| Objective | Enable APIs | Meaning |
|---|---|---|
| Network / C2 | getaddrinfo, connect, send, recv, WSAConnect, WSASend, WSARecv | DNS, TCP, beaconing |
| HTTP / Web | InternetOpenUrlW, InternetConnectW, HttpSendRequestW, WinHttpSendRequest | HTTP/S traffic |
| Registry Persistence | RegCreateKeyExW, RegSetValueExW, RegOpenKeyExW | Run keys, config |
| File Drop / Read | CreateFileW, WriteFile, ReadFile, MoveFileExW | Payload/file activity |
| Process Spawn | CreateProcessW, ShellExecuteExW, WinExec | Child execution |
| Injection | VirtualAllocEx, WriteProcessMemory, CreateRemoteThread, NtCreateThreadEx | Injection path |
| Crypto | CryptAcquireContextW, CryptEncrypt, CryptDecrypt, BCryptEncrypt | Encryption/decryption |
| Drive Discovery | GetDriveTypeW, GetLogicalDrives | USB / storage check |
| Timing / Delay | Sleep, WaitForSingleObject, SetWaitableTimer | Delay / loop |
| Service Abuse | OpenSCManagerW, CreateServiceW, StartServiceW | Service persistence |
| Socket Detail | bind, listen, accept, closesocket | Listener / socket lifecycle |
BLUE TEAM / MALWARE REVERSE / WINDOWS