Address	Ordinal	Name	Library
00BFD000		CloseHandle	kernel32
00BFD004		WaitForSingleObject	kernel32
00BFD008		lstrcmpiW	kernel32
00BFD00C		lstrlenW	kernel32
00BFD010		VerSetConditionMask	kernel32
00BFD014		VerifyVersionInfoW	kernel32
00BFD018		lstrcmpA	kernel32
00BFD01C		SetThreadPriority	kernel32
00BFD024		SysAllocString	oleaut32
00BFD028		SysFreeString	oleaut32
00BFD02C		VariantInit	oleaut32
00BFD030		VariantClear	oleaut32
00BFD038		MessageBoxW	user32
00C013F8		LocalAlloc	kernel32
00C013FC		NtOpenFile	ntdll
00C01400		Process32FirstW	kernel32
00C01404		GetKeyboardLayoutList	user32
00C01408		WinHttpQueryHeaders	winhttp
00C0140C		CreateCompatibleDC	gdi32
00C01410		CreateFileW	kernel32
00C01414		OpenServiceW	advapi32
00C01418		SetNamedSecurityInfoW	advapi32
00C0141C		NtShutdownSystem	ntdll
00C01420		CoSetProxyBlanket	combase
00C01424		WaitForSingleObject	kernel32
00C01428		CreateStreamOnHGlobal	combase
00C0142C		PostQueuedCompletionStatus	kernel32
00C01430		GetFileAttributesW	kernel32
00C01434		PathRemoveBackslashW	shlwapi
00C01438		WinHttpConnect	winhttp
00C0143C		RegCreateKeyExW	advapi32
00C01440		CryptGenRandom	advapi32
00C01444		ReleaseMutex	kernel32
00C01448		WinHttpOpenRequest	winhttp
00C0144C		RegCloseKey	advapi32
00C01450		GetLengthSid	advapi32
00C01454		RmRegisterResources	RstrtMgr
00C01458		ImpersonateLoggedOnUser	advapi32
00C0145C		SHTestTokenMembership	shell32
00C01460		RtlTimeToTimeFields	ntdll
00C01464		GetSystemDirectoryW	kernel32
00C01468		HeapAlloc	kernel32
00C0146C		PathIsDirectoryW	shlwapi
00C01470		GetDC	user32
00C01474		MulDiv	kernel32
00C01478		TerminateProcess	kernel32
00C0147C		SetPriorityClass	kernel32
00C01480		OpenProcess	kernel32
00C01484		ExitProcess	kernel32
00C01488		GetExitCodeProcess	kernel32
00C0148C		GetComputerNameW	kernel32
00C01490		_snwprintf	ntdll
00C01494		GetNativeSystemInfo	kernel32
00C01498		FindNextFileW	kernel32
00C0149C		WinHttpOpen	winhttp
00C014A0		SHEmptyRecycleBinW	shell32
00C014A4		GetTokenInformation	advapi32
00C014A8		CloseServiceHandle	advapi32
00C014AC		RmGetList	RstrtMgr
00C014B0		SHDeleteValueW	shlwapi
00C014B4		CreateMutexW	kernel32
00C014B8		GetSystemDefaultUILanguage	kernel32
00C014BC		DeleteFileW	kernel32
00C014C0		DeleteService	advapi32
00C014C4		CryptStringToBinaryW	crypt32
00C014C8		WinHttpSendRequest	winhttp
00C014CC		GetSystemMetrics	user32
00C014D0		SetEntriesInAclW	advapi32
00C014D4		UnmapViewOfFile	kernel32
00C014D8		SetTextColor	gdi32
00C014DC		HeapCreate	kernel32
00C014E0		CommandLineToArgvW	shell32
00C014E4		WinHttpReceiveResponse	winhttp
00C014E8		CreateIoCompletionPort	kernel32
00C014EC		Wow64RevertWow64FsRedirection	kernel32
00C014F0		SystemParametersInfoW	user32
00C014F4		SetTokenInformation	advapi32
00C014F8		ExitWindowsEx	user32
00C014FC		WNetEnumResourceW	mpr
00C01500		GetDriveTypeW	kernel32
00C01504		CreateThread	kernel32
00C01508		CoInitializeEx	combase
00C0150C		FillRect	user32
00C01510		RevertToSelf	advapi32
00C01514		MapViewOfFile	kernel32
00C01518		CryptAcquireContextW	advapi32
00C0151C		NetApiBufferFree	netapi32
00C01520		FindClose	kernel32
00C01524		RtlFreeHeap	ntdll
00C01528		WriteFile	kernel32
00C0152C		OpenProcessToken	advapi32
00C01530		WinHttpSetOption	winhttp
00C01534		FreeSid	advapi32
00C01538		SelectObject	gdi32
00C0153C		GetCurrentThread	kernel32
00C01540		GlobalAlloc	kernel32
00C01544		WNetCloseEnum	mpr
00C01548		GetQueuedCompletionStatus	kernel32
00C0154C		VirtualAlloc	kernel32
00C01550		GetCommandLineW	kernel32
00C01554		Process32NextW	kernel32
00C01558		GetFileSizeEx	kernel32
00C0155C		GetProcAddress	kernel32
00C01560		DeleteCriticalSection	kernel32
00C01564		GetStockObject	gdi32
00C01568		GetCurrentProcess	kernel32
00C0156C		DrawTextW	user32
00C01570		CompareFileTime	kernel32
00C01574		WNetOpenEnumW	mpr
00C01578		RmEndSession	RstrtMgr
00C0157C		CreateToolhelp32Snapshot	kernel32
00C01580		MoveFileExW	kernel32
00C01584		ShellExecuteExW	shell32
00C01588		wsprintfW	user32
00C0158C		CheckTokenMembership	advapi32
00C01590		QueryFullProcessImageNameW	kernel32
00C01594		GetModuleFileNameW	kernel32
00C01598		WinHttpCrackUrl	winhttp
00C0159C		SystemTimeToFileTime	kernel32
00C015A0		SHDeleteKeyW	shlwapi
00C015A4		ReadFile	kernel32
00C015A8		SetBkMode	gdi32
00C015AC		GetObjectW	gdi32
00C015B0		GetProcessHeap	kernel32
00C015B4		PathIsNetworkPathW	shlwapi
00C015B8		CreateFontW	gdi32
00C015BC		RtlAdjustPrivilege	ntdll
00C015C0		WinHttpReadData	winhttp
00C015C4		GetFileSize	kernel32
00C015C8		PathFindExtensionW	shlwapi
00C015CC		CreateFileMappingW	kernel32
00C015D0		DuplicateTokenEx	advapi32
00C015D4		SetFilePointerEx	kernel32
00C015D8		MoveFileW	kernel32
00C015DC		EnterCriticalSection	kernel32
00C015E0		VariantClear	oleaut32
00C015E4		FindFirstFileExW	kernel32
00C015E8		RtlGetLastWin32Error	ntdll
00C015EC		CoCreateInstance	combase
00C015F0		GetUserNameW	advapi32
00C015F4		OpenSCManagerW	advapi32
00C015F8		CreateProcessW	kernel32
00C015FC		NtSetInformationProcess	ntdll
00C01600		Wow64DisableWow64FsRedirection	kernel32
00C01604		SetBkColor	gdi32
00C01608		SysFreeString	oleaut32
00C0160C		GetVolumeInformationW	kernel32
00C01610		SetFileSecurityW	advapi32
00C01614		PathFindFileNameW	shlwapi
00C01618		RegSetValueExW	advapi32
00C0161C		LeaveCriticalSection	kernel32
00C01620		GetCurrentProcessId	kernel32
00C01624		GetWindowsDirectoryW	kernel32
00C01628		WinHttpQueryDataAvailable	winhttp
00C0162C		GetTempPathW	kernel32
00C01630		RmStartSession	RstrtMgr
00C01634		GetUserDefaultUILanguage	kernel32
00C01638		DeleteDC	gdi32
00C0163C		SetFileAttributesW	kernel32
00C01640		PathAddBackslashW	shlwapi
00C01644		GetForegroundWindow	user32
00C01648		ConvertStringSidToSidW	advapi32
00C0164C		GetWindowThreadProcessId	user32
00C01650		SetErrorMode	kernel32
00C01654		CryptBinaryToStringW	crypt32
00C01658		RegOpenKeyExW	advapi32
00C0165C		CoInitializeSecurity	combase
00C01660		AllocateAndInitializeSid	advapi32
00C01664		InitializeCriticalSection	kernel32
00C01668		CoUninitialize	combase
00C0166C		NetUserSetInfo	netapi32
00C01670		LocalFree	kernel32
00C01674		RtlInitUnicodeString	ntdll
00C01678		GlobalFree	kernel32
00C0167C		timeGetTime	winmm
00C01680		NtClose	ntdll
00C01684		GetSystemInfo	kernel32
00C01688		HeapDestroy	kernel32
00C0168C		SysAllocString	oleaut32
00C01690		WinHttpCloseHandle	winhttp
00C01694		SetThreadExecutionState	kernel32
00C01698		NtQueryInformationFile	ntdll
00C0169C		RegQueryValueExW	advapi32
00C016A0		NetShareEnum	netapi32
00C016A4		GetDiskFreeSpaceExW	kernel32
00C016A8		EnumServicesStatusExW	advapi32
00C016AC		CreateCompatibleBitmap	gdi32
00C016B0		ReleaseDC	user32
00C016B4		ControlService	advapi32
00C016B8		GetShellWindow	user32
00C016BC		GetDIBits	gdi32
00C016C0		StrToIntW	shlwapi
00C016C4		OpenMutexW	kernel32
00C016C8		PathQuoteSpacesW	shlwapi
00C016CC		WinExec	kernel32
00C016D0		CloseHandle	kernel32
00C016D4		timeBeginPeriod	winmm
00C016D8		IsValidSid	advapi32
00C016DC		SetPixel	gdi32
00C016E0		GetFileAttributesExW	kernel32
00C016E4		CreateProcessWithTokenW	advapi32
00C016E8		DeleteObject	gdi32
00C016EC		MultiByteToWideChar	kernel32
00C016F0		WideCharToMultiByte	kernel32
00C016F4		Sleep	kernel32
00C016F8		FindFirstFileW	kernel32
00C016FC		GetDeviceCaps	gdi32