ReAgent.dll

Description: Microsoft Windows Recovery Agent DLL

Version: 10.0.19041.6456

Architecture: 32-bit

Operating System: Windows NT

SHA256: a5caf3f9a45ef302c33a38aec6f0a997

File Size: 941.9 KB

Uploaded At: Dec. 1, 2025, 8:03 a.m.

Views: 7

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

WinRE_Specialize (Ordinal: 1, Address: 0x513a0)
WinRE_Specialize_Offline (Ordinal: 2, Address: 0x51420)
WinReClearOemImagePath (Ordinal: 3, Address: 0x53a00)
WinReRestoreConfigAfterPBR (Ordinal: 4, Address: 0x59e10)
WinRECheckGuid (Ordinal: 5, Address: 0x54ef0)
WinREUseNewPBRImage (Ordinal: 6, Address: 0x54fe0)
WinRE_Generalize (Ordinal: 7, Address: 0x552d0)
WinReAddTrustedBootApp (Ordinal: 8, Address: 0x55310)
WinReClearBootApp (Ordinal: 9, Address: 0x55390)
WinReClearError (Ordinal: 10, Address: 0x4bca0)
WinReConfigureTask (Ordinal: 11, Address: 0x55410)
WinReCopyDiagnosticFiles (Ordinal: 12, Address: 0x55910)
WinReCopyLogFilesToRamdisk (Ordinal: 13, Address: 0x5b2a0)
WinReCreateLogInstance (Ordinal: 14, Address: 0x5b320)
WinReCreateLogInstanceEx (Ordinal: 15, Address: 0x5b350)
WinReDeleteLogFiles (Ordinal: 16, Address: 0x5b450)
WinReGetConfig (Ordinal: 17, Address: 0x4bcb0)
WinReGetCustomization (Ordinal: 18, Address: 0x559a0)
WinReGetError (Ordinal: 19, Address: 0x4c260)
WinReGetLogDirPath (Ordinal: 20, Address: 0x5b510)
WinReGetTrustedBootApps (Ordinal: 21, Address: 0x55cc0)
WinReGetWIMInfo (Ordinal: 22, Address: 0x55d40)
WinReHashBootApp (Ordinal: 23, Address: 0x55f00)
WinReHashWimFile (Ordinal: 24, Address: 0x55f90)
WinReInitiateOfflineScanning (Ordinal: 25, Address: 0x56000)
WinReInstall (Ordinal: 26, Address: 0x517e0)
WinReInstallOnTargetOS (Ordinal: 27, Address: 0x51860)
WinReIsInstalledOnSystemPartition (Ordinal: 28, Address: 0x56390)
WinReIsWimBootEnabled (Ordinal: 29, Address: 0x567f0)
WinReIsWinPE (Ordinal: 30, Address: 0x4c270)
WinReOobeInstall (Ordinal: 31, Address: 0x56870)
WinReOpenLogInstance (Ordinal: 32, Address: 0x5b7a0)
WinRePostBCDRepair (Ordinal: 33, Address: 0x56a90)
WinReQueueRecoveryBoot (Ordinal: 34, Address: 0x56e20)
WinReReinstall (Ordinal: 35, Address: 0x51900)
WinReRemoveTrustedBootApp (Ordinal: 36, Address: 0x56f70)
WinReRepair (Ordinal: 37, Address: 0x56ff0)
WinReRestoreLogFiles (Ordinal: 38, Address: 0x5b9b0)
WinReSetBootApp (Ordinal: 39, Address: 0x574b0)
WinReSetConfig (Ordinal: 40, Address: 0x57540)
WinReSetCustomization (Ordinal: 41, Address: 0x57b40)
WinReSetError (Ordinal: 42, Address: 0x4c280)
WinReSetNarratorScheduled (Ordinal: 43, Address: 0x57e30)
WinReSetRecoveryAction (Ordinal: 44, Address: 0x57fb0)
WinReSetTriggerFile (Ordinal: 45, Address: 0x5ba30)
WinReSetupBackupWinRE (Ordinal: 46, Address: 0x5c6d0)
WinReSetupCheckWinRE (Ordinal: 47, Address: 0x5d710)
WinReSetupInstall (Ordinal: 48, Address: 0x449b0)
WinReSetupMigrateData (Ordinal: 49, Address: 0x45d70)
WinReSetupRemoveWinRE (Ordinal: 50, Address: 0x46170)
WinReSetupRestoreWinREEx (Ordinal: 51, Address: 0x5d850)
WinReSetupSetImage (Ordinal: 52, Address: 0x5d940)
WinReUnInstall (Ordinal: 53, Address: 0x582f0)
WinReUpdateLogInstance (Ordinal: 54, Address: 0x5bc30)
WinReValidateRecoveryWim (Ordinal: 55, Address: 0x58370)
WinReValidateWimFile (Ordinal: 56, Address: 0x587c0)
winreFindInstallMedia (Ordinal: 57, Address: 0x5e4c0)
winreGetBinaryArch (Ordinal: 58, Address: 0x5f180)

Imported DLLs & Functions

ADVAPI32.dll

AddAccessAllowedAceEx (Address: 0x100de054)
AdjustTokenPrivileges (Address: 0x100de064)
AllocateAndInitializeSid (Address: 0x100de060)
CloseEncryptedFileRaw (Address: 0x100de010)
ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x100de04c)
CryptAcquireContextW (Address: 0x100de094)
CryptCreateHash (Address: 0x100de090)
CryptDestroyHash (Address: 0x100de084)
CryptGetHashParam (Address: 0x100de088)
CryptHashData (Address: 0x100de08c)
CryptReleaseContext (Address: 0x100de098)
DuplicateTokenEx (Address: 0x100de0b4)
EventRegister (Address: 0x100de048)
EventUnregister (Address: 0x100de044)
EventWrite (Address: 0x100de0bc)
EventWriteTransfer (Address: 0x100de040)
FreeSid (Address: 0x100de000)
GetAclInformation (Address: 0x100de020)
GetLengthSid (Address: 0x100de05c)
GetSecurityDescriptorControl (Address: 0x100de028)
GetSecurityDescriptorDacl (Address: 0x100de030)
GetSecurityDescriptorGroup (Address: 0x100de034)
GetSecurityDescriptorLength (Address: 0x100de024)
GetSecurityDescriptorOwner (Address: 0x100de038)
GetSecurityDescriptorSacl (Address: 0x100de02c)
InitializeAcl (Address: 0x100de058)
InitiateSystemShutdownExW (Address: 0x100de074)
LookupPrivilegeValueW (Address: 0x100de068)
OpenEncryptedFileRawW (Address: 0x100de018)
OpenProcessToken (Address: 0x100de06c)
OpenThreadToken (Address: 0x100de01c)
RegCloseKey (Address: 0x100de0a8)
RegCreateKeyExW (Address: 0x100de078)
RegDeleteKeyExW (Address: 0x100de0c0)
RegDeleteKeyW (Address: 0x100de070)
RegDeleteTreeW (Address: 0x100de004)
RegDeleteValueW (Address: 0x100de0a0)
RegEnumValueW (Address: 0x100de03c)
RegGetValueW (Address: 0x100de09c)
RegLoadKeyW (Address: 0x100de080)
RegOpenKeyExW (Address: 0x100de0b0)
RegQueryValueExW (Address: 0x100de0ac)
RegSetValueExW (Address: 0x100de0a4)
RegUnLoadKeyW (Address: 0x100de07c)
RevertToSelf (Address: 0x100de00c)
SetNamedSecurityInfoW (Address: 0x100de050)
SetThreadToken (Address: 0x100de0b8)
TraceMessage (Address: 0x100de008)
WriteEncryptedFileRaw (Address: 0x100de014)

bcrypt.dll

BCryptCloseAlgorithmProvider (Address: 0x100de364)
BCryptCreateHash (Address: 0x100de36c)
BCryptDestroyHash (Address: 0x100de368)
BCryptFinishHash (Address: 0x100de358)
BCryptGetProperty (Address: 0x100de35c)
BCryptHashData (Address: 0x100de354)
BCryptOpenAlgorithmProvider (Address: 0x100de360)

Cabinet.dll

(Address: 0x100de0c8)
(Address: 0x100de0cc)
(Address: 0x100de0d0)

imagehlp.dll

ImageNtHeader (Address: 0x100de374)

KERNEL32.dll

AcquireSRWLockExclusive (Address: 0x100de118)
AcquireSRWLockShared (Address: 0x100de120)
CloseHandle (Address: 0x100de12c)
CloseThreadpoolTimer (Address: 0x100de140)
CompareStringW (Address: 0x100de1f0)
CopyFileExW (Address: 0x100de2e4)
CopyFileW (Address: 0x100de170)
CreateDirectoryW (Address: 0x100de16c)
CreateEventW (Address: 0x100de264)
CreateFileMappingW (Address: 0x100de21c)
CreateFileW (Address: 0x100de168)
CreateMutexExW (Address: 0x100de1a4)
CreateProcessW (Address: 0x100de2c0)
CreateSemaphoreExW (Address: 0x100de1ac)
CreateSemaphoreW (Address: 0x100de294)
CreateThread (Address: 0x100de298)
CreateThreadpoolTimer (Address: 0x100de15c)
DebugBreak (Address: 0x100de100)
DeleteCriticalSection (Address: 0x100de150)
DeleteFileW (Address: 0x100de1d0)
DeviceIoControl (Address: 0x100de180)
DosDateTimeToFileTime (Address: 0x100de2b0)
DuplicateHandle (Address: 0x100de284)
EnterCriticalSection (Address: 0x100de148)
ExpandEnvironmentStringsW (Address: 0x100de0dc)
FindClose (Address: 0x100de1fc)
FindFirstFileW (Address: 0x100de1f4)
FindFirstVolumeW (Address: 0x100de184)
FindNextFileW (Address: 0x100de1f8)
FindNextVolumeW (Address: 0x100de190)
FindVolumeClose (Address: 0x100de194)
FlushFileBuffers (Address: 0x100de1c4)
FormatMessageW (Address: 0x100de0e8)
FreeLibrary (Address: 0x100de218)
GetCurrentDirectoryW (Address: 0x100de0e0)
GetCurrentProcess (Address: 0x100de314)
GetCurrentProcessId (Address: 0x100de2fc)
GetCurrentThread (Address: 0x100de248)
GetCurrentThreadId (Address: 0x100de300)
GetDiskFreeSpaceExW (Address: 0x100de18c)
GetDriveTypeW (Address: 0x100de188)
GetEnvironmentVariableW (Address: 0x100de234)
GetExitCodeProcess (Address: 0x100de2c4)
GetFileAttributesExW (Address: 0x100de178)
GetFileAttributesW (Address: 0x100de198)
GetFileInformationByHandle (Address: 0x100de20c)
GetFileInformationByHandleEx (Address: 0x100de0d8)
GetFileSize (Address: 0x100de1b4)
GetFileSizeEx (Address: 0x100de1e8)
GetFinalPathNameByHandleW (Address: 0x100de260)
GetFirmwareEnvironmentVariableW (Address: 0x100de228)
GetFullPathNameW (Address: 0x100de19c)
GetHandleInformation (Address: 0x100de22c)
GetLastError (Address: 0x100de10c)
GetLongPathNameW (Address: 0x100de0e4)
GetModuleFileNameA (Address: 0x100de0fc)
GetModuleFileNameW (Address: 0x100de278)
GetModuleHandleExW (Address: 0x100de0f8)
GetModuleHandleW (Address: 0x100de104)
GetOverlappedResult (Address: 0x100de238)
GetPrivateProfileSectionW (Address: 0x100de288)
GetPrivateProfileStringW (Address: 0x100de2a4)
GetProcAddress (Address: 0x100de108)
GetProcessHeap (Address: 0x100de0f0)
GetSystemDirectoryW (Address: 0x100de174)
GetSystemInfo (Address: 0x100de240)
GetSystemTimeAsFileTime (Address: 0x100de304)
GetSystemWindowsDirectoryW (Address: 0x100de1e0)
GetTempPathW (Address: 0x100de2dc)
GetTickCount (Address: 0x100de308)
GetTickCount64 (Address: 0x100de1ec)
GetVersionExW (Address: 0x100de1d8)
GetVolumeInformationByHandleW (Address: 0x100de29c)
GetVolumeInformationW (Address: 0x100de25c)
GetVolumeNameForVolumeMountPointW (Address: 0x100de17c)
GetVolumePathNamesForVolumeNameW (Address: 0x100de200)
GetVolumePathNameW (Address: 0x100de1a0)
GetWindowsDirectoryW (Address: 0x100de164)
GlobalMemoryStatusEx (Address: 0x100de2a0)
HeapAlloc (Address: 0x100de0ec)
HeapFree (Address: 0x100de0f4)
HeapReAlloc (Address: 0x100de254)
InitializeCriticalSection (Address: 0x100de250)
InitializeCriticalSectionAndSpinCount (Address: 0x100de268)
InitializeCriticalSectionEx (Address: 0x100de14c)
IsDebuggerPresent (Address: 0x100de110)
LeaveCriticalSection (Address: 0x100de1a8)
LoadLibraryExA (Address: 0x100de2d0)
LoadLibraryExW (Address: 0x100de214)
LoadLibraryW (Address: 0x100de2bc)
LocalAlloc (Address: 0x100de274)
LocalFileTimeToFileTime (Address: 0x100de2b4)
LocalFree (Address: 0x100de23c)
LockFileEx (Address: 0x100de26c)
MapViewOfFile (Address: 0x100de220)
MoveFileExW (Address: 0x100de1c8)
MultiByteToWideChar (Address: 0x100de1b0)
OpenProcess (Address: 0x100de280)
OpenSemaphoreW (Address: 0x100de158)
OutputDebugStringW (Address: 0x100de114)
QueryPerformanceCounter (Address: 0x100de2f8)
RaiseException (Address: 0x100de2d4)
ReadFile (Address: 0x100de1b8)
ReleaseMutex (Address: 0x100de134)
ReleaseSemaphore (Address: 0x100de130)
ReleaseSRWLockExclusive (Address: 0x100de11c)
ReleaseSRWLockShared (Address: 0x100de124)
RemoveDirectoryW (Address: 0x100de1d4)
ResetEvent (Address: 0x100de2ac)
SetEndOfFile (Address: 0x100de1bc)
SetEvent (Address: 0x100de290)
SetFileAttributesW (Address: 0x100de1cc)
SetFileInformationByHandle (Address: 0x100de258)
SetFilePointer (Address: 0x100de24c)
SetFilePointerEx (Address: 0x100de230)
SetFileTime (Address: 0x100de2b8)
SetFirmwareEnvironmentVariableW (Address: 0x100de210)
SetLastError (Address: 0x100de128)
SetThreadIdealProcessor (Address: 0x100de244)
SetThreadpoolTimer (Address: 0x100de138)
SetUnhandledExceptionFilter (Address: 0x100de310)
SetVolumeMountPointW (Address: 0x100de2c8)
Sleep (Address: 0x100de2f4)
SleepConditionVariableSRW (Address: 0x100de1dc)
TerminateProcess (Address: 0x100de318)
TlsAlloc (Address: 0x100de2e8)
TlsFree (Address: 0x100de2f0)
TlsGetValue (Address: 0x100de160)
TlsSetValue (Address: 0x100de2ec)
UnhandledExceptionFilter (Address: 0x100de30c)
UnlockFileEx (Address: 0x100de270)
UnmapViewOfFile (Address: 0x100de224)
VirtualAlloc (Address: 0x100de208)
VirtualFree (Address: 0x100de2cc)
VirtualProtect (Address: 0x100de1e4)
VirtualQuery (Address: 0x100de2d8)
WaitForMultipleObjects (Address: 0x100de28c)
WaitForMultipleObjectsEx (Address: 0x100de2a8)
WaitForSingleObject (Address: 0x100de154)
WaitForSingleObjectEx (Address: 0x100de144)
WaitForThreadpoolTimerCallbacks (Address: 0x100de13c)
WakeAllConditionVariable (Address: 0x100de2e0)
WideCharToMultiByte (Address: 0x100de27c)
WriteFile (Address: 0x100de1c0)
WritePrivateProfileStringW (Address: 0x100de204)

msvcrt.dll

__CxxFrameHandler3 (Address: 0x100de3c4)
__dllonexit (Address: 0x100de398)
_amsg_exit (Address: 0x100de37c)
_atoi64 (Address: 0x100de3fc)
_callnewh (Address: 0x100de404)
_CxxThrowException (Address: 0x100de3ac)
_except_handler4_common (Address: 0x100de384)
_initterm (Address: 0x100de380)
_lock (Address: 0x100de388)
_onexit (Address: 0x100de39c)
_purecall (Address: 0x100de3e8)
_snwscanf_s (Address: 0x100de450)
_ultow_s (Address: 0x100de448)
_unlock (Address: 0x100de394)
_vscwprintf (Address: 0x100de3e4)
_vsnprintf (Address: 0x100de40c)
_vsnprintf_s (Address: 0x100de3d0)
_vsnwprintf (Address: 0x100de3c8)
_vsnwprintf_s (Address: 0x100de44c)
_wcsicmp (Address: 0x100de3ec)
_wcslwr (Address: 0x100de420)
_wcsnicmp (Address: 0x100de3f4)
_wcsupr (Address: 0x100de430)
_wtoi64 (Address: 0x100de3b0)
_XcptFilter (Address: 0x100de400)
??0exception@@QAE@ABQBD@Z (Address: 0x100de3b4)
??0exception@@QAE@ABV0@@Z (Address: 0x100de3dc)
??0exception@@QAE@XZ (Address: 0x100de3d4)
??1exception@@UAE@XZ (Address: 0x100de3d8)
??1type_info@@UAE@XZ (Address: 0x100de3a4)
?terminate@@YAXXZ (Address: 0x100de3a8)
?what@exception@@UBEPBDXZ (Address: 0x100de3c0)
atol (Address: 0x100de3f8)
free (Address: 0x100de3bc)
iswspace (Address: 0x100de438)
malloc (Address: 0x100de408)
memcmp (Address: 0x100de390)
memcpy (Address: 0x100de38c)
memcpy_s (Address: 0x100de3cc)
memmove (Address: 0x100de3a0)
memmove_s (Address: 0x100de3e0)
memset (Address: 0x100de45c)
qsort (Address: 0x100de424)
strcpy_s (Address: 0x100de42c)
strncmp (Address: 0x100de454)
swprintf_s (Address: 0x100de444)
swscanf_s (Address: 0x100de410)
towupper (Address: 0x100de428)
wcscat_s (Address: 0x100de440)
wcschr (Address: 0x100de3f0)
wcscpy_s (Address: 0x100de43c)
wcsncmp (Address: 0x100de414)
wcsnlen (Address: 0x100de418)
wcsrchr (Address: 0x100de3b8)
wcsstr (Address: 0x100de41c)
wcstoul (Address: 0x100de434)
wprintf (Address: 0x100de458)

ntdll.dll

DbgPrintEx (Address: 0x100de590)
LdrGetDllHandle (Address: 0x100de4f8)
LdrGetProcedureAddress (Address: 0x100de4f4)
NtAdjustPrivilegesToken (Address: 0x100de524)
NtClose (Address: 0x100de470)
NtCreateFile (Address: 0x100de5b0)
NtDeviceIoControlFile (Address: 0x100de540)
NtEnumerateBootEntries (Address: 0x100de55c)
NtOpenDirectoryObject (Address: 0x100de554)
NtOpenFile (Address: 0x100de588)
NtOpenKey (Address: 0x100de538)
NtOpenProcessTokenEx (Address: 0x100de528)
NtOpenSymbolicLinkObject (Address: 0x100de534)
NtOpenThreadTokenEx (Address: 0x100de530)
NtQueryBootEntryOrder (Address: 0x100de548)
NtQueryBootOptions (Address: 0x100de54c)
NtQueryDirectoryObject (Address: 0x100de558)
NtQueryInformationFile (Address: 0x100de5c0)
NtQueryInformationProcess (Address: 0x100de5b8)
NtQuerySymbolicLinkObject (Address: 0x100de53c)
NtQuerySystemInformation (Address: 0x100de474)
NtQueryValueKey (Address: 0x100de544)
NtQueryVolumeInformationFile (Address: 0x100de5bc)
NtSetEaFile (Address: 0x100de5ac)
NtSetInformationFile (Address: 0x100de5b4)
NtSetInformationThread (Address: 0x100de52c)
NtSetSecurityObject (Address: 0x100de580)
NtTranslateFilePath (Address: 0x100de550)
NtYieldExecution (Address: 0x100de564)
RtlAcquireResourceExclusive (Address: 0x100de5a0)
RtlAcquireResourceShared (Address: 0x100de59c)
RtlAddAccessAllowedAceEx (Address: 0x100de4b8)
RtlAdjustPrivilege (Address: 0x100de56c)
RtlAllocateAndInitializeSid (Address: 0x100de4bc)
RtlAllocateHeap (Address: 0x100de5c4)
RtlAppendUnicodeToString (Address: 0x100de49c)
RtlCompareMemory (Address: 0x100de560)
RtlCreateAcl (Address: 0x100de4d8)
RtlCreateSecurityDescriptor (Address: 0x100de4e4)
RtlDeleteResource (Address: 0x100de594)
RtlDosPathNameToNtPathName_U (Address: 0x100de584)
RtlFindAceByType (Address: 0x100de57c)
RtlFreeHeap (Address: 0x100de570)
RtlFreeSid (Address: 0x100de4c8)
RtlFreeUnicodeString (Address: 0x100de47c)
RtlGetLastNtStatus (Address: 0x100de574)
RtlGetVersion (Address: 0x100de51c)
RtlGUIDFromString (Address: 0x100de468)
RtlImpersonateSelf (Address: 0x100de5a8)
RtlInitAnsiString (Address: 0x100de500)
RtlInitializeResource (Address: 0x100de5a4)
RtlInitUnicodeString (Address: 0x100de568)
RtlLengthSecurityDescriptor (Address: 0x100de4a4)
RtlLengthSid (Address: 0x100de4c0)
RtlNtStatusToDosError (Address: 0x100de464)
RtlRaiseStatus (Address: 0x100de46c)
RtlReAllocateHeap (Address: 0x100de58c)
RtlReleaseResource (Address: 0x100de598)
RtlSetControlSecurityDescriptor (Address: 0x100de578)
RtlSetDaclSecurityDescriptor (Address: 0x100de4ac)
RtlSetOwnerSecurityDescriptor (Address: 0x100de4a8)
RtlStringFromGUID (Address: 0x100de480)
ZwAllocateUuids (Address: 0x100de4f0)
ZwClose (Address: 0x100de498)
ZwCreateKey (Address: 0x100de4b0)
ZwDeleteKey (Address: 0x100de4cc)
ZwDeleteValueKey (Address: 0x100de4c4)
ZwDeviceIoControlFile (Address: 0x100de510)
ZwEnumerateKey (Address: 0x100de4d0)
ZwLoadKey (Address: 0x100de4b4)
ZwOpenDirectoryObject (Address: 0x100de520)
ZwOpenFile (Address: 0x100de490)
ZwOpenKey (Address: 0x100de4ec)
ZwOpenMutant (Address: 0x100de494)
ZwOpenProcess (Address: 0x100de508)
ZwOpenSymbolicLinkObject (Address: 0x100de518)
ZwQueryAttributesFile (Address: 0x100de4a0)
ZwQueryDirectoryObject (Address: 0x100de514)
ZwQueryInformationFile (Address: 0x100de504)
ZwQueryInformationProcess (Address: 0x100de4fc)
ZwQueryKey (Address: 0x100de488)
ZwQuerySymbolicLinkObject (Address: 0x100de50c)
ZwQuerySystemInformation (Address: 0x100de478)
ZwQueryValueKey (Address: 0x100de4d4)
ZwReleaseMutant (Address: 0x100de48c)
ZwSetSecurityObject (Address: 0x100de4dc)
ZwSetValueKey (Address: 0x100de4e8)
ZwUnloadKey (Address: 0x100de4e0)
ZwWaitForSingleObject (Address: 0x100de484)

ole32.dll

CLSIDFromString (Address: 0x100de5e0)
CoCreateGuid (Address: 0x100de5e4)
CoCreateInstance (Address: 0x100de5d4)
CoInitialize (Address: 0x100de5e8)
CoInitializeEx (Address: 0x100de5d0)
CoTaskMemFree (Address: 0x100de5cc)
CoUninitialize (Address: 0x100de5d8)
StringFromCLSID (Address: 0x100de5dc)

OLEAUT32.dll

SysAllocString (Address: 0x100de328)
SysFreeString (Address: 0x100de320)
VariantClear (Address: 0x100de32c)
VariantInit (Address: 0x100de324)

RPCRT4.dll

RpcStringFreeW (Address: 0x100de338)
UuidCompare (Address: 0x100de33c)
UuidCreate (Address: 0x100de340)
UuidToStringW (Address: 0x100de334)

USER32.dll

CharUpperW (Address: 0x100de34c)
LoadStringW (Address: 0x100de348)