pla.dll

Description: Performance Logs & Alerts

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 32-bit

Operating System: Windows NT

SHA256: c2a583893795478556573db3a020ee60

File Size: 1.5 MB

Uploaded At: Dec. 1, 2025, 8:03 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0x1d400)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0x1d850)
  • DllCanUnloadNow (Ordinal: 3, Address: 0x1c8e0)
  • DllGetClassObject (Ordinal: 4, Address: 0x1c900)
  • DllRegisterServer (Ordinal: 5, Address: 0x1cb60)
  • DllUnregisterServer (Ordinal: 6, Address: 0x1cb60)
  • PlaDeleteReport (Ordinal: 7, Address: 0x139bf0)
  • PlaExpandTaskArguments (Ordinal: 8, Address: 0x115c70)
  • PlaExtractCabinet (Ordinal: 9, Address: 0x139d20)
  • PlaGetLegacyAlertActionsFlagsFromString (Ordinal: 10, Address: 0xf0be0)
  • PlaGetLegacyAlertActionsStringFromFlags (Ordinal: 11, Address: 0xf1100)
  • PlaGetServerCapabilities (Ordinal: 12, Address: 0x4c4d0)
  • PlaHost (Ordinal: 13, Address: 0x116ec0)
  • PlaServer (Ordinal: 14, Address: 0x1cb70)
  • PlaUpgrade (Ordinal: 15, Address: 0x20910)

Imported DLLs & Functions

ADVAPI32.dll
  • AccessCheck (Address: 0x1014e020)
  • AddAccessAllowedAceEx (Address: 0x1014e03c)
  • AddAce (Address: 0x1014e040)
  • AdjustTokenPrivileges (Address: 0x1014e08c)
  • CheckTokenMembership (Address: 0x1014e0b4)
  • ControlTraceW (Address: 0x1014e080)
  • CreateWellKnownSid (Address: 0x1014e0b8)
  • DuplicateTokenEx (Address: 0x1014e018)
  • EnableTraceEx (Address: 0x1014e084)
  • EnumerateTraceGuidsEx (Address: 0x1014e07c)
  • EqualSid (Address: 0x1014e044)
  • EventAccessQuery (Address: 0x1014e090)
  • EventAccessRemove (Address: 0x1014e0a0)
  • FlushTraceW (Address: 0x1014e070)
  • GetAce (Address: 0x1014e048)
  • GetAclInformation (Address: 0x1014e04c)
  • GetFileSecurityW (Address: 0x1014e024)
  • GetLengthSid (Address: 0x1014e054)
  • GetSecurityDescriptorDacl (Address: 0x1014e09c)
  • GetSecurityDescriptorGroup (Address: 0x1014e05c)
  • GetSecurityDescriptorOwner (Address: 0x1014e060)
  • GetSecurityDescriptorSacl (Address: 0x1014e098)
  • GetTokenInformation (Address: 0x1014e0a4)
  • ImpersonateLoggedOnUser (Address: 0x1014e030)
  • InitializeAcl (Address: 0x1014e050)
  • InitializeSecurityDescriptor (Address: 0x1014e00c)
  • LogonUserW (Address: 0x1014e034)
  • LookupAccountNameW (Address: 0x1014e028)
  • MakeAbsoluteSD (Address: 0x1014e058)
  • OpenProcessToken (Address: 0x1014e0a8)
  • OpenThreadToken (Address: 0x1014e0ac)
  • QueryAllTracesW (Address: 0x1014e06c)
  • QueryTraceW (Address: 0x1014e088)
  • RegCloseKey (Address: 0x1014e0d0)
  • RegConnectRegistryW (Address: 0x1014e0b0)
  • RegCreateKeyExW (Address: 0x1014e068)
  • RegDeleteKeyW (Address: 0x1014e0c8)
  • RegDeleteValueW (Address: 0x1014e064)
  • RegEnumKeyExW (Address: 0x1014e0bc)
  • RegEnumKeyW (Address: 0x1014e010)
  • RegEnumValueW (Address: 0x1014e0c0)
  • RegFlushKey (Address: 0x1014e014)
  • RegOpenKeyExW (Address: 0x1014e0d8)
  • RegQueryInfoKeyW (Address: 0x1014e0c4)
  • RegQueryValueExW (Address: 0x1014e0d4)
  • RegSetValueExW (Address: 0x1014e0cc)
  • RevertToSelf (Address: 0x1014e02c)
  • SetNamedSecurityInfoW (Address: 0x1014e094)
  • SetSecurityDescriptorDacl (Address: 0x1014e038)
  • SetSecurityDescriptorGroup (Address: 0x1014e004)
  • SetSecurityDescriptorOwner (Address: 0x1014e008)
  • SetThreadToken (Address: 0x1014e01c)
  • StartTraceW (Address: 0x1014e000)
  • StopTraceW (Address: 0x1014e074)
  • UpdateTraceW (Address: 0x1014e078)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x1014e328)
  • SetServiceStatus (Address: 0x1014e32c)
api-ms-win-service-management-l1-1-0.dll
  • CloseServiceHandle (Address: 0x1014e340)
  • OpenSCManagerW (Address: 0x1014e334)
  • OpenServiceW (Address: 0x1014e338)
  • StartServiceW (Address: 0x1014e33c)
api-ms-win-service-management-l2-1-0.dll
  • ChangeServiceConfig2W (Address: 0x1014e350)
  • ChangeServiceConfigW (Address: 0x1014e348)
  • QueryServiceConfigW (Address: 0x1014e34c)
api-ms-win-service-winsvc-l1-1-0.dll
  • ControlService (Address: 0x1014e358)
  • QueryServiceStatus (Address: 0x1014e35c)
Cabinet.dll
  • (Address: 0x1014e0e0)
  • (Address: 0x1014e0e4)
  • (Address: 0x1014e0e8)
  • (Address: 0x1014e0ec)
  • (Address: 0x1014e0f0)
  • (Address: 0x1014e0f4)
  • (Address: 0x1014e0f8)
KERNEL32.dll
  • CloseHandle (Address: 0x1014e110)
  • CompareStringW (Address: 0x1014e1d8)
  • CopyFileExW (Address: 0x1014e12c)
  • CopyFileW (Address: 0x1014e294)
  • CreateDirectoryW (Address: 0x1014e23c)
  • CreateEventW (Address: 0x1014e10c)
  • CreateFileW (Address: 0x1014e1a0)
  • CreateProcessW (Address: 0x1014e284)
  • CreateThread (Address: 0x1014e1f0)
  • CreateWaitableTimerW (Address: 0x1014e1e0)
  • DebugBreak (Address: 0x1014e1fc)
  • DelayLoadFailureHook (Address: 0x1014e134)
  • DeleteCriticalSection (Address: 0x1014e210)
  • DeleteFileW (Address: 0x1014e29c)
  • DisableThreadLibraryCalls (Address: 0x1014e24c)
  • DosDateTimeToFileTime (Address: 0x1014e118)
  • DuplicateHandle (Address: 0x1014e1c0)
  • EnterCriticalSection (Address: 0x1014e108)
  • ExpandEnvironmentStringsW (Address: 0x1014e22c)
  • FileTimeToDosDateTime (Address: 0x1014e11c)
  • FileTimeToLocalFileTime (Address: 0x1014e214)
  • FileTimeToSystemTime (Address: 0x1014e1c8)
  • FindClose (Address: 0x1014e1bc)
  • FindFirstFileW (Address: 0x1014e1b4)
  • FindNextFileW (Address: 0x1014e1b8)
  • FindResourceW (Address: 0x1014e148)
  • FormatMessageW (Address: 0x1014e13c)
  • FreeLibrary (Address: 0x1014e190)
  • FreeResource (Address: 0x1014e160)
  • GetCommandLineW (Address: 0x1014e178)
  • GetComputerNameW (Address: 0x1014e138)
  • GetCurrentProcess (Address: 0x1014e170)
  • GetCurrentProcessId (Address: 0x1014e1b0)
  • GetCurrentThread (Address: 0x1014e16c)
  • GetCurrentThreadId (Address: 0x1014e184)
  • GetDateFormatW (Address: 0x1014e218)
  • GetDiskFreeSpaceExW (Address: 0x1014e220)
  • GetExitCodeProcess (Address: 0x1014e280)
  • GetExitCodeThread (Address: 0x1014e1ec)
  • GetFileAttributesW (Address: 0x1014e174)
  • GetFileInformationByHandle (Address: 0x1014e260)
  • GetFileMUIPath (Address: 0x1014e278)
  • GetFileSizeEx (Address: 0x1014e224)
  • GetFullPathNameW (Address: 0x1014e20c)
  • GetLastError (Address: 0x1014e254)
  • GetLocaleInfoW (Address: 0x1014e230)
  • GetLocalTime (Address: 0x1014e234)
  • GetModuleFileNameW (Address: 0x1014e204)
  • GetProcessHeap (Address: 0x1014e228)
  • GetSystemDirectoryW (Address: 0x1014e250)
  • GetSystemTime (Address: 0x1014e290)
  • GetSystemTimeAsFileTime (Address: 0x1014e1c4)
  • GetTempFileNameW (Address: 0x1014e288)
  • GetTempPathW (Address: 0x1014e26c)
  • GetTickCount (Address: 0x1014e128)
  • GetTickCount64 (Address: 0x1014e248)
  • GetTimeFormatW (Address: 0x1014e21c)
  • GetTimeZoneInformation (Address: 0x1014e238)
  • GetUserDefaultUILanguage (Address: 0x1014e1d0)
  • GetWindowsDirectoryW (Address: 0x1014e258)
  • GlobalAlloc (Address: 0x1014e158)
  • GlobalFree (Address: 0x1014e168)
  • GlobalLock (Address: 0x1014e15c)
  • GlobalUnlock (Address: 0x1014e164)
  • HeapAlloc (Address: 0x1014e1f4)
  • HeapFree (Address: 0x1014e18c)
  • HeapReAlloc (Address: 0x1014e1d4)
  • HeapSize (Address: 0x1014e1dc)
  • HeapValidate (Address: 0x1014e100)
  • InitializeCriticalSection (Address: 0x1014e140)
  • IsDebuggerPresent (Address: 0x1014e200)
  • IsWow64Process (Address: 0x1014e17c)
  • K32GetModuleFileNameExW (Address: 0x1014e19c)
  • LeaveCriticalSection (Address: 0x1014e104)
  • LoadLibraryExW (Address: 0x1014e240)
  • LoadLibraryW (Address: 0x1014e274)
  • LoadResource (Address: 0x1014e14c)
  • LocalFileTimeToFileTime (Address: 0x1014e25c)
  • LocalFree (Address: 0x1014e244)
  • LockResource (Address: 0x1014e150)
  • MultiByteToWideChar (Address: 0x1014e264)
  • OpenEventW (Address: 0x1014e2a0)
  • OpenProcess (Address: 0x1014e198)
  • QueryPerformanceCounter (Address: 0x1014e1ac)
  • RemoveDirectoryW (Address: 0x1014e298)
  • ResetEvent (Address: 0x1014e194)
  • ResolveDelayLoadedAPI (Address: 0x1014e130)
  • SetEvent (Address: 0x1014e1f8)
  • SetFileAttributesW (Address: 0x1014e268)
  • SetFileTime (Address: 0x1014e270)
  • SetPriorityClass (Address: 0x1014e28c)
  • SetUnhandledExceptionFilter (Address: 0x1014e124)
  • SetWaitableTimer (Address: 0x1014e1e4)
  • SizeofResource (Address: 0x1014e154)
  • Sleep (Address: 0x1014e208)
  • SystemTimeToFileTime (Address: 0x1014e1cc)
  • TerminateProcess (Address: 0x1014e27c)
  • UnhandledExceptionFilter (Address: 0x1014e120)
  • UnregisterWait (Address: 0x1014e114)
  • WaitForMultipleObjects (Address: 0x1014e1e8)
  • WaitForSingleObject (Address: 0x1014e1a8)
  • WideCharToMultiByte (Address: 0x1014e144)
  • Wow64DisableWow64FsRedirection (Address: 0x1014e180)
  • Wow64RevertWow64FsRedirection (Address: 0x1014e188)
  • WriteFile (Address: 0x1014e1a4)
msvcrt.dll
  • _amsg_exit (Address: 0x1014e384)
  • _close (Address: 0x1014e39c)
  • _errno (Address: 0x1014e394)
  • _except_handler4_common (Address: 0x1014e370)
  • _get_osfhandle (Address: 0x1014e3b0)
  • _initterm (Address: 0x1014e378)
  • _lseek (Address: 0x1014e38c)
  • _purecall (Address: 0x1014e3f8)
  • _read (Address: 0x1014e3a0)
  • _vsnwprintf (Address: 0x1014e400)
  • _wcsicmp (Address: 0x1014e408)
  • _wcsnicmp (Address: 0x1014e3f4)
  • _wfopen (Address: 0x1014e3b8)
  • _wgetenv (Address: 0x1014e3dc)
  • _wopen (Address: 0x1014e3ac)
  • _wremove (Address: 0x1014e3a4)
  • _write (Address: 0x1014e398)
  • _wsplitpath_s (Address: 0x1014e3d8)
  • _wtof (Address: 0x1014e3cc)
  • _wtoi (Address: 0x1014e3bc)
  • _wtol (Address: 0x1014e3d4)
  • _XcptFilter (Address: 0x1014e388)
  • ??1type_info@@UAE@XZ (Address: 0x1014e374)
  • ?name@type_info@@QBEPBDXZ (Address: 0x1014e3fc)
  • fclose (Address: 0x1014e3b4)
  • free (Address: 0x1014e380)
  • fwprintf (Address: 0x1014e3c4)
  • iswspace (Address: 0x1014e3d0)
  • malloc (Address: 0x1014e40c)
  • memcmp (Address: 0x1014e364)
  • memcpy (Address: 0x1014e368)
  • memmove (Address: 0x1014e36c)
  • memset (Address: 0x1014e410)
  • qsort (Address: 0x1014e3c8)
  • rand (Address: 0x1014e3e8)
  • srand (Address: 0x1014e3a8)
  • swscanf_s (Address: 0x1014e3ec)
  • time (Address: 0x1014e390)
  • vfwprintf (Address: 0x1014e3c0)
  • wcschr (Address: 0x1014e404)
  • wcscspn (Address: 0x1014e3e4)
  • wcsncmp (Address: 0x1014e3f0)
  • wcsrchr (Address: 0x1014e37c)
  • wcsstr (Address: 0x1014e3e0)
NSI.dll
  • NsiAllocateAndGetTable (Address: 0x1014e2ac)
  • NsiFreeTable (Address: 0x1014e2a8)
ntdll.dll
  • EtwEventRegister (Address: 0x1014e43c)
  • EtwEventUnregister (Address: 0x1014e434)
  • EtwEventWrite (Address: 0x1014e438)
  • EtwNotificationRegister (Address: 0x1014e420)
  • EtwNotificationUnregister (Address: 0x1014e424)
  • NtQuerySystemInformation (Address: 0x1014e41c)
  • NtQuerySystemTime (Address: 0x1014e430)
  • RtlFreeUnicodeString (Address: 0x1014e42c)
  • RtlNtStatusToDosError (Address: 0x1014e418)
  • RtlStringFromGUID (Address: 0x1014e428)
pdh.dll
  • PdhAddCounterW (Address: 0x1014e454)
  • PdhCloseLog (Address: 0x1014e464)
  • PdhCloseQuery (Address: 0x1014e46c)
  • PdhCollectQueryData (Address: 0x1014e450)
  • PdhExpandWildCardPathW (Address: 0x1014e458)
  • PdhGetFormattedCounterValue (Address: 0x1014e44c)
  • PdhOpenLogW (Address: 0x1014e468)
  • PdhOpenQueryW (Address: 0x1014e45c)
  • PdhTranslate009CounterW (Address: 0x1014e448)
  • PdhTranslateLocaleCounterW (Address: 0x1014e444)
  • PdhUpdateLogW (Address: 0x1014e460)
RPCRT4.dll
  • NdrClientCall4 (Address: 0x1014e2cc)
  • NdrServerCall2 (Address: 0x1014e2f0)
  • RpcBindingFree (Address: 0x1014e2dc)
  • RpcBindingFromStringBindingW (Address: 0x1014e2e4)
  • RpcBindingInqAuthClientW (Address: 0x1014e2d4)
  • RpcBindingSetAuthInfoW (Address: 0x1014e2e0)
  • RpcBindingToStringBindingW (Address: 0x1014e2d0)
  • RpcImpersonateClient (Address: 0x1014e2c8)
  • RpcRevertToSelf (Address: 0x1014e2c4)
  • RpcServerInqCallAttributesW (Address: 0x1014e2b4)
  • RpcServerRegisterIf3 (Address: 0x1014e2bc)
  • RpcServerUnregisterIfEx (Address: 0x1014e2b8)
  • RpcServerUseProtseqEpW (Address: 0x1014e2c0)
  • RpcStringBindingComposeW (Address: 0x1014e2e8)
  • RpcStringBindingParseW (Address: 0x1014e2f4)
  • RpcStringFreeW (Address: 0x1014e2d8)
  • UuidCreate (Address: 0x1014e2ec)
SHLWAPI.dll
  • (Address: 0x1014e2fc)
  • PathIsFileSpecW (Address: 0x1014e304)
  • PathIsNetworkPathW (Address: 0x1014e300)
tdh.dll
  • TdhEnumerateProviderFieldInformation (Address: 0x1014e478)
  • TdhEnumerateProviders (Address: 0x1014e480)
  • TdhEnumerateRemoteWBEMProviderFieldInformation (Address: 0x1014e47c)
  • TdhEnumerateRemoteWBEMProviders (Address: 0x1014e474)
USER32.dll
  • CreateWindowExW (Address: 0x1014e320)
  • DestroyWindow (Address: 0x1014e30c)
  • DispatchMessageW (Address: 0x1014e318)
  • LoadStringW (Address: 0x1014e310)
  • MsgWaitForMultipleObjects (Address: 0x1014e314)
  • PeekMessageW (Address: 0x1014e31c)
wevtapi.dll
  • EvtClose (Address: 0x1014e490)
  • EvtCreateRenderContext (Address: 0x1014e48c)
  • EvtGetChannelConfigProperty (Address: 0x1014e498)
  • EvtNext (Address: 0x1014e4a0)
  • EvtOpenChannelConfig (Address: 0x1014e494)
  • EvtRender (Address: 0x1014e488)
  • EvtSubscribe (Address: 0x1014e49c)