Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'SecurityHealthHost.exe'

not enough data to reliably determine

SecurityHealthHost.exe

This report is generated from a file or URL submitted to this webservice on March 19th 2019 14:45:29 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before Show Similar Samples Request Report Deletion

Incident Response

MITRE ATT&CK™ Techniques Detection

This report has 1 indicators that were mapped to 1 attack techniques and 1 tactics. View all details

Defense Evasion
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1116	Code Signing	Defense Evasion	Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Learn more			The input sample is signed with a certificate

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 1
Environment Awareness
- The input sample contains a known anti-VM trick
  
  details
  
  Found VM detection artifact "CPUID trick" in "27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin" (Offset: 27408)
  
  source
  
  Binary File
  
  relevance
  
  5/10

Suspicious Indicators 2
Unusual Characteristics
- Imports suspicious APIs
  
  details
  
  IsDebuggerPresent
  GetFileAttributesW
  LockResource
  UnhandledExceptionFilter
  LoadLibraryExW
  GetProcAddress
  GetModuleHandleW
  TerminateProcess
  FindResourceW
  CreateFileW
  RegCreateKeyExW
  RegCloseKey
  RegOpenKeyExW
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- Timestamp in PE header is very old or in the future
  
  details
  
  "27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin" claims program is from Fri Jun 25 11:09:50 2038
  
  source
  
  Static Parser
  
  relevance
  
  10/10

Informative 4
External Systems
- Sample was identified as clean by Antivirus engines
  
  details
  
  0/64 Antivirus vendors marked sample as malicious (0% detection rate)
  
  source
  
  External System
  
  relevance
  
  10/10
General
- Contains PDB pathways
  
  details
  
  "SecurityHealthHost.pdb"
  
  source
  
  File/Memory
  
  relevance
  
  1/10
- The input sample is signed with a certificate
  
  details
  
  The input sample is signed with a certificate issued by "CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US" (SHA1: AE:9C:1A:E5:47:63:82:2E:EC:42:47:49:83:D8:B6:35:11:6C:84:52; see report for more information)
  The input sample is signed with a certificate issued by "CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US" (SHA1: 58:0A:6F:4C:C4:E4:B6:69:B9:EB:DC:1B:2B:3E:08:7B:80:D0:67:8D; see report for more information)
  
  source
  
  Certificate Data
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1116 (Show technique in the MITRE ATT&CK™ matrix)
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a"
  Pattern match: "www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0"
  Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z"
  Pattern match: "http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0"
  Pattern match: "http://www.microsoft.com/windows0"
  Pattern match: "www.microsoft.com/PKI/docs/CPS/default.htm0@"
  Pattern match: "crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z"
  Pattern match: "http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0"
  
  source
  
  File/Memory
  
  relevance
  
  10/10

File Details

All Details:

SecurityHealthHost.exe

Filename: SecurityHealthHost.exe
Size: 62KiB (63504 bytes)
Type: peexe 64bits executable
Description: PE32+ executable (GUI) x86-64, for MS Windows
Architecture
: WINDOWS
SHA256
: 27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e
MD5
: 94d49162a08b536a2a4d7f5c4377c745
SHA1
: 205290cb8eeee41b7a5eb2792df81508a26f31ec
ssdeep
: 1536:Y30wgYqF9lKOc6Xi073JYP9TZTG3QrgBiTQGmCvtTJn+wRZmMveGxUwp6npP:tw3OrX73JYP99S3Qrg4sGmCvtNn+wRZW
imphash
: 588f984996756bee8ebfe48a7299428f
authentihash
: 1196c9d4060b39c8f55932ff445d72d8cbfdb0b5ee81e9bf7f8b9fe26ab31adb
PDB Timestamp
: 06/25/2038 11:09:50 (UTC)
PDB Pathway
: SecurityHealthHost.pdb
PDB GUID
: 9DE6C6F26DBAA555BEBFE6B578F3E734

Resources

Language
: ENGLISH
Icon

Visualization

Input File (PortEx)

Version Info

LegalCopyright: Microsoft Corporation. All rights reserved.
InternalName: SecurityHealthHost
FileVersion: 4.18.1901.16384 (WinBuild.160101.0800)
CompanyName: Microsoft Corporation
ProductName: Microsoft Windows Operating System
ProductVersion: 4.18.1901.16384
FileDescription: Windows Security Health Host
OriginalFilename: SecurityHealthHost.exe
Translation: 0x0409 0x04b0

Classification (TrID)

82.0% (.EXE) Win64 Executable (generic)
6.0% (.EXE) OS/2 Executable (generic)
5.9% (.EXE) Generic Win/DOS Executable
5.9% (.EXE) DOS Executable Generic

File Metadata

1 .OBJ Files (COFF) linked with LINK.EXE 5.10 (Visual Studio 5) (build: 26715)
57 .BAS Files compiled with C2.EXE 5.0 (Visual Basic 6) (build: 26715)

35 .OBJ Files (OMF) linked with LINK.EXE 6.00 (Visual Studio 6) (build: 26715)
2 .OBJ Files (OMF) linked with LINK.EXE 5.10 (Visual Studio 5) (build: 26715)
11 .OBJ Files (COFF) linked with LINK.EXE 6.00 (Visual Studio 6) (build: 26715)
40 .LIB Files generated with LIB.EXE 9.00 (Visual Studio 2008) (build: 30729)

File contains Visual Basic code
File appears to contain raw COFF/OMF content
File is the product of a medium codebase (57 files)

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5	Characteristics
Name .text Entropy 6.11665345129 Virtual Address 0x1000 Virtual Size 0x7182 Raw Size 0x7200 MD5 e77e58811f24d76c9664dad54c4ce7c2	.text	6.11665345129	0x1000	0x7182	0x7200	e77e58811f24d76c9664dad54c4ce7c2	-
Name .rdata Entropy 4.03276838477 Virtual Address 0x9000 Virtual Size 0x4094 Raw Size 0x4200 MD5 faf7cf8a0ec4ee8f647aa519ea2b8c1e	.rdata	4.03276838477	0x9000	0x4094	0x4200	faf7cf8a0ec4ee8f647aa519ea2b8c1e	-
Name .data Entropy 4.27198140552 Virtual Address 0xe000 Virtual Size 0x1160 Raw Size 0xa00 MD5 2c700d7a0ebf5308df36924ca18b6998	.data	4.27198140552	0xe000	0x1160	0xa00	2c700d7a0ebf5308df36924ca18b6998	-
Name .pdata Entropy 3.75397152554 Virtual Address 0x10000 Virtual Size 0x828 Raw Size 0xa00 MD5 3c289a770933891a6352c81c3673af00	.pdata	3.75397152554	0x10000	0x828	0xa00	3c289a770933891a6352c81c3673af00	-
Name .rsrc Entropy 3.48543563061 Virtual Address 0x11000 Virtual Size 0x630 Raw Size 0x800 MD5 f62b76785a6cdf0374ea3797d2f610bf	.rsrc	3.48543563061	0x11000	0x630	0x800	f62b76785a6cdf0374ea3797d2f610bf	-
Name .reloc Entropy 3.68325035337 Virtual Address 0x12000 Virtual Size 0x13c Raw Size 0x200 MD5 0ab526a9ee1c8c6d9e7a5d0af7a783e7	.reloc	3.68325035337	0x12000	0x13c	0x200	0ab526a9ee1c8c6d9e7a5d0af7a783e7	-

File Resources

Details	Name	RVA	Size	Type	Language
Name RT_VERSION RVA 0x11260 Size 0x3cc Type data Language English	RT_VERSION	0x11260	0x3cc	data	English
Name RT_MANIFEST RVA 0x110a0 Size 0x1b9 Type XML 1.0 document, ASCII text, with CRLF line terminators Language English	RT_MANIFEST	0x110a0	0x1b9	XML 1.0 document, ASCII text, with CRLF line terminators	English

File Imports

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryValueExW

_callnewh

_set_new_mode

free

malloc

_configthreadlocale

__C_specific_handler

__CxxFrameHandler3

__std_exception_copy

__std_exception_destroy

__std_terminate

_CxxThrowException

_purecall

memcpy

memmove

__p___argc

__p___wargv

_c_exit

_cexit

_configure_wide_argv

_crt_atexit

_exit

_get_initial_wide_environment

_initialize_onexit_table

_initialize_wide_environment

_initterm

_initterm_e

_invalid_parameter_noinfo_noreturn

_register_onexit_function

_register_thread_local_exe_atexit_callback

_seh_filter_exe

_set_app_type

exit

terminate

__p__commode

__stdio_common_vswprintf

_set_fmode

memset

GetTraceEnableFlags

GetTraceEnableLevel

GetTraceLoggerHandle

RegisterTraceGuidsW

TraceMessage

UnregisterTraceGuids

CertVerifyCertificateChainPolicy

CloseHandle

CreateEventW

CreateFileW

DebugBreak

DeleteCriticalSection

EncodePointer

EnterCriticalSection

FindResourceW

FreeLibrary

GetCurrentProcess

GetCurrentProcessId

GetCurrentThreadId

GetFileAttributesW

GetLastError

GetModuleHandleW

GetProcAddress

GetSystemDirectoryW

GetSystemTimeAsFileTime

InitializeCriticalSectionAndSpinCount

InitializeSListHead

IsDebuggerPresent

IsProcessorFeaturePresent

LeaveCriticalSection

LoadLibraryExW

LoadResource

LockResource

QueryPerformanceCounter

ResetEvent

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

SetEvent

SetUnhandledExceptionFilter

SizeofResource

TerminateProcess

UnhandledExceptionFilter

WaitForSingleObject

WaitForSingleObjectEx

?_Xlength_error@std@@YAXPEBD@Z

CLSIDFromString

CoCreateInstance

CoGetClassObject

CoInitializeEx

CoInitializeSecurity

CoMarshalInterface

CoRegisterClassObject

CoRegisterSurrogate

CoReleaseMarshalData

CoRevokeClassObject

CoUninitialize

IIDFromString

CryptCATAdminAcquireContext

CryptCATAdminCalcHashFromFileHandle

CryptCATAdminEnumCatalogFromHash

CryptCATAdminReleaseCatalogContext

CryptCATAdminReleaseContext

CryptCATCatalogInfoFromContext

WinVerifyTrust

WTHelperGetProvSignerFromChain

WTHelperProvDataFromStateData

File Certificates

Download Certificate File (8.5KiB)

Owner	Issuer	Validity	Hashes (MD5, SHA1)
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US Serial: 33000001c422b2f79b793dacb20000000001c4	07/03/2018 20:45:50 07/26/2019 20:45:50	79:08:00:D8:69:8C:34:EF:92:D8:25:6C:23:E3:99:8B AE:9C:1A:E5:47:63:82:2E:EC:42:47:49:83:D8:B6:35:11:6C:84:52
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US Serial: 61077656000000000008	10/19/2011 18:41:42 10/19/2026 18:51:42	AF:74:9A:21:6C:00:C7:D2:5C:24:9F:CA:0D:7F:D4:71 58:0A:6F:4C:C4:E4:B6:69:B9:EB:DC:1B:2B:3E:08:7B:80:D0:67:8D

Screenshots

Loading content, please wait...

Hybrid Analysis

No runtime process information available, as the input sample failed to launch (more).

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

!This program cannot be run in DOS mode.$

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

"Microsoft Time Source Master Clock0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

"Microsoft Window

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

$Microsoft Ireland Operations Limited1

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

%Microsoft Windows Production PCA 2011

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

%Microsoft Windows Production PCA 20110

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

)Microsoft Root Certificate Authority 20100

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

,IQJWuTep9x4/j9CUCiLqrZa+cx0QfiDG8cmWF4k2R9k=0Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$00$$V@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$00UIMarshal@@@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$0A@UIClassFactory@@UIMarshal@@@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$0A@UISurrogate@@@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AU?$RuntimeClassFlags@$03@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AUIClassFactory@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AUIMarshal@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AUISurrogate@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AUIUnknown@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AV?$_String_alloc@U?$_String_base_types@GV?$allocator@G@std@@@std@@@std@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AV?$RuntimeClass@U?$RuntimeClassFlags@$01@WRL@Microsoft@@UIClassFactory@@UIMarshal@@@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AV?$RuntimeClass@U?$RuntimeClassFlags@$01@WRL@Microsoft@@UISurrogate@@@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AV?$RuntimeClassBaseT@$01@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AV?$RuntimeClassImpl@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$00$0A@$0A@UIClassFactory@@UIMarshal@@@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AV?$RuntimeClassImpl@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$00$0A@$0A@UISurrogate@@@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVbad_alloc@std@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVbad_array_new_length@std@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVCClassFactory@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVCError@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVCHResultException@CommonUtil@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVCRefCountedBase@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVCRefCountedBaseX@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVCSurrogate@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVCWString@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVDontUseNewUseMake@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVexception@std@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVILockable@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVinvalid_argument@std@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVIRefCounted@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVout_of_range@std@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVRuntimeClassBase@Details@WRL@Microsoft@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.?AVtype_info@@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XCAA

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XIA

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XIAA

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XIAC

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XIZ

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XLA

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XLZ

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XPA

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.CRT$XPZ

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.data$brc

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.data$r$brc

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.rdata$brc

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.rdata$T$brc

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.rdata$zzzdbg

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

.text$mn$00

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

100701213655Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

111019184142Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

180703204550Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

180823202625Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

1901.16384 (WinBuild.160101.0800)

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

190726204550Z0p1

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

191123202625Z0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

1http://www.microsoft.com/PKI/docs/CPS/default.htm0@

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

20190312084141Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

20190313003740.507Z0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

20190313084141Z0t0:

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

229879+4379540

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

250701214655Z0|1

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

261019185142Z0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

4.18.1901.16384

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

4.18.1901.16384 (WinBuild.160101.0800)

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

<?xml version="1.0" encoding="UTF-8" ?> Copyright (c) Microsoft Corporation --><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo></assembly>

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

?_Xlength_error@std@@YAXPEBD@Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

@SUVWATAVAWH

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

\MsMpLics.dll

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_0L'______,_a__,c

Ansi based on Image Processing (screen_0.png)

____________0__?___________r_

Ansi based on Image Processing (screen_0.png)

__C_specific_handler

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__CxxFrameHandler3

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__i,,,?___,ie,0

Ansi based on Image Processing (screen_0.png)

__p___argc

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__p___wargv

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__p__commode

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__std_exception_copy

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__std_exception_destroy

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__std_terminate

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

__stdio_common_vswprintf

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_Ah|ALy_|_

Ansi based on Image Processing (screen_0.png)

_callnewh

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_configthreadlocale

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_configure_wide_argv

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_crt_atexit

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_CxxThrowException

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_get_initial_wide_environment

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_initialize_onexit_table

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_initialize_wide_environment

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_initterm

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_initterm_e

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_invalid_parameter_noinfo_noreturn

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_purecall

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_register_onexit_function

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_register_thread_local_exe_atexit_callback

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_seh_filter_exe

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_set_app_type

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_set_fmode

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_set_new_mode

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

_vector<T> too long

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

A_A^A\_^][

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

A_A^A]A\_

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

A_A^A]A\_^]

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-core-registry-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-core-synch-l1-2-0.dll

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-crt-heap-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-crt-locale-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-crt-private-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-crt-runtime-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-crt-stdio-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-crt-string-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

api-ms-win-eventing-classicprovider-l1-1-0.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

bad allocation

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

bad array new length

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CertVerifyCertificateChainPolicy

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Chttp://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CloseHandle

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CLSID\%s

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CLSIDFromString

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoCreateInstance

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoGetClassObject

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoInitializeEx

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoInitializeSecurity

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoMarshalInterface

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CompanyName

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoRegisterClassObject

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoRegisterSurrogate

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoReleaseMarshalData

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoRevokeClassObject

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Corporation

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CoUninitialize

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CreateEventW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CreateFileW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CRYPT32.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CryptCATAdminAcquireContext

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CryptCATAdminCalcHashFromFileHandle

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CryptCATAdminEnumCatalogFromHash

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CryptCATAdminReleaseCatalogContext

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CryptCATAdminReleaseContext

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

CryptCATCatalogInfoFromContext

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

DebugBreak

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

DebugBreakAgentHost

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

DeleteCriticalSection

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Ehttp://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

EncodePointer

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

EnterCriticalSection

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

FileDescription

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

FileVersion

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

FindResourceW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

FreeLibrary

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetCurrentProcess

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetCurrentProcessId

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetCurrentThreadId

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetFileAttributesW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetLastError

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetModuleHandleW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetProcAddress

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetSystemDirectoryW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetSystemTimeAsFileTime

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetTraceEnableFlags

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetTraceEnableLevel

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

GetTraceLoggerHandle

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

HA_A^A\_^[

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

http://www.microsoft.com/windows0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

IIDFromString

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

InitializeConditionVariable

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

InitializeCriticalSectionAndSpinCount

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

InitializeSListHead

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

InternalName

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

IsDebuggerPresent

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

IsProcessorFeaturePresent

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

kernel32.dll

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

KERNEL32.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

LeaveCriticalSection

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

LegalCopyright

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

LoadLibraryExW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

LoadResource

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

LockResource

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

lthHost.exe

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Corporation

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Corporation1

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Corporation1&0$

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Corporation1)0'

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Corporation1.0,

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Corporation1200

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Operations Puerto Rico1&0$

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Operations Puerto Rico1'0%

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Time-Stamp PCA 2010

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Time-Stamp PCA 20100

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Time-Stamp Service

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Time-Stamp Service0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Microsoft Windows0

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

MsMpLics.dll

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

msvcp_win.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

nCipher NTS ESN:4DE9-0C5E-3E091+0)

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

OLE32.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Operating System

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

OriginalFilename

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

ProductName

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

ProductVersion

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

QueryPerformanceCounter

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RegCloseKey

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RegCreateKeyExW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RegisterTraceGuidsW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RegOpenKeyExW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RegQueryValueExW

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

ResetEvent

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RtlCaptureContext

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RtlLookupFunctionEntry

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

RtlVirtualUnwind

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SecurityHealthHost

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SecurityHealthHost.exe

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SecurityHealthHost.pdb

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SetUnhandledExceptionFilter

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SizeofResource

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SleepConditionVariableCS

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SOFTWARE\Microsoft\Windows Security Health\Miscellaneous

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

string too long

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

StringFileInfo

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

SVWATAVAWH

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

t$ WATAUAVAWH

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

t$ WAVAWH

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

terminate

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

TerminateProcess

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Thales TSS ESN:B8EC-30A4-71441%0#

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

TraceMessage

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Translation

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

UnhandledExceptionFilter

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Unknown exception

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

UnregisterTraceGuids

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

UVWATAUAVAWH

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

VarFileInfo

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

VS_VERSION_INFO

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

VWATAVAWH

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WaitForSingleObject

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WaitForSingleObjectEx

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WakeAllConditionVariable

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WARE\Microsoft\Windows Security Health\Miscellaneous

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Washington1

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WATAUAVAWH

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

Windows Security Health Host

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WINTRUST.dll

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WinVerifyTrust

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

ws Security Health Host

Unicode based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WTHelperGetProvSignerFromChain

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

WTHelperProvDataFromStateData

Ansi based on Memory/File Scan (27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e.bin)

x ATAVAWH