LogSession.dll

Description: LogSession

Version: 2.1.2.1640

Architecture: 32-bit

Operating System: Windows

SHA256: a82e781684f6af6103ba478bc3cf32a7

File Size: 314.2 KB

Uploaded At: Dec. 2, 2025, 2:29 p.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory

Exported Functions

UTAddToGroup (Ordinal: 1, Address: 0x29a30)
UTAddToSession (Ordinal: 2, Address: 0x298f0)
UTCloseSession (Ordinal: 3, Address: 0x29a90)
UTGetDemographic (Ordinal: 4, Address: 0x29c40)
UTGetNonDefaultDemographic (Ordinal: 5, Address: 0x29cf0)
UTGetOptIn (Ordinal: 6, Address: 0x29ae0)
UTInitialize (Ordinal: 7, Address: 0x29820)
UTLogEvent (Ordinal: 8, Address: 0x29950)
UTNewDataGroup (Ordinal: 9, Address: 0x299c0)
UTOptInGet (Ordinal: 10, Address: 0x29b90)
UTOptInSet (Ordinal: 11, Address: 0x29bf0)
UTSetDemographic (Ordinal: 12, Address: 0x29ca0)
UTSetNonDefaultDemographic (Ordinal: 13, Address: 0x29d50)
UTSetOptIn (Ordinal: 14, Address: 0x29b40)
UTSetSerializationState (Ordinal: 15, Address: 0x29db0)
UTStartSession (Ordinal: 16, Address: 0x29880)

Imported DLLs & Functions

ADVAPI32.dll

CryptAcquireContextA (Address: 0x10039008)
CryptCreateHash (Address: 0x10039004)
CryptDestroyHash (Address: 0x10039000)
CryptGetHashParam (Address: 0x10039010)
CryptHashData (Address: 0x10039034)
CryptReleaseContext (Address: 0x1003900c)
RegCloseKey (Address: 0x10039018)
RegCreateKeyExW (Address: 0x10039030)
RegDeleteKeyW (Address: 0x10039028)
RegDeleteValueW (Address: 0x10039024)
RegEnumValueW (Address: 0x10039020)
RegOpenKeyExW (Address: 0x1003901c)
RegQueryValueExW (Address: 0x1003902c)
RegSetValueExW (Address: 0x10039014)

KERNEL32.dll

CloseHandle (Address: 0x10039044)
CompareFileTime (Address: 0x10039054)
CopyFileW (Address: 0x10039060)
CreateFileW (Address: 0x10039040)
CreateProcessW (Address: 0x1003904c)
DecodePointer (Address: 0x100390dc)
DeleteCriticalSection (Address: 0x100390b8)
DeleteFileW (Address: 0x10039084)
EncodePointer (Address: 0x1003914c)
EnterCriticalSection (Address: 0x100390b4)
ExpandEnvironmentStringsW (Address: 0x100390a8)
FileTimeToLocalFileTime (Address: 0x10039080)
FindClose (Address: 0x10039068)
FindFirstFileW (Address: 0x10039048)
FindNextFileW (Address: 0x10039070)
FindResourceExW (Address: 0x10039090)
FindResourceW (Address: 0x10039114)
FreeEnvironmentStringsW (Address: 0x1003906c)
FreeLibrary (Address: 0x10039104)
GetCurrentProcess (Address: 0x100390ec)
GetCurrentProcessId (Address: 0x10039108)
GetCurrentThreadId (Address: 0x100390d0)
GetDiskFreeSpaceW (Address: 0x10039064)
GetEnvironmentStringsW (Address: 0x10039058)
GetExitCodeThread (Address: 0x10039088)
GetFileAttributesExW (Address: 0x10039078)
GetFileTime (Address: 0x10039074)
GetLastError (Address: 0x100390fc)
GetLocaleInfoA (Address: 0x100390c4)
GetModuleFileNameW (Address: 0x100390a4)
GetProcAddress (Address: 0x100390f8)
GetProcessHeap (Address: 0x10039144)
GetSystemDirectoryA (Address: 0x10039100)
GetSystemInfo (Address: 0x100390cc)
GetSystemTimeAsFileTime (Address: 0x1003910c)
GetTickCount (Address: 0x100390d4)
GetVersionExA (Address: 0x1003907c)
GlobalMemoryStatusEx (Address: 0x100390c8)
HeapAlloc (Address: 0x10039134)
HeapDestroy (Address: 0x10039130)
HeapFree (Address: 0x10039138)
HeapReAlloc (Address: 0x1003913c)
HeapSize (Address: 0x10039140)
InitializeCriticalSection (Address: 0x100390ac)
InitializeCriticalSectionAndSpinCount (Address: 0x10039118)
InterlockedCompareExchange (Address: 0x10039124)
InterlockedExchange (Address: 0x1003911c)
IsDebuggerPresent (Address: 0x10039148)
LeaveCriticalSection (Address: 0x100390b0)
LoadLibraryA (Address: 0x100390f4)
LoadLibraryW (Address: 0x1003905c)
LoadResource (Address: 0x10039098)
LockResource (Address: 0x100390a0)
lstrlenW (Address: 0x100390bc)
MoveFileExW (Address: 0x10039050)
MultiByteToWideChar (Address: 0x10039094)
QueryPerformanceCounter (Address: 0x100390d8)
RaiseException (Address: 0x10039110)
SetUnhandledExceptionFilter (Address: 0x100390f0)
SizeofResource (Address: 0x1003909c)
Sleep (Address: 0x10039120)
SuspendThread (Address: 0x1003908c)
TerminateProcess (Address: 0x10039128)
UnhandledExceptionFilter (Address: 0x1003912c)
VerLanguageNameW (Address: 0x100390c0)
VirtualProtect (Address: 0x100390e8)
WideCharToMultiByte (Address: 0x100390e0)
WriteFile (Address: 0x1003903c)
WriteProcessMemory (Address: 0x100390e4)

MSVCP100.dll

?_BADOFF@std@@3_JB (Address: 0x100392c8)
?_Decref@facet@locale@std@@QAEPAV123@XZ (Address: 0x100391d0)
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z (Address: 0x10039220)
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z (Address: 0x10039240)
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z (Address: 0x1003915c)
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z (Address: 0x100392b0)
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ (Address: 0x100392b8)
?_Incref@facet@locale@std@@QAEXXZ (Address: 0x100391d4)
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ (Address: 0x10039168)
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z (Address: 0x1003917c)
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ (Address: 0x10039234)
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ (Address: 0x10039270)
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ (Address: 0x100391e4)
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ (Address: 0x10039164)
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ (Address: 0x100391f4)
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ (Address: 0x1003918c)
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ (Address: 0x10039230)
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ (Address: 0x1003926c)
?_Xlength_error@std@@YAXPBD@Z (Address: 0x100392d0)
?_Xout_of_range@std@@YAXPBD@Z (Address: 0x100392d4)
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@ (Address: 0x10039154)
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@ (Address: 0x100391dc)
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@ (Address: 0x100392cc)
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ (Address: 0x10039298)
??0_Lockit@std@@QAE@H@Z (Address: 0x100392c0)
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ (Address: 0x100391f0)
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x10039188)
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z (Address: 0x1003927c)
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z (Address: 0x10039248)
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x10039180)
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z (Address: 0x100391ec)
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x10039184)
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ (Address: 0x100391e8)
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x10039174)
??1_Lockit@std@@QAE@XZ (Address: 0x100392c4)
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10039210)
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x100392d8)
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10039280)
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10039250)
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x100391a0)
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10039208)
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x100391a8)
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10039238)
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x100391c8)
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z (Address: 0x10039294)
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z (Address: 0x10039284)
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z (Address: 0x10039244)
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z (Address: 0x10039278)
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z (Address: 0x10039258)
??Bid@locale@std@@QAEIXZ (Address: 0x100391d8)
?always_noconv@codecvt_base@std@@QBE_NXZ (Address: 0x100391cc)
?classic@locale@std@@SAABV12@XZ (Address: 0x1003928c)
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z (Address: 0x1003924c)
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A (Address: 0x1003923c)
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z (Address: 0x10039274)
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ (Address: 0x10039204)
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ (Address: 0x100391a4)
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x10039290)
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z (Address: 0x10039254)
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ (Address: 0x10039170)
?id@?$codecvt@DDH@std@@2V0locale@2@A (Address: 0x100391b0)
?id@?$ctype@D@std@@2V0locale@2@A (Address: 0x10039288)
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z (Address: 0x10039214)
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z (Address: 0x1003925c)
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z (Address: 0x1003919c)
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z (Address: 0x10039198)
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z (Address: 0x100392ac)
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z (Address: 0x100392a8)
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x10039194)
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@_JHH@Z (Address: 0x100392a0)
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z (Address: 0x1003929c)
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z (Address: 0x1003921c)
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z (Address: 0x10039264)
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z (Address: 0x100391fc)
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z (Address: 0x1003916c)
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z (Address: 0x100391f8)
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z (Address: 0x1003920c)
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z (Address: 0x100391ac)
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x100391c4)
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ (Address: 0x1003922c)
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ (Address: 0x100391bc)
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x100391c0)
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z (Address: 0x10039200)
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z (Address: 0x10039190)
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z (Address: 0x100391e0)
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z (Address: 0x10039158)
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ (Address: 0x10039218)
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ (Address: 0x10039260)
?tolower@?$ctype@D@std@@QBEDD@Z (Address: 0x100392b4)
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ (Address: 0x10039228)
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ (Address: 0x10039268)
?uncaught_exception@std@@YA_NXZ (Address: 0x100392bc)
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ (Address: 0x100392a4)
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z (Address: 0x10039178)
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z (Address: 0x10039160)
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z (Address: 0x10039224)
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z (Address: 0x100391b8)
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z (Address: 0x100392dc)
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z (Address: 0x100391b4)

MSVCR100.dll

__clean_type_info_names_internal (Address: 0x100393e4)
__CppXcptFilter (Address: 0x100393c4)
__CxxFrameHandler3 (Address: 0x100393a8)
__dllonexit (Address: 0x100393cc)
_amsg_exit (Address: 0x100393c0)
_beginthreadex (Address: 0x10039350)
_crt_debugger_hook (Address: 0x100393d8)
_CxxThrowException (Address: 0x10039408)
_encoded_null (Address: 0x100393b4)
_except_handler4_common (Address: 0x100393dc)
_fseeki64 (Address: 0x10039320)
_getpid (Address: 0x10039374)
_gmtime32_s (Address: 0x1003937c)
_initterm (Address: 0x100393b8)
_initterm_e (Address: 0x100393bc)
_ismbcspace (Address: 0x1003935c)
_localtime64 (Address: 0x10039394)
_lock (Address: 0x100393d0)
_lock_file (Address: 0x10039334)
_malloc_crt (Address: 0x100393b0)
_mbsinc (Address: 0x10039364)
_mbsstr (Address: 0x10039384)
_onexit (Address: 0x100393d4)
_purecall (Address: 0x1003933c)
_stricmp (Address: 0x100393fc)
_time32 (Address: 0x1003936c)
_time64 (Address: 0x1003934c)
_unlock (Address: 0x100393c8)
_unlock_file (Address: 0x10039314)
_vscprintf (Address: 0x10039368)
_vscwprintf (Address: 0x10039398)
_wassert (Address: 0x1003938c)
_wgetenv_s (Address: 0x100393a4)
_wtoi (Address: 0x10039380)
?_type_info_dtor_internal_method@type_info@@QAEXXZ (Address: 0x100393e0)
??_V@YAXPAX@Z (Address: 0x10039338)
??0bad_cast@std@@QAE@ABV01@@Z (Address: 0x10039310)
??0bad_cast@std@@QAE@PBD@Z (Address: 0x1003930c)
??0exception@std@@QAE@ABQBD@Z (Address: 0x100393e8)
??0exception@std@@QAE@ABV01@@Z (Address: 0x1003940c)
??1bad_cast@std@@UAE@XZ (Address: 0x10039308)
??1exception@std@@UAE@XZ (Address: 0x100393ec)
??2@YAPAXI@Z (Address: 0x10039300)
??3@YAXPAX@Z (Address: 0x100393f8)
?terminate@@YAXXZ (Address: 0x100393ac)
?what@exception@std@@UBEPBDXZ (Address: 0x100393f0)
fclose (Address: 0x100392fc)
fflush (Address: 0x10039324)
fgetc (Address: 0x100392f4)
fgetpos (Address: 0x1003931c)
fputc (Address: 0x10039304)
free (Address: 0x100392e8)
fsetpos (Address: 0x1003932c)
fwrite (Address: 0x10039344)
ispunct (Address: 0x10039390)
isspace (Address: 0x10039388)
malloc (Address: 0x100392ec)
memchr (Address: 0x100392f0)
memcpy (Address: 0x10039404)
memcpy_s (Address: 0x10039340)
memmove (Address: 0x100392e4)
memmove_s (Address: 0x10039354)
memset (Address: 0x10039400)
setvbuf (Address: 0x10039330)
strftime (Address: 0x10039378)
strncat (Address: 0x100393f4)
strncpy (Address: 0x100392f8)
strncpy_s (Address: 0x10039348)
strnlen (Address: 0x10039358)
strtok_s (Address: 0x10039370)
tolower (Address: 0x10039328)
ungetc (Address: 0x10039318)
vsprintf_s (Address: 0x10039360)
vswprintf_s (Address: 0x100393a0)
wcsnlen (Address: 0x1003939c)

ole32.dll

CoCreateGuid (Address: 0x10039460)
CoTaskMemFree (Address: 0x10039464)

SETUPAPI.dll

SetupDiEnumDeviceInfo (Address: 0x10039418)
SetupDiGetClassDevsA (Address: 0x1003941c)
SetupDiGetDeviceRegistryPropertyA (Address: 0x10039414)

SHELL32.dll

SHCreateDirectoryExW (Address: 0x1003942c)
SHFileOperationW (Address: 0x10039424)
SHGetFolderPathW (Address: 0x10039428)

SHLWAPI.dll

PathFileExistsW (Address: 0x10039434)
PathIsDirectoryW (Address: 0x10039438)

USER32.dll

EnumDisplayMonitors (Address: 0x10039444)
GetMonitorInfoA (Address: 0x10039448)
GetSystemMetrics (Address: 0x10039440)

VERSION.dll

GetFileVersionInfoSizeW (Address: 0x10039454)
GetFileVersionInfoW (Address: 0x10039458)
VerQueryValueW (Address: 0x10039450)