easwrt.dll

Description: Exchange ActiveSync Windows Runtime DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.6328

Architecture: 32-bit

Operating System: Windows NT

SHA256: 793e201faa42cd541d3b47cc040d889c

File Size: 140.0 KB

Uploaded At: Dec. 1, 2025, 7:55 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0xd170)
  • DllGetActivationFactory (Ordinal: 2, Address: 0xd1c0)
  • DllGetClassObject (Ordinal: 3, Address: 0xd1e0)
  • EasClientSecurityPolicyApply (Ordinal: 4, Address: 0xc2f0)
  • EasClientSecurityPolicyCheckCompliance (Ordinal: 5, Address: 0xc370)
  • EasGetClientDeviceInformation (Ordinal: 6, Address: 0xc3f0)
  • EasRegisterEncryptionProvider (Ordinal: 7, Address: 0x17830)
  • EasShowConsentDialog (Ordinal: 8, Address: 0xc410)
  • EasUnRegisterEncryptionProvider (Ordinal: 9, Address: 0x178b0)

Imported DLLs & Functions

ADVAPI32.dll
  • AllocateAndInitializeSid (Address: 0x1001f000)
  • CloseServiceHandle (Address: 0x1001f01c)
  • FreeSid (Address: 0x1001f00c)
  • OpenSCManagerW (Address: 0x1001f020)
  • OpenServiceW (Address: 0x1001f004)
  • QueryServiceStatus (Address: 0x1001f018)
  • RegCloseKey (Address: 0x1001f02c)
  • RegCreateKeyExW (Address: 0x1001f014)
  • RegDeleteValueW (Address: 0x1001f010)
  • RegOpenKeyExW (Address: 0x1001f028)
  • RegSetValueExW (Address: 0x1001f024)
  • StartServiceW (Address: 0x1001f008)
api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x1001f134)
api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x1001f150)
  • CoCreateInstance (Address: 0x1001f15c)
  • CoGetCallContext (Address: 0x1001f14c)
  • CoGetCallerTID (Address: 0x1001f140)
  • CoGetInterfaceAndReleaseStream (Address: 0x1001f13c)
  • CoMarshalInterface (Address: 0x1001f144)
  • CoMarshalInterThreadInterfaceInStream (Address: 0x1001f168)
  • CoReleaseMarshalData (Address: 0x1001f154)
  • CoTaskMemAlloc (Address: 0x1001f160)
  • CoTaskMemFree (Address: 0x1001f164)
  • CreateStreamOnHGlobal (Address: 0x1001f148)
  • StringFromGUID2 (Address: 0x1001f158)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x1001f170)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
  • CStdStubBuffer2_Connect (Address: 0x1001f1d0)
  • CStdStubBuffer2_CountRefs (Address: 0x1001f18c)
  • CStdStubBuffer2_Disconnect (Address: 0x1001f1b8)
  • CStdStubBuffer2_QueryInterface (Address: 0x1001f1a4)
  • NdrProxyForwardingFunction3 (Address: 0x1001f1c4)
  • NdrProxyForwardingFunction4 (Address: 0x1001f1cc)
  • NdrProxyForwardingFunction5 (Address: 0x1001f178)
  • ObjectStublessClient10 (Address: 0x1001f1a0)
  • ObjectStublessClient11 (Address: 0x1001f184)
  • ObjectStublessClient12 (Address: 0x1001f17c)
  • ObjectStublessClient13 (Address: 0x1001f1a8)
  • ObjectStublessClient14 (Address: 0x1001f188)
  • ObjectStublessClient15 (Address: 0x1001f1d4)
  • ObjectStublessClient16 (Address: 0x1001f1b4)
  • ObjectStublessClient17 (Address: 0x1001f19c)
  • ObjectStublessClient18 (Address: 0x1001f1d8)
  • ObjectStublessClient19 (Address: 0x1001f198)
  • ObjectStublessClient20 (Address: 0x1001f1dc)
  • ObjectStublessClient21 (Address: 0x1001f1bc)
  • ObjectStublessClient22 (Address: 0x1001f1b0)
  • ObjectStublessClient23 (Address: 0x1001f1c8)
  • ObjectStublessClient3 (Address: 0x1001f1c0)
  • ObjectStublessClient6 (Address: 0x1001f180)
  • ObjectStublessClient7 (Address: 0x1001f1ac)
  • ObjectStublessClient8 (Address: 0x1001f190)
  • ObjectStublessClient9 (Address: 0x1001f194)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x1001f1e4)
  • IsDebuggerPresent (Address: 0x1001f1ec)
  • OutputDebugStringW (Address: 0x1001f1e8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x1001f1f4)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x1001f1fc)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1001f208)
  • RaiseException (Address: 0x1001f204)
  • SetLastError (Address: 0x1001f214)
  • SetUnhandledExceptionFilter (Address: 0x1001f20c)
  • UnhandledExceptionFilter (Address: 0x1001f210)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1001f21c)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1001f224)
  • HeapAlloc (Address: 0x1001f228)
  • HeapFree (Address: 0x1001f22c)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1001f238)
  • LocalFree (Address: 0x1001f234)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x1001f250)
  • FreeLibrary (Address: 0x1001f244)
  • GetModuleFileNameA (Address: 0x1001f254)
  • GetModuleHandleExW (Address: 0x1001f24c)
  • GetModuleHandleW (Address: 0x1001f248)
  • GetProcAddress (Address: 0x1001f240)
  • LoadLibraryExW (Address: 0x1001f258)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x1001f260)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x1001f280)
  • GetCurrentProcessId (Address: 0x1001f270)
  • GetCurrentThread (Address: 0x1001f284)
  • GetCurrentThreadId (Address: 0x1001f26c)
  • GetProcessId (Address: 0x1001f278)
  • OpenProcessToken (Address: 0x1001f268)
  • OpenThreadToken (Address: 0x1001f27c)
  • TerminateProcess (Address: 0x1001f274)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x1001f28c)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1001f294)
api-ms-win-core-registry-l1-1-0.dll
  • RegDeleteTreeW (Address: 0x1001f2a0)
  • RegEnumValueW (Address: 0x1001f2a4)
  • RegGetValueW (Address: 0x1001f29c)
  • RegQueryInfoKeyW (Address: 0x1001f2a8)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x1001f2b0)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1001f2e8)
  • AcquireSRWLockShared (Address: 0x1001f2bc)
  • CreateMutexExW (Address: 0x1001f2e0)
  • CreateSemaphoreExW (Address: 0x1001f2d4)
  • DeleteCriticalSection (Address: 0x1001f2b8)
  • InitializeCriticalSection (Address: 0x1001f2d0)
  • OpenSemaphoreW (Address: 0x1001f2dc)
  • ReleaseMutex (Address: 0x1001f2e4)
  • ReleaseSemaphore (Address: 0x1001f2d8)
  • ReleaseSRWLockExclusive (Address: 0x1001f2cc)
  • ReleaseSRWLockShared (Address: 0x1001f2c8)
  • WaitForSingleObject (Address: 0x1001f2c0)
  • WaitForSingleObjectEx (Address: 0x1001f2c4)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceExecuteOnce (Address: 0x1001f2f4)
  • Sleep (Address: 0x1001f2f0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x1001f304)
  • GetTickCount (Address: 0x1001f2fc)
  • GetVersionExW (Address: 0x1001f300)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x1001f30c)
  • EncodePointer (Address: 0x1001f310)
api-ms-win-core-winrt-error-l1-1-0.dll
  • GetRestrictedErrorInfo (Address: 0x1001f328)
  • RoOriginateError (Address: 0x1001f320)
  • RoOriginateErrorW (Address: 0x1001f31c)
  • RoTransformError (Address: 0x1001f324)
  • SetRestrictedErrorInfo (Address: 0x1001f318)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x1001f338)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x1001f334)
  • RoReportFailedDelegate (Address: 0x1001f330)
api-ms-win-core-winrt-l1-1-0.dll
  • RoGetActivationFactory (Address: 0x1001f340)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCreateString (Address: 0x1001f354)
  • WindowsCreateStringReference (Address: 0x1001f350)
  • WindowsGetStringRawBuffer (Address: 0x1001f34c)
  • WindowsIsStringEmpty (Address: 0x1001f348)
  • WindowsStringHasEmbeddedNull (Address: 0x1001f358)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x1001f364)
  • GetTraceEnableLevel (Address: 0x1001f374)
  • GetTraceLoggerHandle (Address: 0x1001f368)
  • RegisterTraceGuidsW (Address: 0x1001f360)
  • TraceMessage (Address: 0x1001f36c)
  • UnregisterTraceGuids (Address: 0x1001f370)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventProviderEnabled (Address: 0x1001f384)
  • EventRegister (Address: 0x1001f380)
  • EventSetInformation (Address: 0x1001f37c)
  • EventUnregister (Address: 0x1001f388)
  • EventWriteTransfer (Address: 0x1001f38c)
api-ms-win-security-base-l1-1-0.dll
  • CheckTokenMembership (Address: 0x1001f39c)
  • CopySid (Address: 0x1001f3a0)
  • CreateWellKnownSid (Address: 0x1001f394)
  • DuplicateToken (Address: 0x1001f3b4)
  • EqualSid (Address: 0x1001f3a4)
  • GetLengthSid (Address: 0x1001f3a8)
  • GetSecurityDescriptorDacl (Address: 0x1001f3ac)
  • GetTokenInformation (Address: 0x1001f398)
  • PrivilegeCheck (Address: 0x1001f3b0)
api-ms-win-security-lsapolicy-l1-1-0.dll
  • LsaClose (Address: 0x1001f3bc)
  • LsaFreeMemory (Address: 0x1001f3c0)
  • LsaLookupSids (Address: 0x1001f3cc)
  • LsaOpenPolicy (Address: 0x1001f3c8)
  • LsaQueryInformationPolicy (Address: 0x1001f3c4)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x1001f3d4)
api-ms-win-shcore-taskpool-l1-1-0.dll
  • SHTaskPoolAllowThreadReuse (Address: 0x1001f3e0)
  • SHTaskPoolQueueTask (Address: 0x1001f3dc)
AUTHZ.dll
  • AuthzAccessCheck (Address: 0x1001f03c)
  • AuthzAddSidsToContext (Address: 0x1001f038)
  • AuthzFreeContext (Address: 0x1001f040)
  • AuthzFreeResourceManager (Address: 0x1001f044)
  • AuthzInitializeContextFromSid (Address: 0x1001f034)
  • AuthzInitializeResourceManager (Address: 0x1001f048)
combase.dll
  • (Address: 0x1001f3e8)
  • (Address: 0x1001f3ec)
KERNEL32.dll
  • CreateFileW (Address: 0x1001f054)
  • GetSystemWindowsDirectoryW (Address: 0x1001f050)
msvcrt.dll
  • __CxxFrameHandler3 (Address: 0x1001f400)
  • __dllonexit (Address: 0x1001f408)
  • _amsg_exit (Address: 0x1001f428)
  • _callnewh (Address: 0x1001f430)
  • _except_handler4_common (Address: 0x1001f3f4)
  • _initterm (Address: 0x1001f41c)
  • _lock (Address: 0x1001f414)
  • _onexit (Address: 0x1001f404)
  • _purecall (Address: 0x1001f424)
  • _unlock (Address: 0x1001f410)
  • _vsnwprintf (Address: 0x1001f3f8)
  • _wtoi (Address: 0x1001f43c)
  • _XcptFilter (Address: 0x1001f42c)
  • free (Address: 0x1001f438)
  • malloc (Address: 0x1001f434)
  • memcmp (Address: 0x1001f420)
  • memcpy (Address: 0x1001f418)
  • memcpy_s (Address: 0x1001f3fc)
  • memmove (Address: 0x1001f40c)
  • memset (Address: 0x1001f444)
  • toupper (Address: 0x1001f440)
netutils.dll
  • NetApiBufferFree (Address: 0x1001f44c)
ntdll.dll
  • NtClose (Address: 0x1001f464)
  • NtDuplicateToken (Address: 0x1001f468)
  • NtGetCachedSigningLevel (Address: 0x1001f474)
  • NtOpenProcessToken (Address: 0x1001f46c)
  • NtOpenThreadToken (Address: 0x1001f460)
  • NtQueryInformationToken (Address: 0x1001f480)
  • NtQuerySystemInformation (Address: 0x1001f47c)
  • NtSetCachedSigningLevel (Address: 0x1001f478)
  • RtlAcquireResourceExclusive (Address: 0x1001f458)
  • RtlCopySid (Address: 0x1001f498)
  • RtlDeleteResource (Address: 0x1001f4b0)
  • RtlEqualSid (Address: 0x1001f4ac)
  • RtlGetDeviceFamilyInfoEnum (Address: 0x1001f4a4)
  • RtlGetNtProductType (Address: 0x1001f490)
  • RtlInitializeResource (Address: 0x1001f454)
  • RtlInitializeSid (Address: 0x1001f488)
  • RtlInitUnicodeString (Address: 0x1001f484)
  • RtlIsMultiSessionSku (Address: 0x1001f49c)
  • RtlLengthSid (Address: 0x1001f494)
  • RtlNtStatusToDosError (Address: 0x1001f4a8)
  • RtlReleaseResource (Address: 0x1001f45c)
  • RtlSubAuthorityCountSid (Address: 0x1001f4a0)
  • RtlSubAuthoritySid (Address: 0x1001f48c)
  • WinSqmSetString (Address: 0x1001f470)
ole32.dll
  • CoGetObject (Address: 0x1001f4b8)
OLEAUT32.dll
  • VariantClear (Address: 0x1001f05c)
  • VariantInit (Address: 0x1001f060)
RPCRT4.dll
  • CStdStubBuffer_AddRef (Address: 0x1001f0d8)
  • CStdStubBuffer_Connect (Address: 0x1001f0b4)
  • CStdStubBuffer_CountRefs (Address: 0x1001f0d4)
  • CStdStubBuffer_DebugServerQueryInterface (Address: 0x1001f0a4)
  • CStdStubBuffer_DebugServerRelease (Address: 0x1001f0c4)
  • CStdStubBuffer_Disconnect (Address: 0x1001f0c0)
  • CStdStubBuffer_Invoke (Address: 0x1001f084)
  • CStdStubBuffer_IsIIDSupported (Address: 0x1001f0b8)
  • CStdStubBuffer_QueryInterface (Address: 0x1001f0d0)
  • I_RpcExceptionFilter (Address: 0x1001f09c)
  • I_RpcMapWin32Status (Address: 0x1001f0ac)
  • IUnknown_AddRef_Proxy (Address: 0x1001f0a0)
  • IUnknown_QueryInterface_Proxy (Address: 0x1001f0bc)
  • IUnknown_Release_Proxy (Address: 0x1001f0dc)
  • NdrClientCall4 (Address: 0x1001f070)
  • NdrCStdStubBuffer_Release (Address: 0x1001f0b0)
  • NdrCStdStubBuffer2_Release (Address: 0x1001f078)
  • NdrDllCanUnloadNow (Address: 0x1001f080)
  • NdrDllGetClassObject (Address: 0x1001f07c)
  • NdrOleAllocate (Address: 0x1001f0c8)
  • NdrOleFree (Address: 0x1001f0cc)
  • NdrStubCall2 (Address: 0x1001f08c)
  • NdrStubForwardingFunction (Address: 0x1001f088)
  • RpcBindingBind (Address: 0x1001f068)
  • RpcBindingCreateW (Address: 0x1001f06c)
  • RpcBindingFree (Address: 0x1001f074)
  • RpcBindingFromStringBindingW (Address: 0x1001f094)
  • RpcBindingSetAuthInfoExW (Address: 0x1001f0a8)
  • RpcStringBindingComposeW (Address: 0x1001f098)
  • RpcStringFreeW (Address: 0x1001f090)
samcli.dll
  • NetUserGetInfo (Address: 0x1001f4c0)
SAMLIB.dll
  • SamCloseHandle (Address: 0x1001f0e8)
  • SamConnect (Address: 0x1001f0fc)
  • SamFreeMemory (Address: 0x1001f100)
  • SamOpenDomain (Address: 0x1001f0ec)
  • SamOpenUser (Address: 0x1001f0f8)
  • SamQueryInformationDomain (Address: 0x1001f0e4)
  • SamQueryInformationUser (Address: 0x1001f0f0)
  • SamQuerySecurityObject (Address: 0x1001f0f4)
twinapi.appcore.dll
  • (Address: 0x1001f4c8)
  • (Address: 0x1001f4cc)
  • (Address: 0x1001f4d0)
  • (Address: 0x1001f4d4)
USER32.dll
  • (Address: 0x1001f108)
  • (Address: 0x1001f120)
  • EnableWindow (Address: 0x1001f118)
  • GetAncestor (Address: 0x1001f11c)
  • GetClassNameW (Address: 0x1001f110)
  • GetWindow (Address: 0x1001f128)
  • GetWindowThreadProcessId (Address: 0x1001f12c)
  • IsWindow (Address: 0x1001f114)
  • SystemParametersInfoW (Address: 0x1001f10c)
  • UpdatePerUserSystemParameters (Address: 0x1001f124)