onedrivephotos[.]iso

Sharing

Copy URL

Twitter E-mail

General

Target

onedrivephotos.iso
Size

4.5MB
MD5

154a9b7e0160021ad53db044ee679ecd
SHA1

08961d44f7e8bb1ed9ddab1e13f9f88fd2da78b0
SHA256

9f1eb0a100615cdda44a13f434627f8978d133ca4ef4a002809f95dcc8d24ff6
SHA512

080a619aa4746b4c6a0cd0888371b990fd0cb7782bbbf38f9a88c7afb8a93ea0cab7b282a1e3351a76413aede0cb61205cd4d4c81769a0746551f9aa3511d868
SSDEEP

49152:6EenBpKLBz+dV0LWUEur5XVmy1rVaou58gZbkT3FjNVcXrkj6B+/T+k54Q1WUw4:7VlH0MAQj8k5d1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/version.dll

Files

onedrivephotos.iso
.iso
onedrive-photos.lnk
.lnk
onedriveupdater.exe
.exe windows x64

ef83bf4832421eb886968d460c9cf644

Code Sign

33:00:00:04:25:35:21:6f:36:08:7c:eb:06:00:00:00:00:04:25
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:db:3c:7d:81:32:73:b0:18:94:48:44:6f:80:ba:89:29:f8:4a:bf:89:08:7d:ba:22:81:21:ba:45:70:0e:5d
Signer

Actual PE Digest

b0:db:3c:7d:81:32:73:b0:18:94:48:44:6f:80:ba:89:29:f8:4a:bf:89:08:7d:ba:22:81:21:ba:45:70:0e:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlPcToFileHeader
InterlockedPushEntrySList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCurrentThread
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
RtlUnwindEx
WriteConsoleW
CompareFileTime
FindClose
FindNextFileW
FindFirstFileW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetProductInfo
VerifyVersionInfoW
VerSetConditionMask
LoadLibraryExW
MoveFileExW
IsWow64Process
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileSize
CreateFileW
LocalFree
LocalAlloc
OpenMutexW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount64
GetVolumePathNameW
Sleep
GetCommandLineW
GetModuleHandleExW
FreeLibrary
GetEnvironmentVariableW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExA
VirtualQuery
VirtualProtect
InitializeCriticalSection
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
MapViewOfFile
GetSystemPowerStatus
GetModuleFileNameA
OutputDebugStringA
CompareStringEx
LCMapStringEx
DecodePointer
InitOnceExecuteOnce
GetLocaleInfoEx
CreateHardLinkW
AreFileApisANSI
SetEndOfFile
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
RaiseException
ReadConsoleW
DeleteFileW
GetSystemTime
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
CopyFileW
SystemTimeToFileTime
LockFileEx
UnlockFileEx
DeviceIoControl
LoadLibraryW
WerRegisterFile
WerUnregisterFile
GetTickCount
K32GetModuleFileNameExW
WaitForSingleObject
WaitForMultipleObjects
QueueUserWorkItem
CreateMutexW
GetVersionExW
MoveFileW
GetUserDefaultLocaleName
GetComputerNameW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetLongPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
GetCompressedFileSizeW
FindFirstFileNameW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseMutex
GetProcessTimes
GetExitCodeProcess
GetSystemTimes
SetDllDirectoryW
ReplaceFileW
ReadDirectoryChangesW
RegisterApplicationRestart
GetFileInformationByHandleEx
OpenFileById
CreateSymbolicLinkW
CompareStringOrdinal
GetUserGeoID
GlobalFree
ReadProcessMemory
QueryPerformanceFrequency
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable

user32

PostThreadMessageW
SendMessageTimeoutW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DispatchMessageW
GetMessageW
SystemParametersInfoW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
PostMessageW
PostQuitMessage
TranslateMessage

oleaut32

VariantChangeType
VarBstrCmp
VariantClear
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
SetErrorInfo
GetErrorInfo
GetRecordInfoFromTypeInfo
SysAllocStringLen
VariantInit
SysAllocString
SysAllocStringByteLen

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

shlwapi

StrStrIW
ord219
SHRegGetBoolUSValueW
SHRegGetValueW
PathStripToRootW
PathStripPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
SHSetValueW
SHCreateStreamOnFileEx
PathIsRelativeW
PathFindFileNameW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
PathIsPrefixW
SHCreateStreamOnFileW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock
GetProfileType

advapi32

RegGetValueA
EventUnregister
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
EventWriteTransfer
GetUserNameW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
MapGenericMask
IsValidAcl
DuplicateToken
AccessCheck
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
DeleteService
CreateServiceW
ControlService
ChangeServiceConfig2W
CryptHashData
CryptDestroyHash
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
SetEntriesInAclW
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RevertToSelf
CopySid
GetLengthSid
IsValidSid
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetKeyValueW
RegGetValueW
LookupAccountNameW
CryptDestroyKey
CryptSetHashParam
CryptImportKey
CreateProcessAsUserW
CreateWellKnownSid
DuplicateTokenEx
GetAclInformation
SetFileSecurityW
RegCreateKeyTransactedW
RegDeleteKeyExW
RegEnumKeyW
RegLoadKeyW
RegUnLoadKeyW
RegDeleteTreeW
ChangeServiceConfigW
OpenSCManagerW
ConvertSidToStringSidW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
CloseServiceHandle
OpenServiceW
EventRegister

shell32

SHLoadNonloadedIconOverlayIdentifiers
SHChangeNotify
SHParseDisplayName
SHCreateItemFromParsingName
SHGetFolderPathAndSubDirW
SHSetKnownFolderPath
ord526
CommandLineToArgvW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW
SHGetKnownFolderPath
SHFileOperationW

ole32

CoSetProxyBlanket
CoInitialize
CreateBindCtx
StringFromCLSID
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
GetRunningObjectTable
CreateItemMoniker
CoCreateGuid
CoUninitialize
CoInitializeEx
CLSIDFromString
CoCreateFreeThreadedMarshaler

winhttp

WinHttpGetProxyForUrl
WinHttpSetCredentials
WinHttpSetOption
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser

rstrtmgr

RmGetList
RmRegisterResources
RmEndSession
RmStartSession

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSQueryUserToken

bcrypt

BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptSetProperty

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptBinaryToStringW
CryptStringToBinaryW

rpcrt4

UuidToStringW
RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingVectorFree
RpcBindingSetAuthInfoExW
RpcEpRegisterW
RpcEpUnregister
RpcServerInqCallAttributesW
RpcStringFreeW
RpcStringBindingComposeW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
RpcExceptionFilter

secur32

GetUserNameExW

urlmon

URLOpenStreamW

wininet

InternetCheckConnectionW
InternetCrackUrlA
InternetOpenW
InternetConnectA
InternetReadFile
InternetQueryOptionW
InternetSetStatusCallbackW
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoA
HttpAddRequestHeadersA

ws2_32

bind
closesocket
htonl
accept
listen
send
setsockopt
socket
WSAStartup
WSAGetLastError
htons

iphlpapi

GetAdaptersInfo

Exports

Exports

?$TSS0@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4HA
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@E@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@NV?$allocator@N@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@_JV?$allocator@_J@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@CW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@EW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@FW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@GW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@HW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@IW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@NW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@_JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_KW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_NW4PiiKind@123@W4DataCategory@123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@PEBD@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@QEBE_N@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@XZ
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@std@@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??0ILogController@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogManager@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogManager@Events@Applications@Microsoft@@QEAA@XZ
??0ILogger@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogger@Events@Applications@Microsoft@@QEAA@XZ
??0IModule@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IModule@Events@Applications@Microsoft@@QEAA@XZ
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@XZ
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@PEB_J@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@_K@Z
??1DebugEventDispatcher@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventListener@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventSource@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ
??1IAuthTokensController@Events@Applications@Microsoft@@UEAA@XZ
??1ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??1ILogManager@Events@Applications@Microsoft@@UEAA@XZ
??1ILogger@Events@Applications@Microsoft@@UEAA@XZ
??1IModule@Events@Applications@Microsoft@@UEAA@XZ
??1ISemanticContext@Events@Applications@Microsoft@@UEAA@XZ
??1LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??4DebugEventDispatcher@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventListener@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@NV?$allocator@N@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@_JV?$allocator@_J@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@C@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@E@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@F@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@G@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_K@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z
??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4IAuthTokensController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogManager@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogger@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4IModule@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ISemanticContext@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??8EventProperty@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??8GUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z
??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ
??MGUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??YEventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??_7DebugEventDispatcher@Events@Applications@Microsoft@@6B@
??_7DebugEventListener@Events@Applications@Microsoft@@6B@
??_7DebugEventSource@Events@Applications@Microsoft@@6B@
??_7EventProperties@Events@Applications@Microsoft@@6B@
??_7EventProperty@Events@Applications@Microsoft@@6B@
??_7IAuthTokensController@Events@Applications@Microsoft@@6B@
??_7ILogController@Events@Applications@Microsoft@@6B@
??_7ILogManager@Events@Applications@Microsoft@@6BDebugEventDispatcher@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BIContextProvider@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BILogController@123@@
??_7ILogger@Events@Applications@Microsoft@@6B@
??_7IModule@Events@Applications@Microsoft@@6B@
??_7ISemanticContext@Events@Applications@Microsoft@@6B@
?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z
?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?ClearExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXXZ
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBDAEAW4status_t@234@_K@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBD_NAEAVILogConfiguration@234@AEAW4status_t@234@_K@Z
?DestroyLogManager@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z
?DispatchEventBroadcast@ILogManager@Events@Applications@Microsoft@@SA_NVDebugEvent@234@@Z
?FromJSON@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@PEBD@Z
?FromLogConfiguration@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@AEAULogConfiguration@Telemetry@23@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@PEBDAEAW4status_t@234@@Z
?GetDefaultConfiguration@Events@Applications@Microsoft@@YAAEBVILogConfiguration@123@XZ
?GetLatency@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventLatency@234@XZ
?GetLogObfuscationKeyManger@@YAJPEAPEAVILogObfuscationKeyManager@@@Z
?GetLogObfuscatorAes@@YAJPEAPEAVILogObfuscatorAes@@@Z
?GetModule@ILogConfiguration@Events@Applications@Microsoft@@QEAA?AV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@PEBD@Z
?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ
?GetName@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPersistence@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPersistence@234@XZ
?GetPiiProperties@EventProperties@Events@Applications@Microsoft@@QEBA?BV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@@std@@@2@@std@@W4DataCategory@234@@Z
?GetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEBA_KXZ
?GetPopSample@EventProperties@Events@Applications@Microsoft@@QEBANXZ
?GetPriority@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ
?GetProperties@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@W4DataCategory@234@@Z
?GetTimestamp@EventProperties@Events@Applications@Microsoft@@QEBA_JXZ
?GetType@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?HasConfig@ILogConfiguration@Events@Applications@Microsoft@@QEAA_NPEBD@Z
?Hash@GUID_t@Events@Applications@Microsoft@@QEBA_KXZ
?Initialize@IModule@Events@Applications@Microsoft@@UEAAXPEAVILogManager@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?SetAppEnv@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentETag@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentImpressionId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCommercialId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCommonField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetCustomField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetDeviceClass@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceMake@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceModel@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceOrgId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetEventExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetLatency@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventLatency@234@@Z
?SetLevel@EventProperties@Events@Applications@Microsoft@@QEAAXE@Z
?SetName@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkCost@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkCost@234@@Z
?SetNetworkProvider@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkType@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkType@234@@Z
?SetOsBuild@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetPersistence@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPersistence@234@@Z
?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z
?SetPopsample@EventProperties@Events@Applications@Microsoft@@QEAAXN@Z
?SetPriority@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@NV?$allocator@N@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@_JV?$allocator@_J@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@W4DataCategory@234@@Z
?SetTicket@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4TicketType@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetTimestamp@EventProperties@Events@Applications@Microsoft@@QEAAX_J@Z
?SetType@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserANID@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserAdvertisingId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@234@@Z
?SetUserLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserMsaId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserTimeZone@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Teardown@IModule@Events@Applications@Microsoft@@UEAAXXZ
?TryGetLevel@EventProperties@Events@Applications@Microsoft@@QEBA?AV?$tuple@_NE@std@@XZ
?clear@EventProperty@Events@Applications@Microsoft@@QEAAXXZ
?convertUintVectorToGUID@GUID_t@Events@Applications@Microsoft@@SA?AU_GUID@@AEBV?$vector@EV?$allocator@E@std@@@std@@@Z
?copydata@EventProperty@Events@Applications@Microsoft@@AEAAXPEBU1234@@Z
?empty@EventProperty@Events@Applications@Microsoft@@QEAA_NXZ
?erase@EventProperties@Events@Applications@Microsoft@@QEAA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4DataCategory@234@@Z
?lock@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4V67@A
?pack@EventProperties@Events@Applications@Microsoft@@QEAAPEAUevt_prop@@XZ
?stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ
?to_bytes@GUID_t@Events@Applications@Microsoft@@QEBAXAEAY0BA@E@Z
?to_string@EventProperty@Events@Applications@Microsoft@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?to_string@GUID_t@Events@Applications@Microsoft@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type_name@EventProperty@Events@Applications@Microsoft@@SAPEBDI@Z
?unpack@EventProperties@Events@Applications@Microsoft@@QEAA_NPEAUevt_prop@@_K@Z
evt_api_call_default

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.dll
.dll windows x86

a3ad7810fb7d7fca0a7ae181b95fafe2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname

kernel32

HeapFree
WriteConsoleW
CloseHandle
CreateThread
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
CreateFileW
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
DecodePointer
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

ntdll

RtlUnwind

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vеrsion.dll
.dll windows x64

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:23

Not After

11-08-2018 20:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:6c:06:24:2d:c4:50:08:02:a4:0d:9e:04:1c:23:58:73:d5:1f:37:06:76:87:1c:e2:62:07:8a:85:04:56:0d
Signer

Actual PE Digest

11:6c:06:24:2d:c4:50:08:02:a4:0d:9e:04:1c:23:58:73:d5:1f:37:06:76:87:1c:e2:62:07:8a:85:04:56:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-version-l1-1-0

VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-versionansi-l1-1-0

GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

kernelbase

lstrcmpiA
lstrcmpiW
lstrlenW

ntdll

RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag

kernel32

_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef83bf4832421eb886968d460c9cf644

Code Sign

33:00:00:04:25:35:21:6f:36:08:7c:eb:06:00:00:00:00:04:25Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

b0:db:3c:7d:81:32:73:b0:18:94:48:44:6f:80:ba:89:29:f8:4a:bf:89:08:7d:ba:22:81:21:ba:45:70:0e:5dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

ntdll

shlwapi

version

userenv

advapi32

shell32

ole32

winhttp

rstrtmgr

wintrust

wtsapi32

bcrypt

crypt32

rpcrt4

secur32

urlmon

wininet

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 855KB - Virtual size: 854KB

.data Size: 121KB - Virtual size: 140KB

.pdata Size: 116KB - Virtual size: 115KB

.didat Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 21KB - Virtual size: 20KB

a3ad7810fb7d7fca0a7ae181b95fafe2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

ntdll

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

11:6c:06:24:2d:c4:50:08:02:a4:0d:9e:04:1c:23:58:73:d5:1f:37:06:76:87:1c:e2:62:07:8a:85:04:56:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-version-l1-1-1

33:00:00:04:25:35:21:6f:36:08:7c:eb:06:00:00:00:00:04:25
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

b0:db:3c:7d:81:32:73:b0:18:94:48:44:6f:80:ba:89:29:f8:4a:bf:89:08:7d:ba:22:81:21:ba:45:70:0e:5d
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 855KB - Virtual size: 854KB

.data
Size: 121KB - Virtual size: 140KB

.pdata
Size: 116KB - Virtual size: 115KB

.didat
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 21KB - Virtual size: 20KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

11:6c:06:24:2d:c4:50:08:02:a4:0d:9e:04:1c:23:58:73:d5:1f:37:06:76:87:1c:e2:62:07:8a:85:04:56:0d
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 816B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B