FileTracker.dll

Description: FileTracker

Authors: © Microsoft Corporation. All rights reserved.

Version: 14.8.4084.0

Architecture: 32-bit

Operating System: Windows

SHA256: b33c25bfad7a75f50deca4d7e5e6530f

File Size: 233.8 KB

Uploaded At: Dec. 1, 2025, 8:48 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, VirtualAllocEx

Exported Functions

  • TrackerExportOne (Ordinal: 1, Address: 0xf050)
  • StartTrackingContext (Ordinal: 2, Address: 0xf060)
  • StartTrackingContextWithRoot (Ordinal: 3, Address: 0xf100)
  • EndTrackingContext (Ordinal: 4, Address: 0xf190)
  • StopTrackingAndCleanup (Ordinal: 5, Address: 0xf1d0)
  • SuspendTracking (Ordinal: 6, Address: 0xf210)
  • ResumeTracking (Ordinal: 7, Address: 0xf240)
  • WriteAllTLogs (Ordinal: 8, Address: 0xf280)
  • WriteContextTLogs (Ordinal: 9, Address: 0xf310)
  • SetThreadCount (Ordinal: 10, Address: 0xf3b0)

Imported DLLs & Functions

KERNEL32.dll
  • CloseHandle (Address: 0x10035114)
  • CompareFileTime (Address: 0x10035134)
  • CopyFileA (Address: 0x1003502c)
  • CopyFileExA (Address: 0x10035034)
  • CopyFileExW (Address: 0x10035038)
  • CopyFileW (Address: 0x10035030)
  • CreateDirectoryA (Address: 0x1003506c)
  • CreateDirectoryW (Address: 0x10035068)
  • CreateEventW (Address: 0x10035110)
  • CreateFileA (Address: 0x10035024)
  • CreateFileW (Address: 0x10035028)
  • CreateHardLinkA (Address: 0x1003503c)
  • CreateHardLinkW (Address: 0x10035040)
  • CreateProcessA (Address: 0x10035044)
  • CreateProcessW (Address: 0x10035048)
  • CreateThread (Address: 0x1003504c)
  • DecodePointer (Address: 0x1003513c)
  • DeleteCriticalSection (Address: 0x10035104)
  • DeleteFileA (Address: 0x10035074)
  • DeleteFileW (Address: 0x10035070)
  • DisableThreadLibraryCalls (Address: 0x10035080)
  • EncodePointer (Address: 0x10035168)
  • EnterCriticalSection (Address: 0x1003501c)
  • ExitProcess (Address: 0x1003507c)
  • FindClose (Address: 0x100351a8)
  • FindFirstFileExA (Address: 0x100351ac)
  • FindFirstFileW (Address: 0x10035214)
  • FindNextFileA (Address: 0x100351b0)
  • FindNextFileW (Address: 0x100351b4)
  • FindResourceExW (Address: 0x100350bc)
  • FindResourceW (Address: 0x100350b8)
  • FlushFileBuffers (Address: 0x10035190)
  • FlushInstructionCache (Address: 0x100351fc)
  • FormatMessageW (Address: 0x10035220)
  • FreeEnvironmentStringsA (Address: 0x10035100)
  • FreeEnvironmentStringsW (Address: 0x100350f4)
  • FreeLibrary (Address: 0x10035174)
  • GetACP (Address: 0x1003518c)
  • GetCommandLineA (Address: 0x100351c4)
  • GetCommandLineW (Address: 0x100350e0)
  • GetConsoleCP (Address: 0x10035194)
  • GetConsoleMode (Address: 0x10035198)
  • GetConsoleOutputCP (Address: 0x10035228)
  • GetCPInfo (Address: 0x100351c0)
  • GetCurrentProcess (Address: 0x10035150)
  • GetCurrentProcessId (Address: 0x10035088)
  • GetCurrentThread (Address: 0x100350a8)
  • GetCurrentThreadId (Address: 0x100350c8)
  • GetEnvironmentStrings (Address: 0x100350fc)
  • GetEnvironmentStringsW (Address: 0x100350f0)
  • GetEnvironmentVariableA (Address: 0x100350f8)
  • GetEnvironmentVariableW (Address: 0x10035018)
  • GetFileAttributesA (Address: 0x10035054)
  • GetFileAttributesExA (Address: 0x1003505c)
  • GetFileAttributesExW (Address: 0x10035058)
  • GetFileAttributesW (Address: 0x10035050)
  • GetFileType (Address: 0x10035094)
  • GetFullPathNameW (Address: 0x10035218)
  • GetLastError (Address: 0x10035090)
  • GetLocaleInfoW (Address: 0x100351a0)
  • GetModuleFileNameA (Address: 0x100350ec)
  • GetModuleFileNameW (Address: 0x100350a4)
  • GetModuleHandleA (Address: 0x10035210)
  • GetModuleHandleExW (Address: 0x10035184)
  • GetModuleHandleW (Address: 0x10035144)
  • GetOEMCP (Address: 0x100351bc)
  • GetProcAddress (Address: 0x1003510c)
  • GetProcessHeap (Address: 0x10035014)
  • GetProcessId (Address: 0x1003509c)
  • GetStartupInfoW (Address: 0x10035160)
  • GetStdHandle (Address: 0x100351a4)
  • GetStringTypeW (Address: 0x100351c8)
  • GetSystemTimeAsFileTime (Address: 0x10035124)
  • GetThreadContext (Address: 0x100351f4)
  • GetTickCount (Address: 0x10035200)
  • GetUserDefaultUILanguage (Address: 0x10035224)
  • HeapAlloc (Address: 0x10035010)
  • HeapDestroy (Address: 0x10035000)
  • HeapFree (Address: 0x1003500c)
  • HeapReAlloc (Address: 0x10035008)
  • HeapSize (Address: 0x10035004)
  • InitializeCriticalSection (Address: 0x100350dc)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1003516c)
  • InitializeCriticalSectionEx (Address: 0x10035138)
  • InitializeSListHead (Address: 0x10035158)
  • InterlockedCompareExchange (Address: 0x100350e4)
  • InterlockedFlushSList (Address: 0x1003517c)
  • InterlockedIncrement (Address: 0x100350cc)
  • IsDebuggerPresent (Address: 0x1003515c)
  • IsProcessorFeaturePresent (Address: 0x10035154)
  • IsValidCodePage (Address: 0x100351b8)
  • LCMapStringW (Address: 0x1003519c)
  • LeaveCriticalSection (Address: 0x10035020)
  • LoadLibraryExW (Address: 0x10035178)
  • LoadLibraryW (Address: 0x100350a0)
  • LoadResource (Address: 0x100350b4)
  • LocalFree (Address: 0x1003521c)
  • LockResource (Address: 0x100350b0)
  • MultiByteToWideChar (Address: 0x10035108)
  • OutputDebugStringW (Address: 0x100351d8)
  • QueryPerformanceCounter (Address: 0x100350d0)
  • QueryPerformanceFrequency (Address: 0x100350d4)
  • RaiseException (Address: 0x10035180)
  • ReadConsoleW (Address: 0x1003522c)
  • ReadFile (Address: 0x1003512c)
  • ReadProcessMemory (Address: 0x100351e8)
  • RemoveDirectoryA (Address: 0x10035064)
  • RemoveDirectoryW (Address: 0x10035060)
  • ResetEvent (Address: 0x1003511c)
  • ResumeThread (Address: 0x1003508c)
  • RtlUnwind (Address: 0x10035164)
  • SetDllDirectoryW (Address: 0x100350e8)
  • SetEndOfFile (Address: 0x10035230)
  • SetEnvironmentVariableW (Address: 0x10035084)
  • SetEvent (Address: 0x10035120)
  • SetFilePointer (Address: 0x10035130)
  • SetFilePointerEx (Address: 0x100351d0)
  • SetLastError (Address: 0x10035098)
  • SetStdHandle (Address: 0x100351cc)
  • SetThreadContext (Address: 0x100351f8)
  • SetUnhandledExceptionFilter (Address: 0x1003514c)
  • SizeofResource (Address: 0x100350ac)
  • SuspendThread (Address: 0x100351f0)
  • TerminateProcess (Address: 0x10035078)
  • TlsAlloc (Address: 0x100350d8)
  • TlsFree (Address: 0x10035170)
  • TlsGetValue (Address: 0x100350c0)
  • TlsSetValue (Address: 0x100350c4)
  • UnhandledExceptionFilter (Address: 0x10035148)
  • VirtualAlloc (Address: 0x10035204)
  • VirtualAllocEx (Address: 0x100351dc)
  • VirtualProtect (Address: 0x10035208)
  • VirtualProtectEx (Address: 0x100351e0)
  • VirtualQuery (Address: 0x1003520c)
  • VirtualQueryEx (Address: 0x100351e4)
  • WaitForSingleObject (Address: 0x10035118)
  • WaitForSingleObjectEx (Address: 0x10035140)
  • WideCharToMultiByte (Address: 0x10035188)
  • WriteConsoleW (Address: 0x100351d4)
  • WriteFile (Address: 0x10035128)
  • WriteProcessMemory (Address: 0x100351ec)