10505846624[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10505846624.zip
Size

1.7MB
MD5

913e204e3ad51d516899f72fb05d0c31
SHA1

5f75c06cc4481ddaf37dda0af8c057bcb6a10dbc
SHA256

66650f5e7dc513d781085d7482661a6fd44a5885cd818838dcab63d07c4d59d4
SHA512

444f9f9fa8ac4fa9ea10b54e3358ea4788afa0595b54ca768aff58e08fcb8de7ced4d5326ba0e7ad6f7b6d083a61553d6d3a70f72cab1fa0128c21b9d6817185
SSDEEP

49152:TdT7ksvjIvgQE5yn6qGwZUzJRoyrrwwqz:TJJjG5ZRZ8JR7rZqz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/version.dll

Files

10505846624.zip
.zip

Password: infected
2d866ccf2b24e3b922abb3d3980c2ed752d86b6c017bc2bf7a1c209aa9464643
.iso
OneDrive.Update
OneDriveStandaloneUpdater.exe
.exe windows x64

470b462811aa00cb363fc8262112a8a0

Code Sign

33:00:00:04:f8:e0:59:cb:f0:83:f2:ea:29:00:00:00:00:04:f8
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:11

Not After

31/01/2024, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:80:36:e8:09:7f:17:9a:27:6a:fd:de:7d:85:f3:b0:94:fd:dc:cd:90:ae:8d:38:d2:51:88:32:1f:8c:5f:50
Signer

Actual PE Digest

ca:80:36:e8:09:7f:17:9a:27:6a:fd:de:7d:85:f3:b0:94:fd:dc:cd:90:ae:8d:38:d2:51:88:32:1f:8c:5f:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
CreateFileW
WriteConsoleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
CompareFileTime
FindClose
FindNextFileW
FindFirstFileW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
OpenMutexW
FileTimeToSystemTime
FileTimeToLocalFileTime
IsWow64Process
GetTickCount64
GetVolumePathNameW
Sleep
GetCommandLineW
GetModuleHandleExW
FreeLibrary
GetEnvironmentVariableW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
ResumeThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExA
VirtualQuery
VirtualProtect
InitializeCriticalSection
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingW
MapViewOfFile
GetSystemPowerStatus
GetModuleFileNameA
OutputDebugStringA
CompareStringEx
LCMapStringEx
InitOnceExecuteOnce
CreateHardLinkW
AreFileApisANSI
SetEndOfFile
GetCurrentDirectoryW
GetLocaleInfoEx
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FormatMessageA
QueryPerformanceFrequency
GetDllDirectoryW
CreateEventExW
GetLastError
DecodePointer
DeleteFileW
GetSystemTime
LocalAlloc
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
CopyFileW
MoveFileExW
SystemTimeToFileTime
LockFileEx
UnlockFileEx
DeviceIoControl
LoadLibraryW
WerRegisterFile
WerUnregisterFile
GetTickCount
K32GetModuleFileNameExW
WaitForSingleObject
WaitForMultipleObjects
QueueUserWorkItem
CreateMutexW
GetVersionExW
MoveFileW
GetUserDefaultLocaleName
GetComputerNameW
ReleaseMutex
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetFinalPathNameByHandleW
GetLongPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
GetCompressedFileSizeW
FindFirstFileNameW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReadDirectoryChangesW
CreateSymbolicLinkW
CompareStringOrdinal
GetUserGeoID
GetPrivateProfileStringW
WritePrivateProfileStringW
SetDllDirectoryW
ReplaceFileW
RegisterApplicationRestart
GetFileInformationByHandleEx
OpenFileById
GetProcessTimes
GetExitCodeProcess
CreateProcessW
SetProcessShutdownParameters
GetSystemTimes
SetThreadInformation
GetProductInfo
VerifyVersionInfoW
ReadProcessMemory
ExpandEnvironmentStringsW
GlobalFree
WaitForMultipleObjectsEx

user32

TranslateMessage
DispatchMessageW
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
RegisterClassW
CreateWindowExW
DestroyWindow
ShowWindow
GetMessageW
PeekMessageW
PostQuitMessage
MsgWaitForMultipleObjectsEx
SetCursor
LoadCursorW
PostThreadMessageW
EnumWindows
PostMessageW
SystemParametersInfoW
GetWindowThreadProcessId
SendMessageTimeoutW
GetClassNameW

oleaut32

SetErrorInfo
GetErrorInfo
GetRecordInfoFromTypeInfo
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
RtlVirtualUnwind

shlwapi

SHGetValueA
SHSetValueW
SHRegGetValueW
SHRegGetPathW
SHCreateStreamOnFileEx
AssocQueryStringW
StrStrIW
PathIsPrefixW
ord219
PathFileExistsW
PathIsRelativeW
PathFindFileNameW
PathStripPathW
SHDeleteValueW
SHCreateStreamOnFileW
SHGetValueW
PathIsDirectoryEmptyW
SHDeleteKeyW
PathIsDirectoryW
SHRegGetBoolUSValueW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

GetProfileType
GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock

advapi32

OpenProcessToken
EventUnregister
EventWriteTransfer
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
RegGetValueA
CreateProcessAsUserW
CreateProcessWithTokenW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CryptCreateHash
CryptHashData
CryptDestroyHash
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
SetEntriesInAclW
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetKeyValueW
RegGetValueW
LookupAccountNameW
CryptDestroyKey
CryptSetHashParam
CryptImportKey
CreateWellKnownSid
DuplicateTokenEx
GetAclInformation
RegCreateKeyTransactedW
RegDeleteKeyExW
RegEnumKeyW
RegLoadKeyW
RegUnLoadKeyW
RegDeleteTreeW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
RegCreateKeyExW
ConvertSidToStringSidW
GetTokenInformation
RegSetValueExW
EventRegister

shell32

SHCreateItemFromParsingName
SHCreateDirectoryExW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHAssocEnumHandlers
SHParseDisplayName
SHChangeNotify
SHFileOperationW
SHLoadNonloadedIconOverlayIdentifiers
SHGetKnownFolderPath
SHGetFolderPathW
SHGetFolderPathAndSubDirW
ShellExecuteExW
SHSetKnownFolderPath
ord526

ole32

CoSetProxyBlanket
CreateBindCtx
CoWaitForMultipleHandles
CoInitialize
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateGuid
CreateItemMoniker
GetRunningObjectTable
CoTaskMemFree
CoCreateFreeThreadedMarshaler

winhttp

WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetCredentials
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle

rstrtmgr

RmRegisterResources
RmGetList
RmEndSession
RmStartSession

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptGenRandom
BCryptSetProperty
BCryptDestroyKey
BCryptOpenAlgorithmProvider

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CertVerifyCertificateChainPolicy
CertFreeCertificateChain

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringFreeW
UuidToStringW
RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingVectorFree
RpcEpRegisterW
RpcStringBindingComposeW
RpcEpUnregister
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW

secur32

GetUserNameExW

urlmon

URLOpenStreamW

wininet

InternetCloseHandle
InternetSetStatusCallbackW
HttpOpenRequestA
HttpAddRequestHeadersA
InternetReadFile
HttpSendRequestW
HttpQueryInfoA
InternetQueryOptionW
InternetOpenW
InternetCrackUrlA
InternetConnectA
InternetCheckConnectionW

ws2_32

listen
closesocket
htonl
htons
socket
WSAStartup
WSAGetLastError
bind
send
accept
setsockopt

iphlpapi

GetAdaptersInfo

Exports

Exports

?$TSS0@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4HA
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@E@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@NV?$allocator@N@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@_JV?$allocator@_J@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@CW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@EW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@FW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@GW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@HW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@IW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@NW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@_JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_KW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_NW4PiiKind@123@W4DataCategory@123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@PEBD@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@QEBE_N@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@XZ
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@std@@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??0ILogController@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogManager@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogManager@Events@Applications@Microsoft@@QEAA@XZ
??0ILogger@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogger@Events@Applications@Microsoft@@QEAA@XZ
??0IModule@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IModule@Events@Applications@Microsoft@@QEAA@XZ
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@XZ
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@PEB_J@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@_K@Z
??1DebugEventDispatcher@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventListener@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventSource@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ
??1IAuthTokensController@Events@Applications@Microsoft@@UEAA@XZ
??1ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??1ILogManager@Events@Applications@Microsoft@@UEAA@XZ
??1ILogger@Events@Applications@Microsoft@@UEAA@XZ
??1IModule@Events@Applications@Microsoft@@UEAA@XZ
??1ISemanticContext@Events@Applications@Microsoft@@UEAA@XZ
??1LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??4DebugEventDispatcher@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventListener@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@NV?$allocator@N@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@_JV?$allocator@_J@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@C@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@E@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@F@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@G@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_K@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z
??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4IAuthTokensController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogManager@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogger@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4IModule@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ISemanticContext@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??8EventProperty@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??8GUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z
??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ
??MGUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??YEventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??_7DebugEventDispatcher@Events@Applications@Microsoft@@6B@
??_7DebugEventListener@Events@Applications@Microsoft@@6B@
??_7DebugEventSource@Events@Applications@Microsoft@@6B@
??_7EventProperties@Events@Applications@Microsoft@@6B@
??_7EventProperty@Events@Applications@Microsoft@@6B@
??_7IAuthTokensController@Events@Applications@Microsoft@@6B@
??_7ILogController@Events@Applications@Microsoft@@6B@
??_7ILogManager@Events@Applications@Microsoft@@6BDebugEventDispatcher@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BIContextProvider@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BILogController@123@@
??_7ILogger@Events@Applications@Microsoft@@6B@
??_7IModule@Events@Applications@Microsoft@@6B@
??_7ISemanticContext@Events@Applications@Microsoft@@6B@
?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z
?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?ClearExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXXZ
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBDAEAW4status_t@234@_K@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBD_NAEAVILogConfiguration@234@AEAW4status_t@234@_K@Z
?DestroyLogManager@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z
?DispatchEventBroadcast@ILogManager@Events@Applications@Microsoft@@SA_NVDebugEvent@234@@Z
?FromJSON@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@PEBD@Z
?FromLogConfiguration@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@AEAULogConfiguration@Telemetry@23@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@PEBDAEAW4status_t@234@@Z
?GetDefaultConfiguration@Events@Applications@Microsoft@@YAAEBVILogConfiguration@123@XZ
?GetLatency@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventLatency@234@XZ
?GetLogObfuscationKeyManger@@YAJPEAPEAVILogObfuscationKeyManager@@@Z
?GetLogObfuscatorAes@@YAJPEAPEAVILogObfuscatorAes@@@Z
?GetModule@ILogConfiguration@Events@Applications@Microsoft@@QEAA?AV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@PEBD@Z
?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ
?GetName@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPersistence@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPersistence@234@XZ
?GetPiiProperties@EventProperties@Events@Applications@Microsoft@@QEBA?BV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@@std@@@2@@std@@W4DataCategory@234@@Z
?GetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEBA_KXZ
?GetPopSample@EventProperties@Events@Applications@Microsoft@@QEBANXZ
?GetPriority@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ
?GetProperties@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@W4DataCategory@234@@Z
?GetTimestamp@EventProperties@Events@Applications@Microsoft@@QEBA_JXZ
?GetType@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?HasConfig@ILogConfiguration@Events@Applications@Microsoft@@QEAA_NPEBD@Z
?Hash@GUID_t@Events@Applications@Microsoft@@QEBA_KXZ
?Initialize@IModule@Events@Applications@Microsoft@@UEAAXPEAVILogManager@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?SetAppEnv@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentETag@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentImpressionId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCommercialId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCommonField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetCustomField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetDeviceClass@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceMake@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceModel@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceOrgId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetEventExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetLatency@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventLatency@234@@Z
?SetLevel@EventProperties@Events@Applications@Microsoft@@QEAAXE@Z
?SetName@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkCost@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkCost@234@@Z
?SetNetworkProvider@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkType@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkType@234@@Z
?SetOsBuild@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetPersistence@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPersistence@234@@Z
?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z
?SetPopsample@EventProperties@Events@Applications@Microsoft@@QEAAXN@Z
?SetPriority@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@NV?$allocator@N@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@_JV?$allocator@_J@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@W4DataCategory@234@@Z
?SetTicket@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4TicketType@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetTimestamp@EventProperties@Events@Applications@Microsoft@@QEAAX_J@Z
?SetType@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserANID@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserAdvertisingId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@234@@Z
?SetUserLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserMsaId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserTimeZone@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Teardown@IModule@Events@Applications@Microsoft@@UEAAXXZ
?TryGetLevel@EventProperties@Events@Applications@Microsoft@@QEBA?AV?$tuple@_NE@std@@XZ
?clear@EventProperty@Events@Applications@Microsoft@@QEAAXXZ
?convertUintVectorToGUID@GUID_t@Events@Applications@Microsoft@@SA?AU_GUID@@AEBV?$vector@EV?$allocator@E@std@@@std@@@Z
?copydata@EventProperty@Events@Applications@Microsoft@@AEAAXPEBU1234@@Z
?empty@EventProperty@Events@Applications@Microsoft@@QEAA_NXZ
?erase@EventProperties@Events@Applications@Microsoft@@QEAA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4DataCategory@234@@Z
?lock@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4V67@A
?pack@EventProperties@Events@Applications@Microsoft@@QEAAPEAUevt_prop@@XZ
?stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ
?to_bytes@GUID_t@Events@Applications@Microsoft@@QEBAXAEAY0BA@E@Z
?to_string@EventProperty@Events@Applications@Microsoft@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?to_string@GUID_t@Events@Applications@Microsoft@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type_name@EventProperty@Events@Applications@Microsoft@@SAPEBDI@Z
?unpack@EventProperties@Events@Applications@Microsoft@@QEAA_NPEAUevt_prop@@_K@Z
evt_api_call_default

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.dll
.dll windows x64

3958b5fbc8acc612838d7c869ca4156c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
ResumeThread
CreateThread
CloseHandle
Sleep
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fread
ftell
fseek
fopen
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

exit
_execute_onexit_table
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-string-l1-1-0

strcmp

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vresion.dll
.dll windows x64

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17
Signer

Actual PE Digest

99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-version-l1-1-0

VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-versionansi-l1-1-0

GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

kernelbase

lstrcmpiA
lstrcmpiW
lstrlenW

ntdll

RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag

kernel32

_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
word.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: infected

470b462811aa00cb363fc8262112a8a0

Code Sign

33:00:00:04:f8:e0:59:cb:f0:83:f2:ea:29:00:00:00:00:04:f8Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

ca:80:36:e8:09:7f:17:9a:27:6a:fd:de:7d:85:f3:b0:94:fd:dc:cd:90:ae:8d:38:d2:51:88:32:1f:8c:5f:50Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

ntdll

shlwapi

version

userenv

advapi32

shell32

ole32

winhttp

rstrtmgr

wintrust

wtsapi32

bcrypt

crypt32

rpcrt4

secur32

urlmon

wininet

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 860KB - Virtual size: 860KB

.data Size: 110KB - Virtual size: 134KB

.pdata Size: 117KB - Virtual size: 116KB

.didat Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 20KB

3958b5fbc8acc612838d7c869ca4156c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 44B

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17Signer

Headers

DLL Characteristics

File Characteristics

33:00:00:04:f8:e0:59:cb:f0:83:f2:ea:29:00:00:00:00:04:f8
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

ca:80:36:e8:09:7f:17:9a:27:6a:fd:de:7d:85:f3:b0:94:fd:dc:cd:90:ae:8d:38:d2:51:88:32:1f:8c:5f:50
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 860KB - Virtual size: 860KB

.data
Size: 110KB - Virtual size: 134KB

.pdata
Size: 117KB - Virtual size: 116KB

.didat
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 44B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 708B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B