filetrace.dll

Description: File Tracing Automation Library

Version: 10.0.26100.4654

Architecture: 64-bit

Operating System: Windows NT

SHA256: 213612b3c2eaf4a3390367770c6eccce

File Size: 230.4 KB

Uploaded At: Dec. 3, 2025, 2:36 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

DllCanUnloadNow (Ordinal: 1, Address: 0xa160)
DllGetClassObject (Ordinal: 2, Address: 0xa190)
DllInstall (Ordinal: 3, Address: 0xa2e0)
DllRegisterServer (Ordinal: 4, Address: 0xa3e0)
DllUnregisterServer (Ordinal: 5, Address: 0xa510)

Imported DLLs & Functions

ADVAPI32.dll

CloseServiceHandle (Address: 0x180020138)
CloseTrace (Address: 0x180020168)
ControlTraceW (Address: 0x1800201f0)
EnableTraceEx (Address: 0x1800201d8)
EventRegister (Address: 0x1800201b8)
EventUnregister (Address: 0x1800201c0)
EventWrite (Address: 0x1800201c8)
FlushTraceW (Address: 0x1800201e8)
OpenSCManagerW (Address: 0x180020160)
OpenServiceW (Address: 0x180020158)
OpenTraceW (Address: 0x1800201a8)
ProcessTrace (Address: 0x180020130)
QueryAllTracesW (Address: 0x1800201b0)
QueryServiceStatusEx (Address: 0x180020150)
RegCloseKey (Address: 0x1800201a0)
RegCreateKeyExW (Address: 0x180020178)
RegDeleteValueW (Address: 0x180020170)
RegEnumKeyExW (Address: 0x180020190)
RegOpenKeyExW (Address: 0x180020188)
RegQueryInfoKeyW (Address: 0x180020198)
RegSetValueExW (Address: 0x180020180)
StartServiceW (Address: 0x180020140)
StartTraceW (Address: 0x1800201d0)
StopTraceW (Address: 0x1800201e0)
TraceEvent (Address: 0x180020148)

KERNEL32.dll

AcquireSRWLockExclusive (Address: 0x1800202c0)
AssignProcessToJobObject (Address: 0x180020330)
CloseHandle (Address: 0x1800203c8)
CompareFileTime (Address: 0x180020248)
CreateFileW (Address: 0x180020260)
CreateIoCompletionPort (Address: 0x180020210)
CreateJobObjectW (Address: 0x180020250)
CreateProcessW (Address: 0x180020218)
CreateThread (Address: 0x180020208)
CreateWaitableTimerW (Address: 0x180020320)
DeleteCriticalSection (Address: 0x1800203a0)
EnterCriticalSection (Address: 0x180020388)
ExpandEnvironmentStringsW (Address: 0x180020278)
FindClose (Address: 0x180020228)
FindFirstFileW (Address: 0x180020230)
FindNextFileW (Address: 0x180020220)
FindResourceExW (Address: 0x180020378)
FreeLibrary (Address: 0x1800202f8)
GetCurrentDirectoryW (Address: 0x180020240)
GetCurrentProcess (Address: 0x1800202d8)
GetCurrentProcessId (Address: 0x1800202a0)
GetCurrentThreadId (Address: 0x180020298)
GetFileAttributesW (Address: 0x1800203f0)
GetLastError (Address: 0x180020300)
GetLogicalDriveStringsW (Address: 0x180020418)
GetModuleFileNameW (Address: 0x180020380)
GetModuleHandleW (Address: 0x180020318)
GetPrivateProfileStringW (Address: 0x180020238)
GetProcAddress (Address: 0x180020308)
GetProcessHeap (Address: 0x1800203b0)
GetQueuedCompletionStatus (Address: 0x180020200)
GetSystemTime (Address: 0x180020270)
GetSystemTimeAsFileTime (Address: 0x180020290)
GetThreadLocale (Address: 0x180020400)
GetTickCount (Address: 0x180020288)
GetVersion (Address: 0x180020350)
HeapAlloc (Address: 0x1800203f8)
HeapFree (Address: 0x1800203a8)
InitializeCriticalSection (Address: 0x180020398)
LeaveCriticalSection (Address: 0x180020390)
LoadLibraryExW (Address: 0x180020310)
LoadLibraryW (Address: 0x1800203e8)
LoadResource (Address: 0x180020370)
LocalAlloc (Address: 0x1800203d8)
LocalFree (Address: 0x1800203e0)
lstrcmpiW (Address: 0x180020338)
MultiByteToWideChar (Address: 0x180020360)
OpenProcess (Address: 0x1800203b8)
OutputDebugStringA (Address: 0x180020280)
PostQueuedCompletionStatus (Address: 0x180020348)
QueryDosDeviceW (Address: 0x1800203d0)
QueryFullProcessImageNameW (Address: 0x1800203c0)
QueryPerformanceCounter (Address: 0x1800202a8)
RaiseException (Address: 0x180020358)
ReleaseSRWLockExclusive (Address: 0x1800202c8)
ResumeThread (Address: 0x180020340)
SetInformationJobObject (Address: 0x180020328)
SetThreadLocale (Address: 0x180020408)
SetUnhandledExceptionFilter (Address: 0x1800202e0)
SetWaitableTimer (Address: 0x1800202d0)
SizeofResource (Address: 0x180020368)
Sleep (Address: 0x1800202f0)
SleepConditionVariableSRW (Address: 0x1800202b0)
SystemTimeToTzSpecificLocalTime (Address: 0x180020268)
TerminateProcess (Address: 0x180020410)
UnhandledExceptionFilter (Address: 0x1800202e8)
WakeAllConditionVariable (Address: 0x1800202b8)
WriteFile (Address: 0x180020258)

msvcrt.dll

__C_specific_handler (Address: 0x1800206a0)
__CxxFrameHandler3 (Address: 0x1800206d0)
__dllonexit (Address: 0x1800205e0)
_amsg_exit (Address: 0x1800205a0)
_callnewh (Address: 0x1800205b8)
_CxxThrowException (Address: 0x1800205b0)
_errno (Address: 0x180020580)
_initterm (Address: 0x180020598)
_lock (Address: 0x180020640)
_onexit (Address: 0x180020650)
_purecall (Address: 0x180020608)
_resetstkoflw (Address: 0x1800205d0)
_unlock (Address: 0x1800205d8)
_vsnprintf (Address: 0x180020660)
_vsnwprintf (Address: 0x180020658)
_wcsdup (Address: 0x180020688)
_wcsicmp (Address: 0x180020610)
_wcsnicmp (Address: 0x180020698)
_XcptFilter (Address: 0x1800205a8)
??_V@YAXPEAX@Z (Address: 0x1800206c8)
??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800206b0)
??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800205c0)
??0exception@@QEAA@AEBV0@@Z (Address: 0x1800206a8)
??1exception@@UEAA@XZ (Address: 0x1800206b8)
??1type_info@@UEAA@XZ (Address: 0x180020588)
??3@YAXPEAX@Z (Address: 0x180020630)
?terminate@@YAXXZ (Address: 0x180020590)
?what@exception@@UEBAPEBDXZ (Address: 0x1800206c0)
calloc (Address: 0x1800205c8)
free (Address: 0x180020620)
malloc (Address: 0x180020628)
memcmp (Address: 0x180020638)
memcpy (Address: 0x1800205f0)
memcpy_s (Address: 0x180020618)
memmove (Address: 0x1800205e8)
memset (Address: 0x1800206e0)
realloc (Address: 0x1800206d8)
towlower (Address: 0x180020690)
wcscat_s (Address: 0x1800205f8)
wcscpy_s (Address: 0x180020600)
wcsncmp (Address: 0x180020668)
wcsncpy_s (Address: 0x180020648)
wcsrchr (Address: 0x180020678)
wcsstr (Address: 0x180020680)
wcstok_s (Address: 0x180020670)

ntdll.dll

RtlCaptureContext (Address: 0x180020700)
RtlCompareMemory (Address: 0x1800206f0)
RtlFreeHeap (Address: 0x1800206f8)
RtlLookupFunctionEntry (Address: 0x180020710)
RtlVirtualUnwind (Address: 0x180020708)

OLE32.dll

CoCreateGuid (Address: 0x180020440)
CoCreateInstance (Address: 0x180020428)
CoTaskMemAlloc (Address: 0x180020458)
CoTaskMemFree (Address: 0x180020448)
CoTaskMemRealloc (Address: 0x180020450)
IIDFromString (Address: 0x180020430)
StringFromGUID2 (Address: 0x180020438)

OLEAUT32.dll

LoadRegTypeLib (Address: 0x1800204c0)
LoadTypeLib (Address: 0x1800204b8)
RegisterTypeLib (Address: 0x180020480)
SafeArrayCopy (Address: 0x1800204b0)
SafeArrayCreate (Address: 0x1800204a8)
SafeArrayGetLBound (Address: 0x1800204c8)
SafeArrayGetUBound (Address: 0x1800204d0)
SafeArrayLock (Address: 0x1800204a0)
SysAllocString (Address: 0x180020478)
SysAllocStringByteLen (Address: 0x180020470)
SysAllocStringLen (Address: 0x1800204f0)
SysFreeString (Address: 0x180020488)
SysStringByteLen (Address: 0x180020500)
SysStringLen (Address: 0x1800204f8)
UnRegisterTypeLib (Address: 0x180020498)
VarBstrCat (Address: 0x180020468)
VariantClear (Address: 0x1800204e0)
VariantCopyInd (Address: 0x1800204d8)
VariantInit (Address: 0x1800204e8)
VarUI4FromStr (Address: 0x180020490)

SHELL32.dll

FindExecutableW (Address: 0x180020510)

SHLWAPI.dll

PathAppendW (Address: 0x180020528)
PathCombineW (Address: 0x180020538)
PathFindExtensionW (Address: 0x180020530)
PathFindFileNameW (Address: 0x180020520)

tdh.dll

TdhGetProperty (Address: 0x180020720)

USER32.dll

CharNextW (Address: 0x180020548)
DispatchMessageW (Address: 0x180020550)
MsgWaitForMultipleObjects (Address: 0x180020570)
PeekMessageW (Address: 0x180020568)
TranslateMessage (Address: 0x180020558)
UnregisterClassA (Address: 0x180020560)