FileTracker.dll

Description: FileTracker

Authors: © Microsoft Corporation. All rights reserved.

Version: 14.8.9037.0

Architecture: 64-bit

Operating System: Windows

SHA256: be0e40816a4a7af8ec06251f36f123a0

File Size: 276.9 KB

Uploaded At: Dec. 1, 2025, 7:19 a.m.

Views: 21

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, VirtualAllocEx

Exported Functions

  • TrackerExportOne (Ordinal: 1, Address: 0x8440)
  • StartTrackingContext (Ordinal: 2, Address: 0x8450)
  • StartTrackingContextWithRoot (Ordinal: 3, Address: 0x8570)
  • EndTrackingContext (Ordinal: 4, Address: 0x8690)
  • StopTrackingAndCleanup (Ordinal: 5, Address: 0x8720)
  • SuspendTracking (Ordinal: 6, Address: 0x8770)
  • ResumeTracking (Ordinal: 7, Address: 0x87b0)
  • WriteAllTLogs (Ordinal: 8, Address: 0x8800)
  • WriteContextTLogs (Ordinal: 9, Address: 0x8a50)
  • SetThreadCount (Ordinal: 10, Address: 0x8b90)

Imported DLLs & Functions

KERNEL32.dll
  • CloseHandle (Address: 0x18002e220)
  • CompareFileTime (Address: 0x18002e260)
  • CopyFileA (Address: 0x18002e058)
  • CopyFileExA (Address: 0x18002e068)
  • CopyFileExW (Address: 0x18002e070)
  • CopyFileW (Address: 0x18002e060)
  • CreateDirectoryA (Address: 0x18002e0d8)
  • CreateDirectoryW (Address: 0x18002e0d0)
  • CreateEventW (Address: 0x18002e218)
  • CreateFileA (Address: 0x18002e048)
  • CreateFileW (Address: 0x18002e050)
  • CreateHardLinkA (Address: 0x18002e078)
  • CreateHardLinkW (Address: 0x18002e080)
  • CreateProcessA (Address: 0x18002e088)
  • CreateProcessW (Address: 0x18002e090)
  • CreateThread (Address: 0x18002e098)
  • DeleteCriticalSection (Address: 0x18002e1f8)
  • DeleteFileA (Address: 0x18002e0e8)
  • DeleteFileW (Address: 0x18002e0e0)
  • DisableThreadLibraryCalls (Address: 0x18002e100)
  • EncodePointer (Address: 0x18002e300)
  • EnterCriticalSection (Address: 0x18002e038)
  • ExitProcess (Address: 0x18002e0f8)
  • FindClose (Address: 0x18002e360)
  • FindFirstFileExA (Address: 0x18002e368)
  • FindFirstFileW (Address: 0x18002e440)
  • FindNextFileA (Address: 0x18002e370)
  • FindNextFileW (Address: 0x18002e378)
  • FindResourceExW (Address: 0x18002e178)
  • FindResourceW (Address: 0x18002e170)
  • FlushFileBuffers (Address: 0x18002e330)
  • FlushInstructionCache (Address: 0x18002e410)
  • FormatMessageW (Address: 0x18002e458)
  • FreeEnvironmentStringsA (Address: 0x18002e1f0)
  • FreeEnvironmentStringsW (Address: 0x18002e1d8)
  • FreeLibrary (Address: 0x18002e310)
  • GetACP (Address: 0x18002e328)
  • GetCommandLineA (Address: 0x18002e398)
  • GetCommandLineW (Address: 0x18002e1b8)
  • GetConsoleCP (Address: 0x18002e338)
  • GetConsoleMode (Address: 0x18002e340)
  • GetConsoleOutputCP (Address: 0x18002e468)
  • GetCPInfo (Address: 0x18002e390)
  • GetCurrentProcess (Address: 0x18002e2b8)
  • GetCurrentProcessId (Address: 0x18002e110)
  • GetCurrentThread (Address: 0x18002e150)
  • GetCurrentThreadId (Address: 0x18002e190)
  • GetEnvironmentStrings (Address: 0x18002e1e8)
  • GetEnvironmentStringsW (Address: 0x18002e1d0)
  • GetEnvironmentVariableA (Address: 0x18002e1e0)
  • GetEnvironmentVariableW (Address: 0x18002e030)
  • GetFileAttributesA (Address: 0x18002e0a8)
  • GetFileAttributesExA (Address: 0x18002e0b8)
  • GetFileAttributesExW (Address: 0x18002e0b0)
  • GetFileAttributesW (Address: 0x18002e0a0)
  • GetFileType (Address: 0x18002e128)
  • GetFullPathNameW (Address: 0x18002e448)
  • GetLastError (Address: 0x18002e120)
  • GetLocaleInfoW (Address: 0x18002e350)
  • GetModuleFileNameA (Address: 0x18002e1c8)
  • GetModuleFileNameW (Address: 0x18002e148)
  • GetModuleHandleA (Address: 0x18002e438)
  • GetModuleHandleExW (Address: 0x18002e320)
  • GetModuleHandleW (Address: 0x18002e288)
  • GetOEMCP (Address: 0x18002e388)
  • GetProcAddress (Address: 0x18002e210)
  • GetProcessHeap (Address: 0x18002e028)
  • GetProcessId (Address: 0x18002e138)
  • GetStartupInfoW (Address: 0x18002e2d8)
  • GetStdHandle (Address: 0x18002e358)
  • GetStringTypeW (Address: 0x18002e3a0)
  • GetSystemTimeAsFileTime (Address: 0x18002e240)
  • GetThreadContext (Address: 0x18002e400)
  • GetTickCount (Address: 0x18002e418)
  • GetUserDefaultUILanguage (Address: 0x18002e460)
  • HeapAlloc (Address: 0x18002e020)
  • HeapDestroy (Address: 0x18002e000)
  • HeapFree (Address: 0x18002e018)
  • HeapReAlloc (Address: 0x18002e010)
  • HeapSize (Address: 0x18002e008)
  • InitializeCriticalSection (Address: 0x18002e1b0)
  • InitializeCriticalSectionAndSpinCount (Address: 0x18002e278)
  • InitializeCriticalSectionEx (Address: 0x18002e268)
  • InitializeSListHead (Address: 0x18002e2c8)
  • InterlockedFlushSList (Address: 0x18002e2e8)
  • IsDebuggerPresent (Address: 0x18002e2d0)
  • IsProcessorFeaturePresent (Address: 0x18002e2c0)
  • IsValidCodePage (Address: 0x18002e380)
  • IsWow64Process (Address: 0x18002e3f0)
  • LCMapStringW (Address: 0x18002e348)
  • LeaveCriticalSection (Address: 0x18002e040)
  • LoadLibraryExW (Address: 0x18002e318)
  • LoadLibraryW (Address: 0x18002e140)
  • LoadResource (Address: 0x18002e168)
  • LocalFree (Address: 0x18002e450)
  • LockResource (Address: 0x18002e160)
  • MultiByteToWideChar (Address: 0x18002e200)
  • OutputDebugStringW (Address: 0x18002e3c0)
  • QueryPerformanceCounter (Address: 0x18002e198)
  • QueryPerformanceFrequency (Address: 0x18002e1a0)
  • RaiseException (Address: 0x18002e2f8)
  • ReadConsoleW (Address: 0x18002e470)
  • ReadFile (Address: 0x18002e250)
  • ReadProcessMemory (Address: 0x18002e3e0)
  • RemoveDirectoryA (Address: 0x18002e0c8)
  • RemoveDirectoryW (Address: 0x18002e0c0)
  • ResetEvent (Address: 0x18002e230)
  • ResumeThread (Address: 0x18002e118)
  • RtlCaptureContext (Address: 0x18002e290)
  • RtlLookupFunctionEntry (Address: 0x18002e298)
  • RtlPcToFileHeader (Address: 0x18002e2f0)
  • RtlUnwindEx (Address: 0x18002e2e0)
  • RtlVirtualUnwind (Address: 0x18002e2a0)
  • SetDllDirectoryW (Address: 0x18002e1c0)
  • SetEndOfFile (Address: 0x18002e270)
  • SetEnvironmentVariableW (Address: 0x18002e108)
  • SetEvent (Address: 0x18002e238)
  • SetFilePointer (Address: 0x18002e258)
  • SetFilePointerEx (Address: 0x18002e3b0)
  • SetLastError (Address: 0x18002e130)
  • SetStdHandle (Address: 0x18002e3a8)
  • SetThreadContext (Address: 0x18002e408)
  • SetUnhandledExceptionFilter (Address: 0x18002e2b0)
  • SizeofResource (Address: 0x18002e158)
  • SuspendThread (Address: 0x18002e3f8)
  • TerminateProcess (Address: 0x18002e0f0)
  • TlsAlloc (Address: 0x18002e1a8)
  • TlsFree (Address: 0x18002e308)
  • TlsGetValue (Address: 0x18002e180)
  • TlsSetValue (Address: 0x18002e188)
  • UnhandledExceptionFilter (Address: 0x18002e2a8)
  • VirtualAlloc (Address: 0x18002e420)
  • VirtualAllocEx (Address: 0x18002e3c8)
  • VirtualProtect (Address: 0x18002e428)
  • VirtualProtectEx (Address: 0x18002e3d0)
  • VirtualQuery (Address: 0x18002e430)
  • VirtualQueryEx (Address: 0x18002e3d8)
  • WaitForSingleObject (Address: 0x18002e228)
  • WaitForSingleObjectEx (Address: 0x18002e280)
  • WideCharToMultiByte (Address: 0x18002e208)
  • WriteConsoleW (Address: 0x18002e3b8)
  • WriteFile (Address: 0x18002e248)
  • WriteProcessMemory (Address: 0x18002e3e8)