9627f1560fcaf73818b62d7d6bf3ca646349f645f9f0080fe2

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
7
DNS requests
2
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2476 AppCheckSetup.exe 172.217.21.238:443 Google Inc. US whitelisted
3700 AppCheck.exe 52.78.76.217:443 Amazon.com, Inc. KR unknown
2932 AppCheckC.exe 52.78.76.217:443 Amazon.com, Inc. KR unknown
2460 AppCheckS.exe 52.78.76.217:443 Amazon.com, Inc. KR unknown
2460 AppCheckS.exe 172.217.21.238:443 Google Inc. US whitelisted
1416 AppCheckC.exe 52.78.76.217:443 Amazon.com, Inc. KR unknown

DNS requests

Domain IP Reputation
www.google-analytics.com 172.217.21.238
whitelisted
www.checkmal.com 52.78.76.217
unknown

Threats

No threats detected.

Debug output strings

Process Message
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize
AppCheckC.exe [CIPCServer::Finalize] Finalize