efsext.dll
Description: EFSEXT.DLL
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4355
Architecture: 64-bit
Operating System: Windows NT
SHA256: 2e977dd8e42a135b4a5852443c375c5a
File Size: 73.5 KB
Uploaded At: Dec. 1, 2025, 7:27 a.m.
Views: 11
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- EdpPlatform_QueryUserSessionState (Ordinal: 1, Address: 0x4780)
- EdpPlatform_RegisterUserSessionNotification (Ordinal: 2, Address: 0x4740)
- EdpPlatform_ShowDialog (Ordinal: 3, Address: 0x4490)
- EdpPlatform_ShowUI (Ordinal: 4, Address: 0x4700)
- EdpPlatform_UnregisterUserSessionNotification (Ordinal: 5, Address: 0x36c0)
- EfsPlatform_GetCallerID (Ordinal: 6, Address: 0x3af0)
- EfsPlatform_IsCallerAutomaticallyDelegated (Ordinal: 7, Address: 0x3db0)
- EfsPlatform_LaunchPromptUI (Ordinal: 8, Address: 0x3ef0)
- EfsPlatform_SuspendNotificationsAndEncryptFile (Ordinal: 9, Address: 0x3a30)
- EfsPlatform_UnpackSecurePin (Ordinal: 10, Address: 0x4170)
- FVE_LaunchConsentPromptUI (Ordinal: 11, Address: 0x4ac0)
- FVE_LaunchSDCardUI (Ordinal: 12, Address: 0x4ca0)
Imported DLLs & Functions
api-ms-win-appmodel-runtime-l1-1-0.dll
- ClosePackageInfo (Address: 0x18000cab0)
- GetCurrentPackageInfo (Address: 0x18000ca98)
- GetPackageFamilyName (Address: 0x18000ca90)
- GetPackageFullName (Address: 0x18000ca88)
- GetPackageInfo (Address: 0x18000caa0)
- OpenPackageInfoByFullName (Address: 0x18000caa8)
api-ms-win-core-com-l1-1-0.dll
- CoCreateFreeThreadedMarshaler (Address: 0x18000cac0)
- CoCreateInstance (Address: 0x18000caf8)
- CoGetMalloc (Address: 0x18000cae0)
- CoInitializeEx (Address: 0x18000cad0)
- CoTaskMemAlloc (Address: 0x18000cad8)
- CoTaskMemFree (Address: 0x18000cac8)
- CoTaskMemRealloc (Address: 0x18000caf0)
- CoUninitialize (Address: 0x18000cae8)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18000cb10)
- IsDebuggerPresent (Address: 0x18000cb18)
- OutputDebugStringW (Address: 0x18000cb08)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18000cb28)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18000cb38)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18000cb50)
- SetLastError (Address: 0x18000cb58)
- SetUnhandledExceptionFilter (Address: 0x18000cb48)
- UnhandledExceptionFilter (Address: 0x18000cb60)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18000cb70)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18000cb88)
- HeapAlloc (Address: 0x18000cb80)
- HeapFree (Address: 0x18000cb90)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18000cba0)
- LocalFree (Address: 0x18000cba8)
api-ms-win-core-libraryloader-l1-2-0.dll
- FindResourceExW (Address: 0x18000cbc8)
- GetModuleFileNameA (Address: 0x18000cbe0)
- GetModuleHandleExW (Address: 0x18000cbd8)
- GetModuleHandleW (Address: 0x18000cbe8)
- GetProcAddress (Address: 0x18000cbf0)
- LoadResource (Address: 0x18000cbb8)
- LoadStringW (Address: 0x18000cbd0)
- LockResource (Address: 0x18000cbc0)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18000cc00)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x18000cc28)
- GetCurrentProcess (Address: 0x18000cc18)
- GetCurrentProcessId (Address: 0x18000cc10)
- GetCurrentThread (Address: 0x18000cc40)
- GetCurrentThreadId (Address: 0x18000cc38)
- OpenProcessToken (Address: 0x18000cc20)
- OpenThreadToken (Address: 0x18000cc48)
- TerminateProcess (Address: 0x18000cc30)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18000cc58)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18000cc68)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x18000cc78)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18000cc98)
- RegCreateKeyExW (Address: 0x18000cca0)
- RegOpenCurrentUser (Address: 0x18000cc90)
- RegOpenKeyExW (Address: 0x18000cc88)
- RegQueryValueExW (Address: 0x18000cca8)
api-ms-win-core-registry-l1-1-1.dll
- RegDeleteKeyValueW (Address: 0x18000ccb8)
- RegSetKeyValueW (Address: 0x18000ccc0)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x18000ccd0)
- RtlLookupFunctionEntry (Address: 0x18000cce0)
- RtlVirtualUnwind (Address: 0x18000ccd8)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x18000ccf0)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventW (Address: 0x18000cd20)
- CreateMutexExW (Address: 0x18000cd30)
- CreateSemaphoreExW (Address: 0x18000cd40)
- OpenSemaphoreW (Address: 0x18000cd00)
- ReleaseMutex (Address: 0x18000cd08)
- ReleaseSemaphore (Address: 0x18000cd18)
- SetEvent (Address: 0x18000cd10)
- WaitForSingleObject (Address: 0x18000cd38)
- WaitForSingleObjectEx (Address: 0x18000cd28)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18000cd50)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x18000cd68)
- GetSystemWindowsDirectoryW (Address: 0x18000cd70)
- GetTickCount (Address: 0x18000cd60)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- TraceMessage (Address: 0x18000cd80)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x18000cda0)
- EventSetInformation (Address: 0x18000cda8)
- EventUnregister (Address: 0x18000cd90)
- EventWriteTransfer (Address: 0x18000cd98)
api-ms-win-security-base-l1-1-0.dll
- AllocateAndInitializeSid (Address: 0x18000cdd8)
- DuplicateTokenEx (Address: 0x18000cdd0)
- EqualSid (Address: 0x18000cdb8)
- FreeSid (Address: 0x18000cdc8)
- GetTokenInformation (Address: 0x18000cdc0)
api-ms-win-security-credentials-l1-1-0.dll
- CredUnprotectW (Address: 0x18000cde8)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertStringSidToSidW (Address: 0x18000cdf8)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x18000ce10)
- OpenSCManagerW (Address: 0x18000ce18)
- OpenServiceW (Address: 0x18000ce20)
- StartServiceW (Address: 0x18000ce08)
api-ms-win-service-winsvc-l1-1-0.dll
- QueryServiceStatus (Address: 0x18000ce30)
api-ms-win-shcore-taskpool-l1-1-0.dll
- SHTaskPoolQueueTask (Address: 0x18000ce40)
CRYPT32.dll
- CryptBinaryToStringW (Address: 0x18000c940)
- CryptStringToBinaryA (Address: 0x18000c938)
DUI70.dll
- ?_ZeroRelease@Value@DirectUI@@AEAAXXZ (Address: 0x18000c988)
- ?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z (Address: 0x18000c9b0)
- ?Click@TouchButton@DirectUI@@SA?AVUID@@XZ (Address: 0x18000c9a8)
- ?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z (Address: 0x18000c9c8)
- ?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z (Address: 0x18000c980)
- ?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z (Address: 0x18000c9b8)
- ?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ (Address: 0x18000c9d0)
- ?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z (Address: 0x18000c9e8)
- ?GetCheckedState@TouchCheckBox@DirectUI@@QEAA?AW4CheckedStateFlags@2@XZ (Address: 0x18000c998)
- ?GetClassInfoPtr@TouchCheckBox@DirectUI@@SAPEAUIClassInfo@2@XZ (Address: 0x18000c950)
- ?GetClassInfoPtr@TouchHyperLink@DirectUI@@SAPEAUIClassInfo@2@XZ (Address: 0x18000c958)
- ?MultipleClick@TouchButton@DirectUI@@SA?AVUID@@XZ (Address: 0x18000c9a0)
- ?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z (Address: 0x18000c978)
- ?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z (Address: 0x18000c9c0)
- ?VisibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ (Address: 0x18000c970)
- InitProcessPriv (Address: 0x18000c968)
- InitThread (Address: 0x18000c9d8)
- StrToID (Address: 0x18000c990)
- UnInitProcessPriv (Address: 0x18000c960)
- UnInitThread (Address: 0x18000c9e0)
msvcrt.dll
- __C_specific_handler (Address: 0x18000ce80)
- __CxxFrameHandler3 (Address: 0x18000ce78)
- __dllonexit (Address: 0x18000ce68)
- _amsg_exit (Address: 0x18000ce98)
- _callnewh (Address: 0x18000cef0)
- _CxxThrowException (Address: 0x18000cec0)
- _initterm (Address: 0x18000ce88)
- _lock (Address: 0x18000cf08)
- _onexit (Address: 0x18000ce60)
- _purecall (Address: 0x18000ceb0)
- _unlock (Address: 0x18000ce70)
- _vsnprintf_s (Address: 0x18000ced0)
- _vsnwprintf (Address: 0x18000cee0)
- _XcptFilter (Address: 0x18000cea0)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x18000cee8)
- ??0exception@@QEAA@XZ (Address: 0x18000cec8)
- ??1exception@@UEAA@XZ (Address: 0x18000cf00)
- ??1type_info@@UEAA@XZ (Address: 0x18000ce58)
- free (Address: 0x18000cea8)
- malloc (Address: 0x18000ce90)
- memcpy (Address: 0x18000ce50)
- memcpy_s (Address: 0x18000ced8)
- memset (Address: 0x18000cf10)
- wcschr (Address: 0x18000cef8)
- wcsncmp (Address: 0x18000ceb8)
ntdll.dll
- NtQueryInformationToken (Address: 0x18000cf28)
- RtlAllocateHeap (Address: 0x18000cf38)
- RtlCompareUnicodeString (Address: 0x18000cf48)
- RtlFreeHeap (Address: 0x18000cf20)
- RtlInitUnicodeString (Address: 0x18000cf30)
- RtlNtStatusToDosErrorNoTeb (Address: 0x18000cf40)
RPCRT4.dll
- NdrClientCall3 (Address: 0x18000ca08)
- RpcBindingFree (Address: 0x18000ca30)
- RpcBindingFromStringBindingW (Address: 0x18000ca10)
- RpcBindingSetAuthInfoExW (Address: 0x18000ca20)
- RpcImpersonateClient (Address: 0x18000ca00)
- RpcRevertToSelf (Address: 0x18000c9f8)
- RpcStringBindingComposeW (Address: 0x18000ca18)
- RpcStringFreeW (Address: 0x18000ca28)
SHELL32.dll
- (Address: 0x18000ca40)
- (Address: 0x18000ca50)
- (Address: 0x18000ca60)
- SHChangeNotifySuspendResume (Address: 0x18000ca58)
- ShellExecuteExW (Address: 0x18000ca48)
- ShellExecuteW (Address: 0x18000ca68)
USER32.dll
- MsgWaitForMultipleObjects (Address: 0x18000ca78)