Chapter 1:
// date = 2020.12.14
//surmise, Ordinal 

Host-Based Signatures: These indicators often identify files created or modified by

the malware or specific changes that it makes to the registry.

Network signatures: detect malicious code by monitoring network traffic

Analysis: use GDI32.dll and User32.dll most likely have a GUI interface. Also is able to manipulate the process/files. Using Advapi32.dll which indicates it does something with the registries. such as. \Software\Microsoft\Windows\CurrentVersion\Run, which is a registry key that controls which programs are automatically run when booting.