LogSession.dll

Description: LogSession

Version: 2.1.2.1640

Architecture: 64-bit

Operating System: Windows

SHA256: ec32ae9cc2a53c4083b89758ddad7215

File Size: 381.2 KB

Uploaded At: Dec. 1, 2025, 2:39 p.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory

Exported Functions

UTAddToGroup (Ordinal: 1, Address: 0x2d710)
UTAddToSession (Ordinal: 2, Address: 0x2d600)
UTCloseSession (Ordinal: 3, Address: 0x2d750)
UTGetDemographic (Ordinal: 4, Address: 0x2d8d0)
UTGetNonDefaultDemographic (Ordinal: 5, Address: 0x2d950)
UTGetOptIn (Ordinal: 6, Address: 0x2d790)
UTInitialize (Ordinal: 7, Address: 0x2d560)
UTLogEvent (Ordinal: 8, Address: 0x2d640)
UTNewDataGroup (Ordinal: 9, Address: 0x2d6a0)
UTOptInGet (Ordinal: 10, Address: 0x2d830)
UTOptInSet (Ordinal: 11, Address: 0x2d890)
UTSetDemographic (Ordinal: 12, Address: 0x2d910)
UTSetNonDefaultDemographic (Ordinal: 13, Address: 0x2d990)
UTSetOptIn (Ordinal: 14, Address: 0x2d7f0)
UTSetSerializationState (Ordinal: 15, Address: 0x2d9d0)
UTStartSession (Ordinal: 16, Address: 0x2d5a0)

Imported DLLs & Functions

ADVAPI32.dll

CryptAcquireContextA (Address: 0x18003f010)
CryptCreateHash (Address: 0x18003f008)
CryptDestroyHash (Address: 0x18003f000)
CryptGetHashParam (Address: 0x18003f020)
CryptHashData (Address: 0x18003f068)
CryptReleaseContext (Address: 0x18003f018)
RegCloseKey (Address: 0x18003f030)
RegCreateKeyExW (Address: 0x18003f060)
RegDeleteKeyW (Address: 0x18003f050)
RegDeleteValueW (Address: 0x18003f048)
RegEnumValueW (Address: 0x18003f040)
RegOpenKeyExW (Address: 0x18003f038)
RegQueryValueExW (Address: 0x18003f058)
RegSetValueExW (Address: 0x18003f028)

KERNEL32.dll

CloseHandle (Address: 0x18003f088)
CompareFileTime (Address: 0x18003f0a8)
CopyFileW (Address: 0x18003f0c0)
CreateFileW (Address: 0x18003f080)
CreateProcessW (Address: 0x18003f098)
DecodePointer (Address: 0x18003f238)
DeleteCriticalSection (Address: 0x18003f170)
DeleteFileW (Address: 0x18003f108)
EncodePointer (Address: 0x18003f2a0)
EnterCriticalSection (Address: 0x18003f168)
ExpandEnvironmentStringsW (Address: 0x18003f150)
FileTimeToLocalFileTime (Address: 0x18003f100)
FindClose (Address: 0x18003f0d0)
FindFirstFileW (Address: 0x18003f090)
FindNextFileW (Address: 0x18003f0e0)
FindResourceExW (Address: 0x18003f120)
FindResourceW (Address: 0x18003f228)
FreeEnvironmentStringsW (Address: 0x18003f0d8)
FreeLibrary (Address: 0x18003f208)
GetCurrentProcess (Address: 0x18003f1d8)
GetCurrentProcessId (Address: 0x18003f210)
GetCurrentThreadId (Address: 0x18003f1a0)
GetDiskFreeSpaceW (Address: 0x18003f0c8)
GetEnvironmentStringsW (Address: 0x18003f0b0)
GetExitCodeThread (Address: 0x18003f110)
GetFileAttributesExW (Address: 0x18003f0f0)
GetFileTime (Address: 0x18003f0e8)
GetLastError (Address: 0x18003f1f8)
GetLocaleInfoA (Address: 0x18003f188)
GetModuleFileNameW (Address: 0x18003f148)
GetProcAddress (Address: 0x18003f1f0)
GetProcessHeap (Address: 0x18003f290)
GetSystemDirectoryA (Address: 0x18003f200)
GetSystemInfo (Address: 0x18003f198)
GetSystemTimeAsFileTime (Address: 0x18003f218)
GetTickCount (Address: 0x18003f1a8)
GetVersionExA (Address: 0x18003f0f8)
GlobalMemoryStatusEx (Address: 0x18003f190)
HeapAlloc (Address: 0x18003f270)
HeapDestroy (Address: 0x18003f268)
HeapFree (Address: 0x18003f278)
HeapReAlloc (Address: 0x18003f280)
HeapSize (Address: 0x18003f288)
InitializeCriticalSection (Address: 0x18003f158)
InitializeCriticalSectionAndSpinCount (Address: 0x18003f230)
IsDebuggerPresent (Address: 0x18003f258)
LeaveCriticalSection (Address: 0x18003f160)
LoadLibraryA (Address: 0x18003f1e8)
LoadLibraryW (Address: 0x18003f0b8)
LoadResource (Address: 0x18003f130)
LockResource (Address: 0x18003f140)
lstrlenW (Address: 0x18003f178)
MoveFileExW (Address: 0x18003f0a0)
MultiByteToWideChar (Address: 0x18003f128)
QueryPerformanceCounter (Address: 0x18003f1b0)
RaiseException (Address: 0x18003f220)
RtlCaptureContext (Address: 0x18003f1b8)
RtlLookupFunctionEntry (Address: 0x18003f298)
RtlVirtualUnwind (Address: 0x18003f260)
SetUnhandledExceptionFilter (Address: 0x18003f1e0)
SizeofResource (Address: 0x18003f138)
Sleep (Address: 0x18003f240)
SuspendThread (Address: 0x18003f118)
TerminateProcess (Address: 0x18003f248)
UnhandledExceptionFilter (Address: 0x18003f250)
VerLanguageNameW (Address: 0x18003f180)
VirtualProtect (Address: 0x18003f1d0)
WideCharToMultiByte (Address: 0x18003f1c0)
WriteFile (Address: 0x18003f078)
WriteProcessMemory (Address: 0x18003f1c8)

MSVCP100.dll

?_BADOFF@std@@3_JB (Address: 0x18003f588)
?_Decref@facet@locale@std@@QEAAPEAV123@XZ (Address: 0x18003f3a0)
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z (Address: 0x18003f560)
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z (Address: 0x18003f470)
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z (Address: 0x18003f2b8)
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z (Address: 0x18003f550)
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ (Address: 0x18003f568)
?_Incref@facet@locale@std@@QEAAXXZ (Address: 0x18003f3a8)
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ (Address: 0x18003f2d0)
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z (Address: 0x18003f2f8)
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ (Address: 0x18003f458)
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ (Address: 0x18003f4d0)
?_Orphan_all@_Container_base0@std@@QEAAXXZ (Address: 0x18003f598)
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ (Address: 0x18003f3c8)
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ (Address: 0x18003f2c8)
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ (Address: 0x18003f3e8)
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ (Address: 0x18003f318)
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ (Address: 0x18003f450)
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ (Address: 0x18003f4c8)
?_Xlength_error@std@@YAXPEBD@Z (Address: 0x18003f5a0)
?_Xout_of_range@std@@YAXPEBD@Z (Address: 0x18003f5a8)
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@ (Address: 0x18003f360)
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@ (Address: 0x18003f3b8)
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@ (Address: 0x18003f590)
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ (Address: 0x18003f520)
??0_Lockit@std@@QEAA@H@Z (Address: 0x18003f578)
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ (Address: 0x18003f3e0)
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (Address: 0x18003f310)
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z (Address: 0x18003f4e8)
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z (Address: 0x18003f480)
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x18003f300)
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z (Address: 0x18003f3d8)
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x18003f308)
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ (Address: 0x18003f3d0)
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ (Address: 0x18003f2e8)
??1_Lockit@std@@QEAA@XZ (Address: 0x18003f580)
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ (Address: 0x18003f410)
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x18003f5b0)
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ (Address: 0x18003f4f0)
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x18003f490)
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x18003f340)
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ (Address: 0x18003f400)
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x18003f350)
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ (Address: 0x18003f460)
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x18003f390)
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z (Address: 0x18003f518)
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z (Address: 0x18003f4f8)
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z (Address: 0x18003f478)
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z (Address: 0x18003f4e0)
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z (Address: 0x18003f4a0)
??Bid@locale@std@@QEAA_KXZ (Address: 0x18003f3b0)
?always_noconv@codecvt_base@std@@QEBA_NXZ (Address: 0x18003f398)
?classic@locale@std@@SAAEBV12@XZ (Address: 0x18003f508)
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z (Address: 0x18003f488)
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A (Address: 0x18003f468)
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z (Address: 0x18003f4d8)
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ (Address: 0x18003f3f8)
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ (Address: 0x18003f348)
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ (Address: 0x18003f510)
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z (Address: 0x18003f498)
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ (Address: 0x18003f2e0)
?id@?$codecvt@DDH@std@@2V0locale@2@A (Address: 0x18003f430)
?id@?$ctype@D@std@@2V0locale@2@A (Address: 0x18003f500)
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z (Address: 0x18003f418)
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z (Address: 0x18003f4a8)
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z (Address: 0x18003f338)
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z (Address: 0x18003f330)
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z (Address: 0x18003f548)
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z (Address: 0x18003f540)
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ (Address: 0x18003f328)
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@H@2@_JHH@Z (Address: 0x18003f530)
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@H@2@V32@H@Z (Address: 0x18003f528)
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z (Address: 0x18003f428)
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z (Address: 0x18003f4b8)
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z (Address: 0x18003f2d8)
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z (Address: 0x18003f408)
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z (Address: 0x18003f358)
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ (Address: 0x18003f388)
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ (Address: 0x18003f448)
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ (Address: 0x18003f378)
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ (Address: 0x18003f380)
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z (Address: 0x18003f3f0)
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z (Address: 0x18003f320)
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z (Address: 0x18003f3c0)
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z (Address: 0x18003f2b0)
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ (Address: 0x18003f420)
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ (Address: 0x18003f4b0)
?tolower@?$ctype@D@std@@QEBADD@Z (Address: 0x18003f558)
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ (Address: 0x18003f440)
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ (Address: 0x18003f4c0)
?uncaught_exception@std@@YA_NXZ (Address: 0x18003f570)
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ (Address: 0x18003f538)
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z (Address: 0x18003f2f0)
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z (Address: 0x18003f2c0)
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z (Address: 0x18003f438)
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z (Address: 0x18003f370)
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z (Address: 0x18003f5b8)
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z (Address: 0x18003f368)

MSVCR100.dll

__C_specific_handler (Address: 0x18003f760)
__clean_type_info_names_internal (Address: 0x18003f7c8)
__CppXcptFilter (Address: 0x18003f790)
__crt_debugger_hook (Address: 0x18003f7b8)
__CxxFrameHandler3 (Address: 0x18003f750)
__dllonexit (Address: 0x18003f7a0)
_amsg_exit (Address: 0x18003f788)
_beginthreadex (Address: 0x18003f6a0)
_CxxThrowException (Address: 0x18003f818)
_encoded_null (Address: 0x18003f780)
_fseeki64 (Address: 0x18003f640)
_getpid (Address: 0x18003f6e8)
_gmtime32_s (Address: 0x18003f6f8)
_initterm (Address: 0x18003f770)
_initterm_e (Address: 0x18003f778)
_ismbcspace (Address: 0x18003f6b8)
_localtime64 (Address: 0x18003f728)
_lock (Address: 0x18003f7a8)
_lock_file (Address: 0x18003f668)
_malloc_crt (Address: 0x18003f768)
_mbsinc (Address: 0x18003f6c8)
_mbsstr (Address: 0x18003f708)
_onexit (Address: 0x18003f7b0)
_purecall (Address: 0x18003f678)
_stricmp (Address: 0x18003f7f8)
_time32 (Address: 0x18003f6d8)
_time64 (Address: 0x18003f698)
_unlock (Address: 0x18003f798)
_unlock_file (Address: 0x18003f628)
_vscprintf (Address: 0x18003f6d0)
_vscwprintf (Address: 0x18003f730)
_wassert (Address: 0x18003f718)
_wgetenv_s (Address: 0x18003f748)
_wtoi (Address: 0x18003f700)
?_type_info_dtor_internal_method@type_info@@QEAAXXZ (Address: 0x18003f7c0)
??_V@YAXPEAX@Z (Address: 0x18003f670)
??0bad_cast@std@@QEAA@AEBV01@@Z (Address: 0x18003f620)
??0bad_cast@std@@QEAA@PEBD@Z (Address: 0x18003f618)
??0exception@std@@QEAA@AEBQEBD@Z (Address: 0x18003f7d0)
??0exception@std@@QEAA@AEBV01@@Z (Address: 0x18003f820)
??1bad_cast@std@@UEAA@XZ (Address: 0x18003f610)
??1exception@std@@UEAA@XZ (Address: 0x18003f7d8)
??2@YAPEAX_K@Z (Address: 0x18003f600)
??3@YAXPEAX@Z (Address: 0x18003f7f0)
?terminate@@YAXXZ (Address: 0x18003f758)
?what@exception@std@@UEBAPEBDXZ (Address: 0x18003f7e0)
fclose (Address: 0x18003f5f8)
fflush (Address: 0x18003f648)
fgetc (Address: 0x18003f5e8)
fgetpos (Address: 0x18003f638)
fputc (Address: 0x18003f608)
free (Address: 0x18003f5d0)
fsetpos (Address: 0x18003f658)
fwrite (Address: 0x18003f688)
ispunct (Address: 0x18003f720)
isspace (Address: 0x18003f710)
malloc (Address: 0x18003f5d8)
memchr (Address: 0x18003f5e0)
memcmp (Address: 0x18003f808)
memcpy (Address: 0x18003f810)
memcpy_s (Address: 0x18003f680)
memmove (Address: 0x18003f5c8)
memmove_s (Address: 0x18003f6a8)
memset (Address: 0x18003f800)
setvbuf (Address: 0x18003f660)
strftime (Address: 0x18003f6f0)
strncat (Address: 0x18003f7e8)
strncpy (Address: 0x18003f5f0)
strncpy_s (Address: 0x18003f690)
strnlen (Address: 0x18003f6b0)
strtok_s (Address: 0x18003f6e0)
tolower (Address: 0x18003f650)
ungetc (Address: 0x18003f630)
vsprintf_s (Address: 0x18003f6c0)
vswprintf_s (Address: 0x18003f740)
wcsnlen (Address: 0x18003f738)

ole32.dll

CoCreateGuid (Address: 0x18003f8c8)
CoTaskMemFree (Address: 0x18003f8d0)

SETUPAPI.dll

SetupDiEnumDeviceInfo (Address: 0x18003f838)
SetupDiGetClassDevsA (Address: 0x18003f840)
SetupDiGetDeviceRegistryPropertyA (Address: 0x18003f830)

SHELL32.dll

SHCreateDirectoryExW (Address: 0x18003f860)
SHFileOperationW (Address: 0x18003f850)
SHGetFolderPathW (Address: 0x18003f858)

SHLWAPI.dll

PathFileExistsW (Address: 0x18003f870)
PathIsDirectoryW (Address: 0x18003f878)

USER32.dll

EnumDisplayMonitors (Address: 0x18003f890)
GetMonitorInfoA (Address: 0x18003f898)
GetSystemMetrics (Address: 0x18003f888)

VERSION.dll

GetFileVersionInfoSizeW (Address: 0x18003f8b0)
GetFileVersionInfoW (Address: 0x18003f8b8)
VerQueryValueW (Address: 0x18003f8a8)