perfts.dll

Description: Windows Remote Desktop Services Performance Objects

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: 831e56bc34498fb8a35316ba398df22e

File Size: 81.5 KB

Uploaded At: Dec. 1, 2025, 7:36 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

OpenTSObject (Ordinal: 1, Address: 0x1990)
CollectTSObjectData (Ordinal: 2, Address: 0x1da0)
CloseTSObject (Ordinal: 3, Address: 0x19f0)
OpenLagPerfData (Ordinal: 4, Address: 0x28a0)
CollectLagPerfData (Ordinal: 5, Address: 0x28b0)
CloseLagPerfData (Ordinal: 6, Address: 0x28c0)

Imported DLLs & Functions

ADVAPI32.dll

CloseTrace (Address: 0x16200ec68)
ControlTraceW (Address: 0x16200ec58)
DeregisterEventSource (Address: 0x16200ec18)
EnableTraceEx2 (Address: 0x16200ec48)
EventWriteTransfer (Address: 0x16200ec78)
FlushTraceW (Address: 0x16200ec60)
OpenTraceW (Address: 0x16200ec50)
ProcessTrace (Address: 0x16200ec70)
QueryAllTracesW (Address: 0x16200ec80)
RegCloseKey (Address: 0x16200ec20)
RegisterEventSourceW (Address: 0x16200ec30)
RegOpenKeyExW (Address: 0x16200ec28)
RegQueryValueExW (Address: 0x16200ec38)
StartTraceW (Address: 0x16200ec40)

KERNEL32.dll

AcquireSRWLockExclusive (Address: 0x16200eca8)
AcquireSRWLockShared (Address: 0x16200ee08)
CloseHandle (Address: 0x16200ecc8)
CloseThreadpoolTimer (Address: 0x16200eca0)
CreateEventExW (Address: 0x16200ee48)
CreateMutexExW (Address: 0x16200edb8)
CreateMutexW (Address: 0x16200ee18)
CreateSemaphoreExW (Address: 0x16200ee58)
CreateThread (Address: 0x16200eda8)
CreateThreadpoolTimer (Address: 0x16200ecf0)
CreateToolhelp32Snapshot (Address: 0x16200ed08)
DebugBreak (Address: 0x16200ede8)
DeleteCriticalSection (Address: 0x16200edc8)
DisableThreadLibraryCalls (Address: 0x16200ed28)
EnterCriticalSection (Address: 0x16200ee40)
FormatMessageW (Address: 0x16200ecf8)
FreeLibrary (Address: 0x16200edf8)
GetCurrentProcess (Address: 0x16200ed60)
GetCurrentProcessId (Address: 0x16200ed78)
GetCurrentThreadId (Address: 0x16200ed80)
GetLastError (Address: 0x16200ed20)
GetModuleFileNameA (Address: 0x16200ee60)
GetModuleHandleExW (Address: 0x16200ee30)
GetModuleHandleW (Address: 0x16200ee00)
GetProcAddress (Address: 0x16200edb0)
GetProcessHeap (Address: 0x16200ed40)
GetSystemTimeAsFileTime (Address: 0x16200ed88)
GetTickCount (Address: 0x16200ed90)
HeapAlloc (Address: 0x16200ed38)
HeapFree (Address: 0x16200ed10)
HeapReAlloc (Address: 0x16200ed30)
InitializeCriticalSectionEx (Address: 0x16200ee10)
IsDebuggerPresent (Address: 0x16200ece0)
LeaveCriticalSection (Address: 0x16200ee20)
LoadLibraryW (Address: 0x16200eda0)
OpenProcess (Address: 0x16200ed98)
OpenSemaphoreW (Address: 0x16200ecb8)
OutputDebugStringA (Address: 0x16200ed18)
OutputDebugStringW (Address: 0x16200ec90)
Process32FirstW (Address: 0x16200ecc0)
Process32NextW (Address: 0x16200ece8)
ProcessIdToSessionId (Address: 0x16200ed00)
QueryFullProcessImageNameW (Address: 0x16200edf0)
QueryPerformanceCounter (Address: 0x16200ed70)
ReleaseMutex (Address: 0x16200edd0)
ReleaseSemaphore (Address: 0x16200ee38)
ReleaseSRWLockExclusive (Address: 0x16200edc0)
ReleaseSRWLockShared (Address: 0x16200ecd8)
SetEvent (Address: 0x16200ec98)
SetLastError (Address: 0x16200ee50)
SetThreadpoolTimer (Address: 0x16200ecd0)
SetUnhandledExceptionFilter (Address: 0x16200ed58)
Sleep (Address: 0x16200ed48)
TerminateProcess (Address: 0x16200ed68)
UnhandledExceptionFilter (Address: 0x16200ed50)
WaitForMultipleObjects (Address: 0x16200ee28)
WaitForSingleObject (Address: 0x16200edd8)
WaitForSingleObjectEx (Address: 0x16200ecb0)
WaitForThreadpoolTimerCallbacks (Address: 0x16200ede0)

msvcrt.dll

__C_specific_handler (Address: 0x16200efa0)
__CxxFrameHandler3 (Address: 0x16200eff0)
__dllonexit (Address: 0x16200ef88)
_amsg_exit (Address: 0x16200efc0)
_callnewh (Address: 0x16200ef48)
_CxxThrowException (Address: 0x16200eeb0)
_initterm (Address: 0x16200efa8)
_lock (Address: 0x16200ef98)
_ltow (Address: 0x16200efe0)
_onexit (Address: 0x16200ef80)
_purecall (Address: 0x16200ef70)
_ultow_s (Address: 0x16200ef18)
_unlock (Address: 0x16200ef90)
_vsnprintf (Address: 0x16200efe8)
_vsnprintf_s (Address: 0x16200ef30)
_vsnwprintf (Address: 0x16200ef20)
_wcslwr_s (Address: 0x16200ef60)
_XcptFilter (Address: 0x16200efc8)
??_V@YAXPEAX@Z (Address: 0x16200ef28)
??0exception@@QEAA@AEBQEBD@Z (Address: 0x16200ef40)
??0exception@@QEAA@AEBQEBDH@Z (Address: 0x16200ef38)
??0exception@@QEAA@AEBV0@@Z (Address: 0x16200eed8)
??0exception@@QEAA@XZ (Address: 0x16200eee0)
??1exception@@UEAA@XZ (Address: 0x16200eee8)
??1type_info@@UEAA@XZ (Address: 0x16200eed0)
??3@YAXPEAX@Z (Address: 0x16200eef8)
?terminate@@YAXXZ (Address: 0x16200eec8)
?what@exception@@UEBAPEBDXZ (Address: 0x16200eef0)
free (Address: 0x16200efb8)
malloc (Address: 0x16200efb0)
memcmp (Address: 0x16200ef78)
memcpy (Address: 0x16200eeb8)
memcpy_s (Address: 0x16200efd0)
memmove (Address: 0x16200eec0)
memmove_s (Address: 0x16200ef50)
memset (Address: 0x16200f000)
vswprintf_s (Address: 0x16200ef08)
wcscpy_s (Address: 0x16200ef10)
wcsncat_s (Address: 0x16200eff8)
wcsncpy_s (Address: 0x16200efd8)
wcsrchr (Address: 0x16200ef58)
wcsstr (Address: 0x16200ef68)
wcstoul (Address: 0x16200ef00)

ntdll.dll

NtClose (Address: 0x16200f050)
NtOpenKey (Address: 0x16200f018)
NtQuerySystemInformation (Address: 0x16200f010)
NtQueryValueKey (Address: 0x16200f040)
RtlCaptureContext (Address: 0x16200f038)
RtlInitUnicodeString (Address: 0x16200f020)
RtlLookupFunctionEntry (Address: 0x16200f030)
RtlNtStatusToDosError (Address: 0x16200f048)
RtlVirtualUnwind (Address: 0x16200f028)

tdh.dll

TdhGetEventInformation (Address: 0x16200f060)
TdhGetProperty (Address: 0x16200f068)
TdhGetPropertySize (Address: 0x16200f070)

UTILDLL.dll

StrConnectState (Address: 0x16200ee70)

WINSTA.dll

WinStationEnumerateExW (Address: 0x16200ee80)
WinStationFreeMemory (Address: 0x16200ee88)

WTSAPI32.dll

WTSEnumerateProcessesW (Address: 0x16200ee98)
WTSFreeMemory (Address: 0x16200eea0)