easwrt.dll
Description: Exchange ActiveSync Windows Runtime DLL
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 64-bit
Operating System: Windows NT
SHA256: 34b3f8b6d7b061f315d3b79257afcb13
File Size: 180.0 KB
Uploaded At: Dec. 1, 2025, 7:27 a.m.
Views: 8
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x5610)
- DllGetActivationFactory (Ordinal: 2, Address: 0x5670)
- DllGetClassObject (Ordinal: 3, Address: 0x56b0)
- EasClientSecurityPolicyApply (Ordinal: 4, Address: 0x4430)
- EasClientSecurityPolicyCheckCompliance (Ordinal: 5, Address: 0x44d0)
- EasGetClientDeviceInformation (Ordinal: 6, Address: 0x4570)
- EasRegisterEncryptionProvider (Ordinal: 7, Address: 0x128e0)
- EasShowConsentDialog (Ordinal: 8, Address: 0x4590)
- EasUnRegisterEncryptionProvider (Ordinal: 9, Address: 0x12970)
Imported DLLs & Functions
ADVAPI32.dll
- AllocateAndInitializeSid (Address: 0x18001e1d0)
- CloseServiceHandle (Address: 0x18001e1c0)
- FreeSid (Address: 0x18001e178)
- OpenSCManagerW (Address: 0x18001e1c8)
- OpenServiceW (Address: 0x18001e180)
- QueryServiceStatus (Address: 0x18001e1b8)
- RegCloseKey (Address: 0x18001e198)
- RegCreateKeyExW (Address: 0x18001e1b0)
- RegDeleteValueW (Address: 0x18001e188)
- RegOpenKeyExW (Address: 0x18001e190)
- RegSetValueExW (Address: 0x18001e1a0)
- StartServiceW (Address: 0x18001e1a8)
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x18001e3e0)
api-ms-win-core-com-l1-1-0.dll
- CoCreateFreeThreadedMarshaler (Address: 0x18001e408)
- CoCreateInstance (Address: 0x18001e428)
- CoGetCallContext (Address: 0x18001e3f0)
- CoGetCallerTID (Address: 0x18001e430)
- CoGetInterfaceAndReleaseStream (Address: 0x18001e410)
- CoMarshalInterface (Address: 0x18001e418)
- CoMarshalInterThreadInterfaceInStream (Address: 0x18001e438)
- CoReleaseMarshalData (Address: 0x18001e448)
- CoTaskMemAlloc (Address: 0x18001e420)
- CoTaskMemFree (Address: 0x18001e400)
- CreateStreamOnHGlobal (Address: 0x18001e440)
- StringFromGUID2 (Address: 0x18001e3f8)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x18001e458)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
- CStdStubBuffer2_Connect (Address: 0x18001e470)
- CStdStubBuffer2_CountRefs (Address: 0x18001e488)
- CStdStubBuffer2_Disconnect (Address: 0x18001e4b8)
- CStdStubBuffer2_QueryInterface (Address: 0x18001e4e8)
- NdrProxyForwardingFunction3 (Address: 0x18001e4c0)
- NdrProxyForwardingFunction4 (Address: 0x18001e508)
- NdrProxyForwardingFunction5 (Address: 0x18001e530)
- ObjectStublessClient10 (Address: 0x18001e4f8)
- ObjectStublessClient11 (Address: 0x18001e490)
- ObjectStublessClient12 (Address: 0x18001e4a0)
- ObjectStublessClient13 (Address: 0x18001e4e0)
- ObjectStublessClient14 (Address: 0x18001e498)
- ObjectStublessClient15 (Address: 0x18001e4a8)
- ObjectStublessClient16 (Address: 0x18001e4d8)
- ObjectStublessClient17 (Address: 0x18001e500)
- ObjectStublessClient18 (Address: 0x18001e520)
- ObjectStublessClient19 (Address: 0x18001e4f0)
- ObjectStublessClient20 (Address: 0x18001e468)
- ObjectStublessClient21 (Address: 0x18001e4c8)
- ObjectStublessClient22 (Address: 0x18001e480)
- ObjectStublessClient23 (Address: 0x18001e4b0)
- ObjectStublessClient3 (Address: 0x18001e478)
- ObjectStublessClient6 (Address: 0x18001e528)
- ObjectStublessClient7 (Address: 0x18001e4d0)
- ObjectStublessClient8 (Address: 0x18001e518)
- ObjectStublessClient9 (Address: 0x18001e510)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18001e540)
- IsDebuggerPresent (Address: 0x18001e548)
- OutputDebugStringW (Address: 0x18001e550)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18001e560)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18001e570)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18001e590)
- RaiseException (Address: 0x18001e598)
- SetLastError (Address: 0x18001e5a0)
- SetUnhandledExceptionFilter (Address: 0x18001e588)
- UnhandledExceptionFilter (Address: 0x18001e580)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18001e5b0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18001e5d0)
- HeapAlloc (Address: 0x18001e5c0)
- HeapFree (Address: 0x18001e5c8)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18001e5e0)
- LocalFree (Address: 0x18001e5e8)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18001e608)
- FreeLibrary (Address: 0x18001e5f8)
- GetModuleFileNameA (Address: 0x18001e628)
- GetModuleHandleExW (Address: 0x18001e600)
- GetModuleHandleW (Address: 0x18001e620)
- GetProcAddress (Address: 0x18001e618)
- LoadLibraryExW (Address: 0x18001e610)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18001e638)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x18001e648)
- GetCurrentProcessId (Address: 0x18001e680)
- GetCurrentThread (Address: 0x18001e678)
- GetCurrentThreadId (Address: 0x18001e660)
- GetProcessId (Address: 0x18001e658)
- OpenProcessToken (Address: 0x18001e670)
- OpenThreadToken (Address: 0x18001e668)
- TerminateProcess (Address: 0x18001e650)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18001e690)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18001e6a0)
api-ms-win-core-registry-l1-1-0.dll
- RegDeleteTreeW (Address: 0x18001e6b8)
- RegEnumValueW (Address: 0x18001e6b0)
- RegGetValueW (Address: 0x18001e6c0)
- RegQueryInfoKeyW (Address: 0x18001e6c8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x18001e6e8)
- RtlLookupFunctionEntry (Address: 0x18001e6d8)
- RtlVirtualUnwind (Address: 0x18001e6e0)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x18001e6f8)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18001e748)
- AcquireSRWLockShared (Address: 0x18001e760)
- CreateMutexExW (Address: 0x18001e720)
- CreateSemaphoreExW (Address: 0x18001e738)
- DeleteCriticalSection (Address: 0x18001e758)
- InitializeCriticalSection (Address: 0x18001e728)
- OpenSemaphoreW (Address: 0x18001e718)
- ReleaseMutex (Address: 0x18001e708)
- ReleaseSemaphore (Address: 0x18001e740)
- ReleaseSRWLockExclusive (Address: 0x18001e768)
- ReleaseSRWLockShared (Address: 0x18001e750)
- WaitForSingleObject (Address: 0x18001e710)
- WaitForSingleObjectEx (Address: 0x18001e730)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x18001e780)
- Sleep (Address: 0x18001e778)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x18001e798)
- GetTickCount (Address: 0x18001e7a0)
- GetVersionExW (Address: 0x18001e790)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x18001e7b0)
- EncodePointer (Address: 0x18001e7b8)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x18001e7e8)
- RoOriginateError (Address: 0x18001e7e0)
- RoOriginateErrorW (Address: 0x18001e7d0)
- RoTransformError (Address: 0x18001e7c8)
- SetRestrictedErrorInfo (Address: 0x18001e7d8)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x18001e800)
- RoGetMatchingRestrictedErrorInfo (Address: 0x18001e7f8)
- RoReportFailedDelegate (Address: 0x18001e808)
api-ms-win-core-winrt-l1-1-0.dll
- RoGetActivationFactory (Address: 0x18001e818)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x18001e838)
- WindowsCreateStringReference (Address: 0x18001e828)
- WindowsGetStringRawBuffer (Address: 0x18001e840)
- WindowsIsStringEmpty (Address: 0x18001e830)
- WindowsStringHasEmbeddedNull (Address: 0x18001e848)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x18001e858)
- GetTraceEnableLevel (Address: 0x18001e880)
- GetTraceLoggerHandle (Address: 0x18001e860)
- RegisterTraceGuidsW (Address: 0x18001e868)
- TraceMessage (Address: 0x18001e878)
- UnregisterTraceGuids (Address: 0x18001e870)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x18001e890)
- EventRegister (Address: 0x18001e898)
- EventSetInformation (Address: 0x18001e8a0)
- EventUnregister (Address: 0x18001e8b0)
- EventWriteTransfer (Address: 0x18001e8a8)
api-ms-win-security-base-l1-1-0.dll
- CheckTokenMembership (Address: 0x18001e8f0)
- CopySid (Address: 0x18001e8e8)
- CreateWellKnownSid (Address: 0x18001e8f8)
- DuplicateToken (Address: 0x18001e8d0)
- EqualSid (Address: 0x18001e8c8)
- GetLengthSid (Address: 0x18001e8d8)
- GetSecurityDescriptorDacl (Address: 0x18001e8e0)
- GetTokenInformation (Address: 0x18001e8c0)
- PrivilegeCheck (Address: 0x18001e900)
api-ms-win-security-lsapolicy-l1-1-0.dll
- LsaClose (Address: 0x18001e920)
- LsaFreeMemory (Address: 0x18001e910)
- LsaLookupSids (Address: 0x18001e930)
- LsaOpenPolicy (Address: 0x18001e928)
- LsaQueryInformationPolicy (Address: 0x18001e918)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x18001e940)
api-ms-win-shcore-taskpool-l1-1-0.dll
- SHTaskPoolAllowThreadReuse (Address: 0x18001e950)
- SHTaskPoolQueueTask (Address: 0x18001e958)
AUTHZ.dll
- AuthzAccessCheck (Address: 0x18001e1f8)
- AuthzAddSidsToContext (Address: 0x18001e208)
- AuthzFreeContext (Address: 0x18001e1f0)
- AuthzFreeResourceManager (Address: 0x18001e1e0)
- AuthzInitializeContextFromSid (Address: 0x18001e200)
- AuthzInitializeResourceManager (Address: 0x18001e1e8)
combase.dll
- (Address: 0x18001e968)
- (Address: 0x18001e970)
KERNEL32.dll
- CreateFileW (Address: 0x18001e218)
- GetSystemWindowsDirectoryW (Address: 0x18001e220)
msvcrt.dll
- __C_specific_handler (Address: 0x18001ea18)
- __CxxFrameHandler3 (Address: 0x18001ea10)
- __dllonexit (Address: 0x18001e9a0)
- _amsg_exit (Address: 0x18001e9b8)
- _callnewh (Address: 0x18001e9d8)
- _initterm (Address: 0x18001e9b0)
- _lock (Address: 0x18001e980)
- _onexit (Address: 0x18001e9a8)
- _purecall (Address: 0x18001e9f0)
- _unlock (Address: 0x18001ea00)
- _vsnwprintf (Address: 0x18001e988)
- _wtoi (Address: 0x18001ea08)
- _XcptFilter (Address: 0x18001e9c0)
- free (Address: 0x18001e9e8)
- malloc (Address: 0x18001e9e0)
- memcmp (Address: 0x18001e9f8)
- memcpy (Address: 0x18001e9d0)
- memcpy_s (Address: 0x18001e990)
- memmove (Address: 0x18001e9c8)
- memset (Address: 0x18001ea20)
- toupper (Address: 0x18001e998)
netutils.dll
- NetApiBufferFree (Address: 0x18001ea30)
ntdll.dll
- NtClose (Address: 0x18001ea60)
- NtDuplicateToken (Address: 0x18001ea68)
- NtGetCachedSigningLevel (Address: 0x18001ea80)
- NtOpenProcessToken (Address: 0x18001ea70)
- NtOpenThreadToken (Address: 0x18001ea58)
- NtQueryInformationToken (Address: 0x18001ea98)
- NtQuerySystemInformation (Address: 0x18001ea90)
- NtSetCachedSigningLevel (Address: 0x18001ea88)
- RtlAcquireResourceExclusive (Address: 0x18001ea48)
- RtlCopySid (Address: 0x18001eac8)
- RtlDeleteResource (Address: 0x18001eaf8)
- RtlEqualSid (Address: 0x18001eaf0)
- RtlGetDeviceFamilyInfoEnum (Address: 0x18001eae0)
- RtlGetNtProductType (Address: 0x18001eab8)
- RtlInitializeResource (Address: 0x18001ea40)
- RtlInitializeSid (Address: 0x18001eaa8)
- RtlInitUnicodeString (Address: 0x18001eaa0)
- RtlIsMultiSessionSku (Address: 0x18001ead0)
- RtlLengthSid (Address: 0x18001eac0)
- RtlNtStatusToDosError (Address: 0x18001eae8)
- RtlReleaseResource (Address: 0x18001ea50)
- RtlSubAuthorityCountSid (Address: 0x18001ead8)
- RtlSubAuthoritySid (Address: 0x18001eab0)
- WinSqmSetString (Address: 0x18001ea78)
ole32.dll
- CoGetObject (Address: 0x18001eb08)
OLEAUT32.dll
- VariantClear (Address: 0x18001e230)
- VariantInit (Address: 0x18001e238)
RPCRT4.dll
- CStdStubBuffer_AddRef (Address: 0x18001e2d0)
- CStdStubBuffer_Connect (Address: 0x18001e2d8)
- CStdStubBuffer_CountRefs (Address: 0x18001e330)
- CStdStubBuffer_DebugServerQueryInterface (Address: 0x18001e2b8)
- CStdStubBuffer_DebugServerRelease (Address: 0x18001e300)
- CStdStubBuffer_Disconnect (Address: 0x18001e2f8)
- CStdStubBuffer_Invoke (Address: 0x18001e280)
- CStdStubBuffer_IsIIDSupported (Address: 0x18001e2e0)
- CStdStubBuffer_QueryInterface (Address: 0x18001e318)
- I_RpcExceptionFilter (Address: 0x18001e2c8)
- I_RpcMapWin32Status (Address: 0x18001e250)
- IUnknown_AddRef_Proxy (Address: 0x18001e2b0)
- IUnknown_QueryInterface_Proxy (Address: 0x18001e2f0)
- IUnknown_Release_Proxy (Address: 0x18001e328)
- NdrClientCall3 (Address: 0x18001e290)
- NdrCStdStubBuffer_Release (Address: 0x18001e278)
- NdrCStdStubBuffer2_Release (Address: 0x18001e260)
- NdrDllCanUnloadNow (Address: 0x18001e270)
- NdrDllGetClassObject (Address: 0x18001e268)
- NdrOleAllocate (Address: 0x18001e310)
- NdrOleFree (Address: 0x18001e308)
- NdrStubCall3 (Address: 0x18001e2e8)
- NdrStubForwardingFunction (Address: 0x18001e288)
- RpcBindingBind (Address: 0x18001e258)
- RpcBindingCreateW (Address: 0x18001e320)
- RpcBindingFree (Address: 0x18001e298)
- RpcBindingFromStringBindingW (Address: 0x18001e2a8)
- RpcBindingSetAuthInfoExW (Address: 0x18001e248)
- RpcStringBindingComposeW (Address: 0x18001e2c0)
- RpcStringFreeW (Address: 0x18001e2a0)
samcli.dll
- NetUserGetInfo (Address: 0x18001eb18)
SAMLIB.dll
- SamCloseHandle (Address: 0x18001e348)
- SamConnect (Address: 0x18001e378)
- SamFreeMemory (Address: 0x18001e358)
- SamOpenDomain (Address: 0x18001e340)
- SamOpenUser (Address: 0x18001e368)
- SamQueryInformationDomain (Address: 0x18001e370)
- SamQueryInformationUser (Address: 0x18001e360)
- SamQuerySecurityObject (Address: 0x18001e350)
twinapi.appcore.dll
- (Address: 0x18001eb28)
- (Address: 0x18001eb30)
- (Address: 0x18001eb38)
- (Address: 0x18001eb40)
USER32.dll
- (Address: 0x18001e390)
- (Address: 0x18001e3a0)
- EnableWindow (Address: 0x18001e3c0)
- GetAncestor (Address: 0x18001e3b8)
- GetClassNameW (Address: 0x18001e3b0)
- GetWindow (Address: 0x18001e388)
- GetWindowThreadProcessId (Address: 0x18001e398)
- IsWindow (Address: 0x18001e3a8)
- SystemParametersInfoW (Address: 0x18001e3c8)
- UpdatePerUserSystemParameters (Address: 0x18001e3d0)