sub_1003596(1290):
	KERNEL32.CreateDirectoryA

sub_10024C1(3142):
	KERNEL32.CloseHandle

sub_10024E0(3245):
	KERNEL32.SetFilePointer

sub_1002B1C(517a):
	NTDLL.NtOpenProcessToken
	NTDLL.NtAdjustPrivilegesToken
	NTDLL.NtClose

DialogFunc(5921):
	USER32.LoadStringA
	SHELL32.SHBrowseForFolderA
	SHELL32.SHGetPathFromIDListA
	USER32.SendDlgItemMessageA
	USER32.SendMessageA
	USER32.EndDialog

sub_10025BE(6351):
	KERNEL32.CloseHandle
	KERNEL32.DeleteFileA

sub_10026BA(736e):
	USER32.SetParent
	KERNEL32.Sleep
	KERNEL32.SetEvent
	KERNEL32.TerminateProcess
	USER32.EndDialog

sub_1002BF1(799f):
	KERNEL32.GetEnvironmentVariableA
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.SetEnvironmentVariableA
	KERNEL32.CloseHandle

	"_SFX_CAB_SHUTDOWN_REQUEST"
	"_SFX_CAB_SHUTDOWN_REQUEST"

sub_1002BA0(7c2a):
	NTDLL.NtOpenProcessToken
	NTDLL.NtAdjustPrivilegesToken
	NTDLL.NtClose

sub_100369E(84dc):
	ADVAPI32.InitializeSecurityDescriptor
	ADVAPI32.InitializeAcl
	ADVAPI32.SetSecurityDescriptorDacl
	KERNEL32.GetCurrentDirectoryA
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetDriveTypeA
	MSVCRT.strncpy
	KERNEL32.QueryDosDeviceA
	MSVCRT._strlwr
	MSVCRT.strstr
	KERNEL32.GetDiskFreeSpaceA
	ADVAPI32.CryptAcquireContextA
	ADVAPI32.CryptGenRandom
	ADVAPI32.CryptReleaseContext
	KERNEL32.GetSystemTime
	KERNEL32.SystemTimeToFileTime
	USER32.DialogBoxParamA

	"backofficestorage"
	"%s"
	"%02x"
	"temp\\ext"

sub_1003AE1(8841):
	KERNEL32.DosDateTimeToFileTime
	KERNEL32.LocalFileTimeToFileTime
	KERNEL32.SetFileTime
	KERNEL32.CloseHandle
	USER32.SendDlgItemMessageA
	MSVCRT.strstr

	"cdtag.1"

sub_1002F1B(971b):
	KERNEL32.CreateFileA
	KERNEL32.SetFilePointer

StartAddress(9774):
	USER32.DialogBoxParamA

sub_1002556(a6cc):
	USER32.LoadStringA
	KERNEL32.FormatMessageA

sub_1002CB9(c4de):
	USER32.LoadStringA
	USER32.MessageBoxA
	KERNEL32.ExitProcess

sub_1002F5A(c5ff):
	KERNEL32.ReadFile

start_0(cc3c):
	KERNEL32.InitializeCriticalSectionAndSpinCount
	COMCTL32.InitCommonControls
	KERNEL32.GetProcessHeap
	KERNEL32.CreateEventA
	KERNEL32.CreateThread
	KERNEL32.WaitForSingleObject
	KERNEL32.Sleep
	USER32.ShowWindow
	USER32.SetParent
	MSVCRT.strstr
	KERNEL32.SetEnvironmentVariableA
	KERNEL32.CreateProcessA
	KERNEL32.GetExitCodeProcess
	USER32.MessageBoxA
	KERNEL32.ExitProcess

	"\\update\\update.exe"
	"_SFX_CAB_EXE_PATH"

sub_100280D(ceec):
	KERNEL32.CreateFileA
	KERNEL32.SetFilePointer
	KERNEL32.GetEnvironmentVariableA
	KERNEL32.SetEnvironmentVariableA
	KERNEL32.CloseHandle

sub_10023BC(d625):
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile

sub_1002D83(d9c3):
	KERNEL32.OpenEventA
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle
	KERNEL32.Sleep
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	ADVAPI32.InitiateSystemShutdownA
	KERNEL32.GetSystemDirectoryA
	MSVCRT.strchr
	KERNEL32.CreateFileA
	KERNEL32.FlushFileBuffers
	NTDLL.NtShutdownSystem
	KERNEL32.FreeLibrary

	"WFP_IDLE_TRIGGER"
	"advapi32.dll"
	"InitiateSystemShutdownExA"

sub_1002F82(df69):
	KERNEL32.WriteFile

sub_1002FAA(df84):
	ADVAPI32.AllocateAndInitializeSid
	KERNEL32.GetCurrentProcess
	ADVAPI32.OpenProcessToken
	ADVAPI32.GetLengthSid

sub_1003272(eaff):
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetCommandLineA
	KERNEL32.GetFileAttributesA

sub_10035EA(f20e):
	KERNEL32.GetFileAttributesA
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

	"advapi32.dll"
	"DecryptFileA"