perfts.dll
Description: Windows Remote Desktop Services Performance Objects
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 32-bit
Operating System: Windows NT
SHA256: 7ebfbd85f44df22872202e34873b1b9c
File Size: 60.5 KB
Uploaded At: Dec. 1, 2025, 8:02 a.m.
Views: 15
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- OpenTSObject (Ordinal: 1, Address: 0x3d60)
- CollectTSObjectData (Ordinal: 2, Address: 0x4190)
- CloseTSObject (Ordinal: 3, Address: 0x3da0)
- OpenLagPerfData (Ordinal: 4, Address: 0x4930)
- CollectLagPerfData (Ordinal: 5, Address: 0x4940)
- CloseLagPerfData (Ordinal: 6, Address: 0x4960)
Imported DLLs & Functions
ADVAPI32.dll
- CloseTrace (Address: 0x6200f024)
- ControlTraceW (Address: 0x6200f01c)
- DeregisterEventSource (Address: 0x6200f004)
- EnableTraceEx2 (Address: 0x6200f000)
- EventWriteTransfer (Address: 0x6200f02c)
- FlushTraceW (Address: 0x6200f020)
- OpenTraceW (Address: 0x6200f018)
- ProcessTrace (Address: 0x6200f028)
- QueryAllTracesW (Address: 0x6200f034)
- RegCloseKey (Address: 0x6200f008)
- RegisterEventSourceW (Address: 0x6200f010)
- RegOpenKeyExW (Address: 0x6200f00c)
- RegQueryValueExW (Address: 0x6200f014)
- StartTraceW (Address: 0x6200f030)
KERNEL32.dll
- AcquireSRWLockExclusive (Address: 0x6200f03c)
- AcquireSRWLockShared (Address: 0x6200f0c0)
- CloseHandle (Address: 0x6200f048)
- CloseThreadpoolTimer (Address: 0x6200f05c)
- CreateEventExW (Address: 0x6200f118)
- CreateMutexExW (Address: 0x6200f0bc)
- CreateMutexW (Address: 0x6200f100)
- CreateSemaphoreExW (Address: 0x6200f120)
- CreateThread (Address: 0x6200f070)
- CreateThreadpoolTimer (Address: 0x6200f054)
- CreateToolhelp32Snapshot (Address: 0x6200f0d4)
- DebugBreak (Address: 0x6200f0e8)
- DeleteCriticalSection (Address: 0x6200f0c4)
- DisableThreadLibraryCalls (Address: 0x6200f07c)
- EnterCriticalSection (Address: 0x6200f114)
- FormatMessageW (Address: 0x6200f0b4)
- FreeLibrary (Address: 0x6200f0f8)
- GetCurrentProcess (Address: 0x6200f098)
- GetCurrentProcessId (Address: 0x6200f0a4)
- GetCurrentThreadId (Address: 0x6200f0a8)
- GetLastError (Address: 0x6200f078)
- GetModuleFileNameA (Address: 0x6200f124)
- GetModuleHandleExW (Address: 0x6200f10c)
- GetModuleHandleW (Address: 0x6200f0c8)
- GetProcAddress (Address: 0x6200f0b8)
- GetProcessHeap (Address: 0x6200f088)
- GetSystemTimeAsFileTime (Address: 0x6200f0ac)
- GetTickCount (Address: 0x6200f0b0)
- HeapAlloc (Address: 0x6200f084)
- HeapFree (Address: 0x6200f0dc)
- HeapReAlloc (Address: 0x6200f080)
- InitializeCriticalSectionEx (Address: 0x6200f0fc)
- IsDebuggerPresent (Address: 0x6200f0e4)
- LeaveCriticalSection (Address: 0x6200f104)
- LoadLibraryW (Address: 0x6200f058)
- OpenProcess (Address: 0x6200f0d8)
- OpenSemaphoreW (Address: 0x6200f040)
- OutputDebugStringA (Address: 0x6200f074)
- OutputDebugStringW (Address: 0x6200f064)
- Process32FirstW (Address: 0x6200f044)
- Process32NextW (Address: 0x6200f068)
- ProcessIdToSessionId (Address: 0x6200f0d0)
- QueryFullProcessImageNameW (Address: 0x6200f0e0)
- QueryPerformanceCounter (Address: 0x6200f0a0)
- ReleaseMutex (Address: 0x6200f0ec)
- ReleaseSemaphore (Address: 0x6200f110)
- ReleaseSRWLockExclusive (Address: 0x6200f06c)
- ReleaseSRWLockShared (Address: 0x6200f050)
- SetEvent (Address: 0x6200f060)
- SetLastError (Address: 0x6200f11c)
- SetThreadpoolTimer (Address: 0x6200f04c)
- SetUnhandledExceptionFilter (Address: 0x6200f094)
- Sleep (Address: 0x6200f08c)
- TerminateProcess (Address: 0x6200f09c)
- UnhandledExceptionFilter (Address: 0x6200f090)
- WaitForMultipleObjects (Address: 0x6200f108)
- WaitForSingleObject (Address: 0x6200f0f0)
- WaitForSingleObjectEx (Address: 0x6200f0cc)
- WaitForThreadpoolTimerCallbacks (Address: 0x6200f0f4)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x6200f188)
- __dllonexit (Address: 0x6200f1b8)
- _amsg_exit (Address: 0x6200f1d4)
- _callnewh (Address: 0x6200f1a4)
- _CxxThrowException (Address: 0x6200f194)
- _except_handler4_common (Address: 0x6200f1c4)
- _initterm (Address: 0x6200f1c8)
- _lock (Address: 0x6200f1c0)
- _ltow (Address: 0x6200f1e4)
- _onexit (Address: 0x6200f1b4)
- _purecall (Address: 0x6200f1ac)
- _ultow_s (Address: 0x6200f1ec)
- _unlock (Address: 0x6200f1bc)
- _vsnprintf (Address: 0x6200f1e8)
- _vsnprintf_s (Address: 0x6200f15c)
- _vsnwprintf (Address: 0x6200f180)
- _wcslwr_s (Address: 0x6200f154)
- _XcptFilter (Address: 0x6200f1d8)
- ??_V@YAXPAX@Z (Address: 0x6200f184)
- ??0exception@@QAE@ABQBD@Z (Address: 0x6200f1a0)
- ??0exception@@QAE@ABQBDH@Z (Address: 0x6200f19c)
- ??0exception@@QAE@ABV0@@Z (Address: 0x6200f160)
- ??0exception@@QAE@XZ (Address: 0x6200f164)
- ??1exception@@UAE@XZ (Address: 0x6200f168)
- ??1type_info@@UAE@XZ (Address: 0x6200f150)
- ??3@YAXPAX@Z (Address: 0x6200f170)
- ?terminate@@YAXXZ (Address: 0x6200f14c)
- ?what@exception@@UBEPBDXZ (Address: 0x6200f198)
- free (Address: 0x6200f1d0)
- malloc (Address: 0x6200f1cc)
- memcmp (Address: 0x6200f1b0)
- memcpy (Address: 0x6200f190)
- memcpy_s (Address: 0x6200f1dc)
- memmove (Address: 0x6200f16c)
- memmove_s (Address: 0x6200f1a8)
- memset (Address: 0x6200f1f4)
- vswprintf_s (Address: 0x6200f178)
- wcscpy_s (Address: 0x6200f17c)
- wcsncat_s (Address: 0x6200f1f0)
- wcsncpy_s (Address: 0x6200f1e0)
- wcsrchr (Address: 0x6200f18c)
- wcsstr (Address: 0x6200f158)
- wcstoul (Address: 0x6200f174)
ntdll.dll
- NtClose (Address: 0x6200f210)
- NtOpenKey (Address: 0x6200f200)
- NtQuerySystemInformation (Address: 0x6200f1fc)
- NtQueryValueKey (Address: 0x6200f208)
- RtlInitUnicodeString (Address: 0x6200f204)
- RtlNtStatusToDosError (Address: 0x6200f20c)
tdh.dll
- TdhGetEventInformation (Address: 0x6200f218)
- TdhGetProperty (Address: 0x6200f21c)
- TdhGetPropertySize (Address: 0x6200f220)
UTILDLL.dll
- StrConnectState (Address: 0x6200f12c)
WINSTA.dll
- WinStationEnumerateExW (Address: 0x6200f134)
- WinStationFreeMemory (Address: 0x6200f138)
WTSAPI32.dll
- WTSEnumerateProcessesW (Address: 0x6200f140)
- WTSFreeMemory (Address: 0x6200f144)