pla.dll

Description: Performance Logs & Alerts

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 64-bit

Operating System: Windows NT

SHA256: 44c16e194258c9143a45f4022f9c5de2

File Size: 1.4 MB

Uploaded At: Dec. 1, 2025, 7:36 a.m.

Views: 7

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0x7af0)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0x7f70)
  • DllCanUnloadNow (Ordinal: 3, Address: 0x6e50)
  • DllGetClassObject (Ordinal: 4, Address: 0x6e70)
  • DllRegisterServer (Ordinal: 5, Address: 0x1240)
  • DllUnregisterServer (Ordinal: 6, Address: 0x1240)
  • PlaDeleteReport (Ordinal: 7, Address: 0x120970)
  • PlaExpandTaskArguments (Ordinal: 8, Address: 0xfdd50)
  • PlaExtractCabinet (Ordinal: 9, Address: 0x120ac0)
  • PlaGetLegacyAlertActionsFlagsFromString (Ordinal: 10, Address: 0xd9aa0)
  • PlaGetLegacyAlertActionsStringFromFlags (Ordinal: 11, Address: 0xd9f10)
  • PlaGetServerCapabilities (Ordinal: 12, Address: 0x381f0)
  • PlaHost (Ordinal: 13, Address: 0xfefc0)
  • PlaServer (Ordinal: 14, Address: 0x7110)
  • PlaUpgrade (Ordinal: 15, Address: 0xaeb0)

Imported DLLs & Functions

ADVAPI32.dll
  • AccessCheck (Address: 0x18013a240)
  • AddAccessAllowedAceEx (Address: 0x18013a278)
  • AddAce (Address: 0x18013a280)
  • AdjustTokenPrivileges (Address: 0x18013a318)
  • CheckTokenMembership (Address: 0x18013a368)
  • ControlTraceW (Address: 0x18013a1c8)
  • CreateWellKnownSid (Address: 0x18013a370)
  • DuplicateTokenEx (Address: 0x18013a230)
  • EnableTraceEx (Address: 0x18013a308)
  • EnumerateTraceGuidsEx (Address: 0x18013a300)
  • EqualSid (Address: 0x18013a288)
  • EventAccessQuery (Address: 0x18013a320)
  • EventAccessRemove (Address: 0x18013a340)
  • FlushTraceW (Address: 0x18013a2e0)
  • GetAce (Address: 0x18013a290)
  • GetAclInformation (Address: 0x18013a298)
  • GetFileSecurityW (Address: 0x18013a248)
  • GetLengthSid (Address: 0x18013a2a8)
  • GetSecurityDescriptorDacl (Address: 0x18013a338)
  • GetSecurityDescriptorGroup (Address: 0x18013a2b8)
  • GetSecurityDescriptorOwner (Address: 0x18013a2c0)
  • GetSecurityDescriptorSacl (Address: 0x18013a330)
  • GetTokenInformation (Address: 0x18013a348)
  • ImpersonateLoggedOnUser (Address: 0x18013a260)
  • InitializeAcl (Address: 0x18013a2a0)
  • InitializeSecurityDescriptor (Address: 0x18013a218)
  • LogonUserW (Address: 0x18013a268)
  • LookupAccountNameW (Address: 0x18013a250)
  • MakeAbsoluteSD (Address: 0x18013a2b0)
  • OpenProcessToken (Address: 0x18013a350)
  • OpenThreadToken (Address: 0x18013a358)
  • QueryAllTracesW (Address: 0x18013a2d8)
  • QueryTraceW (Address: 0x18013a310)
  • RegCloseKey (Address: 0x18013a1d8)
  • RegConnectRegistryW (Address: 0x18013a360)
  • RegCreateKeyExW (Address: 0x18013a2d0)
  • RegDeleteKeyW (Address: 0x18013a1e8)
  • RegDeleteValueW (Address: 0x18013a2c8)
  • RegEnumKeyExW (Address: 0x18013a200)
  • RegEnumKeyW (Address: 0x18013a220)
  • RegEnumValueW (Address: 0x18013a1f8)
  • RegFlushKey (Address: 0x18013a228)
  • RegOpenKeyExW (Address: 0x18013a378)
  • RegQueryInfoKeyW (Address: 0x18013a1f0)
  • RegQueryValueExW (Address: 0x18013a1d0)
  • RegSetValueExW (Address: 0x18013a1e0)
  • RevertToSelf (Address: 0x18013a258)
  • SetNamedSecurityInfoW (Address: 0x18013a328)
  • SetSecurityDescriptorDacl (Address: 0x18013a270)
  • SetSecurityDescriptorGroup (Address: 0x18013a208)
  • SetSecurityDescriptorOwner (Address: 0x18013a210)
  • SetThreadToken (Address: 0x18013a238)
  • StartTraceW (Address: 0x18013a2f0)
  • StopTraceW (Address: 0x18013a2e8)
  • UpdateTraceW (Address: 0x18013a2f8)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x18013a820)
  • SetServiceStatus (Address: 0x18013a828)
api-ms-win-service-management-l1-1-0.dll
  • CloseServiceHandle (Address: 0x18013a850)
  • OpenSCManagerW (Address: 0x18013a838)
  • OpenServiceW (Address: 0x18013a840)
  • StartServiceW (Address: 0x18013a848)
api-ms-win-service-management-l2-1-0.dll
  • ChangeServiceConfig2W (Address: 0x18013a870)
  • ChangeServiceConfigW (Address: 0x18013a860)
  • QueryServiceConfigW (Address: 0x18013a868)
api-ms-win-service-winsvc-l1-1-0.dll
  • ControlService (Address: 0x18013a880)
  • QueryServiceStatus (Address: 0x18013a888)
Cabinet.dll
  • (Address: 0x18013a388)
  • (Address: 0x18013a390)
  • (Address: 0x18013a398)
  • (Address: 0x18013a3a0)
  • (Address: 0x18013a3a8)
  • (Address: 0x18013a3b0)
  • (Address: 0x18013a3b8)
KERNEL32.dll
  • CloseHandle (Address: 0x18013a3e8)
  • CompareStringW (Address: 0x18013a628)
  • CopyFileExW (Address: 0x18013a708)
  • CopyFileW (Address: 0x18013a6f8)
  • CreateDirectoryW (Address: 0x18013a490)
  • CreateEventW (Address: 0x18013a3e0)
  • CreateFileW (Address: 0x18013a570)
  • CreateProcessW (Address: 0x18013a6d8)
  • CreateThread (Address: 0x18013a668)
  • CreateWaitableTimerW (Address: 0x18013a638)
  • DebugBreak (Address: 0x18013a400)
  • DelayLoadFailureHook (Address: 0x18013a480)
  • DeleteCriticalSection (Address: 0x18013a5e8)
  • DeleteFileW (Address: 0x18013a690)
  • DisableThreadLibraryCalls (Address: 0x18013a688)
  • DosDateTimeToFileTime (Address: 0x18013a448)
  • DuplicateHandle (Address: 0x18013a5b0)
  • EnterCriticalSection (Address: 0x18013a3d8)
  • ExpandEnvironmentStringsW (Address: 0x18013a418)
  • FileTimeToDosDateTime (Address: 0x18013a450)
  • FileTimeToLocalFileTime (Address: 0x18013a5e0)
  • FileTimeToSystemTime (Address: 0x18013a5c0)
  • FindClose (Address: 0x18013a5a8)
  • FindFirstFileW (Address: 0x18013a598)
  • FindNextFileW (Address: 0x18013a5a0)
  • FindResourceW (Address: 0x18013a4c8)
  • FormatMessageW (Address: 0x18013a4a8)
  • FreeLibrary (Address: 0x18013a550)
  • FreeResource (Address: 0x18013a4f8)
  • GetCommandLineW (Address: 0x18013a660)
  • GetComputerNameW (Address: 0x18013a4a0)
  • GetCurrentProcess (Address: 0x18013a518)
  • GetCurrentProcessId (Address: 0x18013a590)
  • GetCurrentThread (Address: 0x18013a510)
  • GetCurrentThreadId (Address: 0x18013a538)
  • GetDateFormatW (Address: 0x18013a608)
  • GetDiskFreeSpaceExW (Address: 0x18013a678)
  • GetExitCodeProcess (Address: 0x18013a6d0)
  • GetExitCodeThread (Address: 0x18013a698)
  • GetFileAttributesW (Address: 0x18013a520)
  • GetFileInformationByHandle (Address: 0x18013a438)
  • GetFileMUIPath (Address: 0x18013a6c0)
  • GetFileSizeEx (Address: 0x18013a680)
  • GetFullPathNameW (Address: 0x18013a470)
  • GetLastError (Address: 0x18013a5f8)
  • GetLocaleInfoW (Address: 0x18013a420)
  • GetLocalTime (Address: 0x18013a428)
  • GetModuleFileNameW (Address: 0x18013a5d0)
  • GetProcessHeap (Address: 0x18013a610)
  • GetSystemDirectoryW (Address: 0x18013a600)
  • GetSystemTime (Address: 0x18013a6f0)
  • GetSystemTimeAsFileTime (Address: 0x18013a5b8)
  • GetTempFileNameW (Address: 0x18013a6e0)
  • GetTempPathW (Address: 0x18013a6a8)
  • GetTickCount (Address: 0x18013a468)
  • GetTickCount64 (Address: 0x18013a658)
  • GetTimeFormatW (Address: 0x18013a670)
  • GetTimeZoneInformation (Address: 0x18013a488)
  • GetUserDefaultUILanguage (Address: 0x18013a618)
  • GetWindowsDirectoryW (Address: 0x18013a5f0)
  • GlobalAlloc (Address: 0x18013a4e8)
  • GlobalFree (Address: 0x18013a508)
  • GlobalLock (Address: 0x18013a4f0)
  • GlobalUnlock (Address: 0x18013a500)
  • HeapAlloc (Address: 0x18013a410)
  • HeapFree (Address: 0x18013a408)
  • HeapReAlloc (Address: 0x18013a620)
  • HeapSize (Address: 0x18013a630)
  • HeapValidate (Address: 0x18013a3c8)
  • InitializeCriticalSection (Address: 0x18013a4b0)
  • IsDebuggerPresent (Address: 0x18013a648)
  • IsWow64Process (Address: 0x18013a528)
  • K32GetModuleFileNameExW (Address: 0x18013a568)
  • LeaveCriticalSection (Address: 0x18013a3d0)
  • LoadLibraryExW (Address: 0x18013a548)
  • LoadLibraryW (Address: 0x18013a6b8)
  • LoadResource (Address: 0x18013a4d0)
  • LocalFileTimeToFileTime (Address: 0x18013a440)
  • LocalFree (Address: 0x18013a498)
  • LockResource (Address: 0x18013a4d8)
  • MultiByteToWideChar (Address: 0x18013a430)
  • OpenEventW (Address: 0x18013a650)
  • OpenProcess (Address: 0x18013a560)
  • QueryPerformanceCounter (Address: 0x18013a588)
  • RemoveDirectoryW (Address: 0x18013a700)
  • ResetEvent (Address: 0x18013a558)
  • ResolveDelayLoadedAPI (Address: 0x18013a478)
  • SetEvent (Address: 0x18013a3f8)
  • SetFileAttributesW (Address: 0x18013a6a0)
  • SetFileTime (Address: 0x18013a6b0)
  • SetPriorityClass (Address: 0x18013a6e8)
  • SetUnhandledExceptionFilter (Address: 0x18013a460)
  • SetWaitableTimer (Address: 0x18013a640)
  • SizeofResource (Address: 0x18013a4e0)
  • Sleep (Address: 0x18013a5d8)
  • SystemTimeToFileTime (Address: 0x18013a5c8)
  • TerminateProcess (Address: 0x18013a6c8)
  • UnhandledExceptionFilter (Address: 0x18013a458)
  • UnregisterWait (Address: 0x18013a3f0)
  • WaitForMultipleObjects (Address: 0x18013a4b8)
  • WaitForSingleObject (Address: 0x18013a580)
  • WideCharToMultiByte (Address: 0x18013a4c0)
  • Wow64DisableWow64FsRedirection (Address: 0x18013a530)
  • Wow64RevertWow64FsRedirection (Address: 0x18013a540)
  • WriteFile (Address: 0x18013a578)
msvcrt.dll
  • __C_specific_handler (Address: 0x18013a9b8)
  • _amsg_exit (Address: 0x18013a8d0)
  • _close (Address: 0x18013a900)
  • _errno (Address: 0x18013a8f0)
  • _get_osfhandle (Address: 0x18013a928)
  • _initterm (Address: 0x18013a8b8)
  • _lseek (Address: 0x18013a8e0)
  • _purecall (Address: 0x18013a9c0)
  • _read (Address: 0x18013a908)
  • _vsnwprintf (Address: 0x18013a9d0)
  • _wcsicmp (Address: 0x18013a9e0)
  • _wcsnicmp (Address: 0x18013a9b0)
  • _wfopen (Address: 0x18013a938)
  • _wgetenv (Address: 0x18013a980)
  • _wopen (Address: 0x18013a920)
  • _wremove (Address: 0x18013a910)
  • _write (Address: 0x18013a8f8)
  • _wsplitpath_s (Address: 0x18013a978)
  • _wtof (Address: 0x18013a960)
  • _wtoi (Address: 0x18013a940)
  • _wtol (Address: 0x18013a970)
  • _XcptFilter (Address: 0x18013a8d8)
  • ??1type_info@@UEAA@XZ (Address: 0x18013a8b0)
  • ?name@type_info@@QEBAPEBDXZ (Address: 0x18013a9c8)
  • fclose (Address: 0x18013a930)
  • free (Address: 0x18013a9e8)
  • fwprintf (Address: 0x18013a950)
  • iswspace (Address: 0x18013a968)
  • malloc (Address: 0x18013a8c0)
  • memcpy (Address: 0x18013a898)
  • memmove (Address: 0x18013a8a0)
  • memset (Address: 0x18013a8a8)
  • qsort (Address: 0x18013a958)
  • rand (Address: 0x18013a998)
  • srand (Address: 0x18013a918)
  • swscanf_s (Address: 0x18013a9a0)
  • time (Address: 0x18013a8e8)
  • vfwprintf (Address: 0x18013a948)
  • wcschr (Address: 0x18013a9d8)
  • wcscmp (Address: 0x18013a9f0)
  • wcscspn (Address: 0x18013a990)
  • wcsncmp (Address: 0x18013a9a8)
  • wcsrchr (Address: 0x18013a8c8)
  • wcsstr (Address: 0x18013a988)
NSI.dll
  • NsiAllocateAndGetTable (Address: 0x18013a720)
  • NsiFreeTable (Address: 0x18013a718)
ntdll.dll
  • EtwEventRegister (Address: 0x18013aa48)
  • EtwEventUnregister (Address: 0x18013aa38)
  • EtwEventWrite (Address: 0x18013aa40)
  • EtwNotificationRegister (Address: 0x18013aa10)
  • EtwNotificationUnregister (Address: 0x18013aa18)
  • NtQuerySystemInformation (Address: 0x18013aa08)
  • NtQuerySystemTime (Address: 0x18013aa30)
  • RtlCaptureContext (Address: 0x18013aa50)
  • RtlFreeUnicodeString (Address: 0x18013aa28)
  • RtlLookupFunctionEntry (Address: 0x18013aa58)
  • RtlNtStatusToDosError (Address: 0x18013aa00)
  • RtlStringFromGUID (Address: 0x18013aa20)
  • RtlVirtualUnwind (Address: 0x18013aa60)
pdh.dll
  • PdhAddCounterW (Address: 0x18013aa78)
  • PdhCloseLog (Address: 0x18013aa98)
  • PdhCloseQuery (Address: 0x18013aaa8)
  • PdhCollectQueryData (Address: 0x18013aa70)
  • PdhExpandWildCardPathW (Address: 0x18013aa80)
  • PdhGetFormattedCounterValue (Address: 0x18013aac0)
  • PdhOpenLogW (Address: 0x18013aaa0)
  • PdhOpenQueryW (Address: 0x18013aa88)
  • PdhTranslate009CounterW (Address: 0x18013aab0)
  • PdhTranslateLocaleCounterW (Address: 0x18013aab8)
  • PdhUpdateLogW (Address: 0x18013aa90)
RPCRT4.dll
  • NdrClientCall3 (Address: 0x18013a7b8)
  • NdrServerCall2 (Address: 0x18013a7a8)
  • NdrServerCallAll (Address: 0x18013a760)
  • RpcBindingFree (Address: 0x18013a780)
  • RpcBindingFromStringBindingW (Address: 0x18013a790)
  • RpcBindingInqAuthClientW (Address: 0x18013a770)
  • RpcBindingSetAuthInfoW (Address: 0x18013a788)
  • RpcBindingToStringBindingW (Address: 0x18013a768)
  • RpcImpersonateClient (Address: 0x18013a758)
  • RpcRevertToSelf (Address: 0x18013a750)
  • RpcServerInqCallAttributesW (Address: 0x18013a738)
  • RpcServerRegisterIf3 (Address: 0x18013a740)
  • RpcServerUnregisterIfEx (Address: 0x18013a730)
  • RpcServerUseProtseqEpW (Address: 0x18013a748)
  • RpcStringBindingComposeW (Address: 0x18013a798)
  • RpcStringBindingParseW (Address: 0x18013a7b0)
  • RpcStringFreeW (Address: 0x18013a778)
  • UuidCreate (Address: 0x18013a7a0)
SHLWAPI.dll
  • (Address: 0x18013a7d8)
  • PathIsFileSpecW (Address: 0x18013a7d0)
  • PathIsNetworkPathW (Address: 0x18013a7c8)
tdh.dll
  • TdhEnumerateProviderFieldInformation (Address: 0x18013aad8)
  • TdhEnumerateProviders (Address: 0x18013aae8)
  • TdhEnumerateRemoteWBEMProviderFieldInformation (Address: 0x18013aae0)
  • TdhEnumerateRemoteWBEMProviders (Address: 0x18013aad0)
USER32.dll
  • CreateWindowExW (Address: 0x18013a810)
  • DestroyWindow (Address: 0x18013a7f8)
  • DispatchMessageW (Address: 0x18013a808)
  • LoadStringW (Address: 0x18013a7f0)
  • MsgWaitForMultipleObjects (Address: 0x18013a800)
  • PeekMessageW (Address: 0x18013a7e8)
wevtapi.dll
  • EvtClose (Address: 0x18013ab08)
  • EvtCreateRenderContext (Address: 0x18013ab00)
  • EvtGetChannelConfigProperty (Address: 0x18013ab18)
  • EvtNext (Address: 0x18013ab28)
  • EvtOpenChannelConfig (Address: 0x18013ab10)
  • EvtRender (Address: 0x18013aaf8)
  • EvtSubscribe (Address: 0x18013ab20)