Ola galera estou com duvida em um arquivo aqui no meu PC.
Ele se chama Knuckled.exe, gostaria de saber se eh um virus, acessei ele pelo vim do GIT Bash e nao me parece ser um virus, mas ele cria o processo do nada e sempre se cria na pasta APPData.
Seguem os dados:
$ PE L mbh] à 4 @ @ € @… ¸3 S @
` H .text `.rsrc
@
@ @.reloc ` " @ B ð3 H # a è" ¸ 0 < r p¢o
+ ša(
X Ži2å*¦(
{ ‚ec(
šr
p( o
*Ö(
# (
(
( { o
( *Ê{ o
o
‚ecr pr
p( (
,( *z,{ ,{ o
(
* 0 ö se
} (
{ eo
{ s
o
{ e s
o!
{ r' po"
{ e s
o#
{ o$
{ þ s%
o&
" À@" PAs'
((
()
e s
(*
(+
{ o,
r' p("
r' po-
(.
*Z(0
(1
s (2
*(6
* 0 3 ~ (7
, r9 pÐ (8
o9
s:
€ ~ *~ *€ *~ *Vs
(<
t € *(=
* ´ ÎÊï¾ ‘ lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet PADPADP´ BSJB v2.0.50727 l P #~ ¼ ”a #Strings P
x #US È
#GUID Ø
@ #Blob W¢ ú%3 . a =
m X
‚ { ž ‰ Ë X
÷ ?X
iX
š…
O=
f=
ƒ=
¢=
»=
Ô=
ï=
=
B#
V#
„d
¤d
Â{
É{ éX
{ jX
œ{ ¨X ¾X àÑ óÑ 'X eÑ kX ”X o Ã
ü{ X lT
–ƒ
³d
Þ{
ã{
aa= a÷ 6a÷ Ra‰ € ) a 1 ; O ;
J% y- ¦1 êO P – ¶
˜ ¼  †Å ø ð +! Ä # L! + a N" ‘ S) a e" ƒÅ a p" “¶5 a ¯" “Ê: a ¶" “Ö? a ¾" –úS Û" †Å Å" ‘Ka) $ + - 7I Å ] Q Å ] Y Å ] a Å ] i Å ] q Å ] y Å ] Å ] ‰ Å ‘ Å ] ™ Å b ¡ Å © Üg © âp ù Á ‡ 1 (] Å 1Œ = 1 O 1 w‘ É „– © Žš Ñ # # 1 Å Ù ° Ù È é Å ¯ Ù æµ ñ Å ¯ Ù ø» Ù ] Ù » Ù b ù Å Á 1 OÇ Å Í |Ó ¢Ú ´» Ù Õá âç Ù æ] Ù ï !Å )e) ).ò )P÷ 1Å ý 9Å AÅ Å ÎDIõJIaS9 Å YaÅ fq_aÐ Å ) Ûm. ç. e ç. c . 3 ç. [ . # ç. + ç. Ù. ; ç. K ç. S íI Ûmƒ «í ƒ ›ƒ £í £ «í £ ›và {í v a iE âJ X
a € X r { ¦ Ñ la <Module> Knuckled.exe machined Knuckled Program Resources Knuckled.Properties Settings System.Windows.Forms Form mscorlib System Object System.Configuration ApplicationSettingsBase kesey tethered .ctor WebBrowserDocumentCompletedEventArgs steeds System.ComponentModel IContainer components Dispose InitializeComponent WebBrowser Haodctso Main System.Resources ResourceManager resourceMan System.Globalization CultureInfo resourceCulture get_ResourceManager get_Culture set_Culture Culture defaultInstance get_Default Default fuented shantz fuente sender e disposing value System.Reflection AssemblyTitleAttribute AssemblyDescriptionAttribute AssemblyConfigurationAttribute AssemblyCompanyAttribute AssemblyProductAttribute AssemblyCopyrightAttribute AssemblyTrademarkAttribute AssemblyCultureAttribute System.Runtime.InteropServices ComVisibleAttribute GuidAttribute System.Runtime.CompilerServices CompilationRelaxationsAttribute RuntimeCompatibilityAttribute String StringSplitOptions Split Concat FormWindowState set_WindowState Environment GetCommandLineArgs Navigate set_Opacity set_ShowInTaskbar set_ScriptErrorsSuppressed HtmlDocument get_Document get_Title op_Inequality IDisposable Control SuspendLayout DockStyle set_Dock System.Drawing Point set_Location Size set_MinimumSize set_Name set_Size set_TabIndex WebBrowserDocumentCompletedEventHandler add_DocumentCompleted SizeF ContainerControl set_AutoScaleDimensions AutoScaleMode set_AutoScaleMode set_ClientSize ControlCollection get_Controls Add set_Text ResumeLayout STAThreadAttribute Application EnableVisualStyles SetCompatibleTextRenderingDefault Run System.CodeDom.Compiler GeneratedCodeAttribute System.Diagnostics DebuggerNonUserCodeAttribute CompilerGeneratedAttribute ReferenceEquals Type RuntimeTypeHandle GetTypeFromHandle Assembly get_Assembly EditorBrowsableAttribute EditorBrowsableState .cctor SettingsBase Synchronized Knuckled.Properties.Resources.resources a o d c t a o d c t a a o d c t H a o d c t s o ;K n u c k l e d . P r o p e r t i e s . R e s o u r c e s \eüLU´ÁH‘3mæoºwF ·z\V4à‰ ! ! ! ! Y
a ]
e q°?_Õ
: u y } € €‰ € m @ 3System.Resources.Tools.StronglyTypedResourceBuildera4.0.0.0 €¥€© €a €a €µ Y KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator12.0.0.0 €¹€¹
Knuckled ) $b05bf049-3700-4c4e-b246-4aff34c14bbe TWrapNonExceptionThrows à3 þ3 ð3 _CorExeMain mscoree.dll ÿ% @ 0 € H € ` € x € € ¨ € À € Ø € ð C h øG 0A \ H ê \4 V S _ V E R S I O N _ I N F O ½ïþ ? D V a r F i l e I n f o $ T r a n s l a t i o n °¼ S t r i n g F i l e I n f o ˜ 0 0 0 0 0 4 b 0 < F i l e D e s c r i p t i o n K n u c k l e d 0 F i l e V e r s i o n 0 . 0 . 0 . 0 <
I n t e r n a l N a m e K n u c k l e d . e x e ( L e g a l C o p y r i g h t D
O r i g i n a l F i l e n a m e K n u c k l e d . e x e 4 P r o d u c t V e r s i o n 0 . 0 . 0 . 0 8 A s s e m b l y V e r s i o n 0 . 0 . 0 . 0 ( &½fÿ߀ÿëÿô–ÿï•ÿzƒrÿ€©ÂÿÂÙÇÿ \(j'aJ VöÜ}ÿç‰ÿï‘ÿó•ÿ¯}+ÿÝààÿ—™ÿ ͽztͽzÄͽzÄͽzÄͽzÄ‘j@ä®Sÿ³^ÿ×xÿá‚ÿè‰ÿÞ…ÿá‘ÿÿÿÿÿìóíÿ ͽzÚͽzÿ̼sÿŶSÿȹbÿ«œSÿŸKÿÄcÿÐpÿÙzÿ߀ÿ³iÿé’
ÿÒÎÉÿÿÿÿÿ ͽzðͽzÿͽzÿǸ]ÿĵJÿÇ·Yÿ‡g'ÿ¹Z ÿÇfÿÏoeÿÕvÿÈpÿ½rÿÃ~ ÿ·‘bÿͽzͽzÿͽzÿͽzÿʺjÿ¾°-ÿǸ]ÿ½¯7ÿ…\2ÿ¸Z ÿÄdÿÊjÿÍmeÿ¤Xÿ¢\ÿ½hÿͽzͽzÿͽzÿͽzÿʺjÿ¾°-ÿǸ]ÿ¯¢/ÿŽ>ÿ[?ÿŸLÿ½] ÿ½^ÿ Pÿ½^ÿ¡Nÿͽz4ͽzÿͽzÿͽzÿʺjÿ¾°-ÿǸ]ÿÀ²9ÿŽq@ÿ>"ÿ«I%ÿ°O$ÿ³R#ÿe2 ÿkqÿ‡<ÿͽzJͽzÿͽzÿͽzÿÊ»lÿ¿±4ÿȹ`ÿ³?ÿǸ\ÿ¨š6ÿŠc6ÿ‚="ÿA%ÿ€7 ÿhmvÿ‹:#ÿͽz`ͽzÿͽzÿͽzÿȸ`ÿÁ³?ÿÁ³>ÿ³Aÿ³BÿÁ³>ÿÁ³>ÿŶYÿ«eÿhBÿ‘`<ÿ~oGœÍ½zvͽzÿͽzÿͽzÿͽzÿɹdÿ¾°-ÿÀ²8ÿ³Bÿ½¯'ÿǸ]ÿͽzÿͽzÿôtÿÄ´tÿͽz’ͽzŒÍ½zÿͽzÿͽzÿͽzÿͽzÿͽzÿÆ·WÿŶOÿͽxÿͽzÿͽzÿͽzÿͽzÿͽzÿͽz¨Í½zTÊ»läɹcÿȹcÿɹcÿȹcÿɹcÿȹcÿɹcÿȹcÿɹcÿȹcÿɹcÿȹcÿʺiêͽzh º¬(º¬ º¬ÿº¬ÿº¬Êº¬rº¬rº¬rº¬rº¬rº¬rº¬rº¬rº¬4 » º¬º¬º¬ ÿ ÿ À € € € € € € € € € Ãÿ ÿÿ ÿÿ h <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0 4 `````