FileTrackerA4.dll

Description: FileTracker

Authors: © Microsoft Corporation. All rights reserved.

Version: 17.0.36015.10

Architecture: Unknown (0xaa64)

Operating System: Windows

SHA256: 77ba8279feeaca3c2c10f1f5514ec9f1

File Size: 314.1 KB

Uploaded At: Dec. 2, 2025, 2:44 p.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess, VirtualAllocEx

Exported Functions

  • (Ordinal: 1, Address: 0x11b10)
  • StartTrackingContext (Ordinal: 2, Address: 0xa8c0)
  • StartTrackingContextWithRoot (Ordinal: 3, Address: 0xa9e0)
  • EndTrackingContext (Ordinal: 4, Address: 0xab00)
  • StopTrackingAndCleanup (Ordinal: 5, Address: 0xabb0)
  • SuspendTracking (Ordinal: 6, Address: 0xac10)
  • ResumeTracking (Ordinal: 7, Address: 0xac50)
  • WriteAllTLogs (Ordinal: 8, Address: 0xacb0)
  • WriteContextTLogs (Ordinal: 9, Address: 0xaf70)
  • SetThreadCount (Ordinal: 10, Address: 0xb0f0)

Imported DLLs & Functions

KERNEL32.dll
  • CloseHandle (Address: 0x180037260)
  • CompareFileTime (Address: 0x1800372a0)
  • CopyFileA (Address: 0x180037060)
  • CopyFileExA (Address: 0x180037070)
  • CopyFileExW (Address: 0x180037078)
  • CopyFileW (Address: 0x180037068)
  • CreateDirectoryA (Address: 0x180037110)
  • CreateDirectoryW (Address: 0x180037108)
  • CreateEventW (Address: 0x180037258)
  • CreateFile2 (Address: 0x180037058)
  • CreateFileA (Address: 0x180037048)
  • CreateFileW (Address: 0x180037050)
  • CreateHardLinkA (Address: 0x1800370b0)
  • CreateHardLinkW (Address: 0x1800370b8)
  • CreateProcessA (Address: 0x1800370c0)
  • CreateProcessW (Address: 0x1800370c8)
  • CreateThread (Address: 0x1800370d0)
  • DeleteCriticalSection (Address: 0x180037238)
  • DeleteFileA (Address: 0x180037120)
  • DeleteFileW (Address: 0x180037118)
  • DeleteProcThreadAttributeList (Address: 0x180037430)
  • DisableThreadLibraryCalls (Address: 0x180037138)
  • EncodePointer (Address: 0x180037320)
  • EnterCriticalSection (Address: 0x180037038)
  • ExitProcess (Address: 0x180037130)
  • FindClose (Address: 0x180037388)
  • FindFirstFileExW (Address: 0x180037390)
  • FindFirstFileW (Address: 0x1800374a8)
  • FindNextFileW (Address: 0x180037398)
  • FindResourceExW (Address: 0x1800371b8)
  • FindResourceW (Address: 0x1800371b0)
  • FlsAlloc (Address: 0x180037300)
  • FlsFree (Address: 0x180037318)
  • FlsGetValue (Address: 0x180037308)
  • FlsSetValue (Address: 0x180037310)
  • FlushFileBuffers (Address: 0x180037340)
  • FlushInstructionCache (Address: 0x180037490)
  • FormatMessageW (Address: 0x1800374c0)
  • FreeEnvironmentStringsA (Address: 0x180037230)
  • FreeEnvironmentStringsW (Address: 0x180037218)
  • FreeLibrary (Address: 0x180037330)
  • GetACP (Address: 0x1800373a8)
  • GetCommandLineA (Address: 0x1800373c0)
  • GetCommandLineW (Address: 0x1800371f8)
  • GetConsoleMode (Address: 0x180037350)
  • GetConsoleOutputCP (Address: 0x180037348)
  • GetCPInfo (Address: 0x1800373b8)
  • GetCurrentProcess (Address: 0x180037328)
  • GetCurrentProcessId (Address: 0x180037148)
  • GetCurrentThread (Address: 0x180037190)
  • GetCurrentThreadId (Address: 0x1800371d0)
  • GetEnvironmentStrings (Address: 0x180037228)
  • GetEnvironmentStringsW (Address: 0x180037210)
  • GetEnvironmentVariableA (Address: 0x180037220)
  • GetEnvironmentVariableW (Address: 0x180037030)
  • GetExitCodeProcess (Address: 0x180037460)
  • GetFileAttributesA (Address: 0x1800370e0)
  • GetFileAttributesExA (Address: 0x1800370f0)
  • GetFileAttributesExW (Address: 0x1800370e8)
  • GetFileAttributesW (Address: 0x1800370d8)
  • GetFileSizeEx (Address: 0x1800373e8)
  • GetFileType (Address: 0x180037160)
  • GetFinalPathNameByHandleW (Address: 0x180037170)
  • GetFullPathNameW (Address: 0x1800374b0)
  • GetLastError (Address: 0x180037158)
  • GetLocaleInfoW (Address: 0x180037378)
  • GetModuleFileNameA (Address: 0x180037208)
  • GetModuleFileNameW (Address: 0x180037188)
  • GetModuleHandleExW (Address: 0x180037338)
  • GetModuleHandleW (Address: 0x1800372c0)
  • GetOEMCP (Address: 0x1800373b0)
  • GetProcAddress (Address: 0x180037250)
  • GetProcessHeap (Address: 0x180037028)
  • GetProcessId (Address: 0x180037178)
  • GetStartupInfoW (Address: 0x1800372b8)
  • GetStdHandle (Address: 0x180037380)
  • GetStringTypeW (Address: 0x1800373c8)
  • GetSystemTimeAsFileTime (Address: 0x180037280)
  • GetThreadContext (Address: 0x180037488)
  • GetUserDefaultUILanguage (Address: 0x1800374c8)
  • HeapAlloc (Address: 0x180037020)
  • HeapDestroy (Address: 0x180037000)
  • HeapFree (Address: 0x180037018)
  • HeapReAlloc (Address: 0x180037010)
  • HeapSize (Address: 0x180037008)
  • InitializeCriticalSection (Address: 0x1800371f0)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180037358)
  • InitializeCriticalSectionEx (Address: 0x1800372a8)
  • InitializeProcThreadAttributeList (Address: 0x180037418)
  • InitializeSListHead (Address: 0x1800372b0)
  • InterlockedFlushSList (Address: 0x1800372e8)
  • IsDebuggerPresent (Address: 0x1800373f8)
  • IsValidCodePage (Address: 0x1800373a0)
  • IsWow64Process (Address: 0x180037450)
  • LCMapStringW (Address: 0x180037370)
  • LeaveCriticalSection (Address: 0x180037040)
  • LoadLibraryExW (Address: 0x180037368)
  • LoadLibraryW (Address: 0x180037180)
  • LoadResource (Address: 0x1800371a8)
  • LocalFree (Address: 0x1800374b8)
  • LockResource (Address: 0x1800371a0)
  • MoveFileA (Address: 0x180037090)
  • MoveFileExA (Address: 0x180037080)
  • MoveFileExW (Address: 0x180037088)
  • MoveFileW (Address: 0x180037098)
  • MultiByteToWideChar (Address: 0x180037240)
  • OpenProcess (Address: 0x180037420)
  • OutputDebugStringA (Address: 0x180037410)
  • OutputDebugStringW (Address: 0x180037400)
  • QueryPerformanceCounter (Address: 0x1800371d8)
  • QueryPerformanceFrequency (Address: 0x1800371e0)
  • RaiseException (Address: 0x1800372f8)
  • ReadConsoleW (Address: 0x1800373e0)
  • ReadFile (Address: 0x180037290)
  • ReadProcessMemory (Address: 0x180037448)
  • RemoveDirectoryA (Address: 0x180037100)
  • RemoveDirectoryW (Address: 0x1800370f8)
  • ReplaceFileW (Address: 0x1800370a8)
  • ResetEvent (Address: 0x180037270)
  • ResumeThread (Address: 0x180037150)
  • RtlLookupFunctionEntry (Address: 0x1800372c8)
  • RtlPcToFileHeader (Address: 0x1800372f0)
  • RtlUnwindEx (Address: 0x1800372d0)
  • SetDllDirectoryW (Address: 0x180037200)
  • SetEndOfFile (Address: 0x1800374d0)
  • SetEnvironmentVariableW (Address: 0x180037140)
  • SetEvent (Address: 0x180037278)
  • SetFileInformationByHandle (Address: 0x1800370a0)
  • SetFilePointer (Address: 0x180037298)
  • SetFilePointerEx (Address: 0x1800373d8)
  • SetLastError (Address: 0x180037168)
  • SetStdHandle (Address: 0x1800373d0)
  • SetThreadContext (Address: 0x180037498)
  • SizeofResource (Address: 0x180037198)
  • SuspendThread (Address: 0x180037480)
  • TerminateProcess (Address: 0x180037128)
  • TlsAlloc (Address: 0x1800371e8)
  • TlsFree (Address: 0x180037360)
  • TlsGetValue (Address: 0x1800371c0)
  • TlsSetValue (Address: 0x1800371c8)
  • UpdateProcThreadAttribute (Address: 0x180037428)
  • VerifyVersionInfoW (Address: 0x1800372e0)
  • VerSetConditionMask (Address: 0x1800372d8)
  • VirtualAlloc (Address: 0x180037478)
  • VirtualAllocEx (Address: 0x180037440)
  • VirtualFree (Address: 0x180037470)
  • VirtualProtect (Address: 0x180037468)
  • VirtualProtectEx (Address: 0x180037438)
  • VirtualQuery (Address: 0x1800374a0)
  • VirtualQueryEx (Address: 0x180037458)
  • WaitForSingleObject (Address: 0x180037268)
  • WideCharToMultiByte (Address: 0x180037248)
  • WriteConsoleW (Address: 0x1800373f0)
  • WriteFile (Address: 0x180037288)
  • WriteProcessMemory (Address: 0x180037408)