sub_outside():
	KERNEL32.GetModuleHandleA
	KERNEL32.DeleteFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ExitProcess
	KERNEL32.Sleep
	WININET.InternetGetConnectedState

sub_31421FA3(09ff):
	MSVCRT.memset
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle

sub_314228DB(12a2):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_31421F52(1a20):
	KERNEL32.CreateThread
	KERNEL32.CloseHandle

sub_3142284D(2057):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

sub_3142172F(23eb):
	ADVAPI32.CryptAcquireContextA
	ADVAPI32.CryptImportKey

sub_3142177E(2986):
	ADVAPI32.CryptDestroyKey
	ADVAPI32.CryptReleaseContext

sub_3142207E(3338):
	WS2_32.recv
	MSVCRT.strstr
	WS2_32.send
	USER32.wsprintfA
	MSVCRT.strlen
	KERNEL32.Sleep
	KERNEL32.InterlockedIncrement
	WS2_32.shutdown
	WS2_32.closesocket
	KERNEL32.ExitThread

	"GET"
	"HTTP/1.1 200 OK\r\nContent-Type: applicat"...
	"Content-Length: %u\r\n\r\n"
	"HTTP/1.1 200 OK\r\n\r\n\r\n"

sub_31421F38(336c):
	KERNEL32.CreateThread

sub_31422CA5(3cd5):
	KERNEL32.VirtualAlloc

sub_31421D68(4891):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GetCurrentProcess

	"advapi32"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"SeDebugPrivilege"

sub_31421316(48f8):
	MSVCRT.strchr

	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	"abcdefghijklmnopqrstuvwxyz"

sub_314221C4(52a4):
	KERNEL32.CreateFileA
	KERNEL32.ExitThread
	KERNEL32.GetFileSize
	KERNEL32.ReadFile
	KERNEL32.CloseHandle
	WS2_32.socket
	MSVCRT.memset
	MSVCRT.rand
	WS2_32.ntohs
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept

	"Cryptographic	Service"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_314211A0(531a):
	WININET.InternetOpenA
	KERNEL32.GetSystemDirectoryA
	KERNEL32.lstrcatA
	KERNEL32.lstrlenA
	KERNEL32.CreateFileA
	WININET.InternetOpenUrlA
	KERNEL32.CloseHandle
	WININET.InternetReadFile
	KERNEL32.WriteFile

	"Mozilla/4.0 (compatible; MSIE	6.0; Wind"...

sub_314223B2(6c65):
	KERNEL32.CreateEventA
	KERNEL32.LoadLibraryA
	ADVAPI32.AbortSystemShutdownA
	KERNEL32.Sleep

	"u10x"
	"u11x"
	"u12x"
	"u13x"
	"u14x"
	"u15x"
	"u16x"
	"u17x"
	"u18x"
	"u8"
	"u9"
	"u10"
	"u11"
	"u12"
	"u13"
	"u13i"
	"u14"
	"u15"
	"u16"
	"u17"
	"u18"
	"u19"
	"u19x"
	"ws2_32"
	"wininet"
	"msvcrt"
	"advapi32"
	"user32"
	"uterm19"

sub_3142179A(7512):
	ADVAPI32.CryptCreateHash
	ADVAPI32.CryptHashData
	ADVAPI32.CryptVerifySignatureA
	ADVAPI32.CryptDestroyHash

sub_314229E6(7561):
	"Windows	Security Manager"
	"Disk Defragmenter"
	"System Restore Service"
	"Bot Loader"
	"WinUpdate"
	"Windows	Update Service"
	"avserve.exe"
	"avserve2.exeUpdate Service"
	"MS	Config v13"
	"Windows Update"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_31422882(75ba):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_314225C3(7a74):
	MSVCRT.rand
	KERNEL32.InterlockedIncrement
	KERNEL32.Sleep

sub_31421DF0(7e12):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	USER32.FindWindowA
	USER32.GetForegroundWindow
	USER32.GetWindowThreadProcessId
	KERNEL32.OpenProcess
	KERNEL32.WriteProcessMemory
	KERNEL32.CloseHandle

	"kernel32"
	"VirtualAllocEx"
	"CreateRemoteThread"
	"uterm19"

sub_31422038(81da):
	WININET.InternetGetConnectedState

sub_3142239E(82c5):
	KERNEL32.WaitForSingleObject

sub_31422068(85d4):
	MSVCRT.rand

sub_3142292E(87a6):
	KERNEL32.lstrlenA
	KERNEL32.CreateToolhelp32Snapshot
	MSVCRT.memset
	KERNEL32.Process32First
	MSVCRT.strstr
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.Process32Next

sub_31422B67(99c3):
	KERNEL32.GetModuleFileNameA
	MSVCRT.rand
	KERNEL32.lstrlenA
	KERNEL32.lstrcpyA
	KERNEL32.lstrcmpiA

	"Software\\Microsoft\\Wireless"
	"ID"
	"fgnsdrjyrsert"
	"ID"
	"Cryptographic	Service"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"1"
	"Client"
	"Client"

sub_31422712(a67f):
	WS2_32.inet_ntoa
	KERNEL32.lstrcpyA
	USER32.wsprintfA
	KERNEL32.lstrlenA

	"http://%s:%d/x.exe"

sub_31421F29(a71a):
	KERNEL32.CreateMutexA

sub_31422CB9(a71a):
	KERNEL32.VirtualFree

sub_31421801(abb0):
	WS2_32.socket
	WS2_32.inet_ntoa
	KERNEL32.lstrcpynA
	USER32.wsprintfA
	MSVCRT.memcpy
	MSVCRT.strlen
	MSVCRT.memset
	WS2_32.ntohs
	WS2_32.connect
	KERNEL32.Sleep
	WS2_32.send
	WS2_32.recv
	KERNEL32.lstrlenA
	WS2_32.shutdown
	WS2_32.closesocket

sub_314215C7(b40f):
	KERNEL32.GetLocaleInfoA
	USER32.wsprintfA
	WININET.InternetOpenA
	WININET.InternetOpenUrlA
	WININET.InternetReadFile
	WININET.InternetCloseHandle

	"http://%s/index.php?id=%s&scn=%d&inf=%d"...
	"http://%s"
	"Mozilla/4.0 (compatible; MSIE	6.0; Wind"...

sub_31421FF9(b95f):
	WS2_32.gethostname
	WS2_32.WSAGetLastError
	WS2_32.gethostbyname

sub_31421EFB(bc62):
	KERNEL32.GetTickCount
	MSVCRT.srand

sub_31422A9B(bff8):
	KERNEL32.DeleteFileA
	KERNEL32.GetSystemDirectoryA
	MSVCRT.rand
	KERNEL32.lstrcatA
	KERNEL32.CopyFileA
	KERNEL32.lstrlenA
	KERNEL32.CloseHandle
	KERNEL32.WinExec
	KERNEL32.Sleep
	KERNEL32.ExitProcess

	"Cryptographic	Service"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_31421422(df51):
	MSVCRT.strstr
	KERNEL32.lstrlenA
	MSVCRT.strchr

	"zer0"

sub_31421F73(e56c):
	MSVCRT.rand

sub_31422308(e965):
	WS2_32.WSAStartup

sub_3142255F(eaaa):
	MSVCRT.rand
	KERNEL32.Sleep

sub_3142264B(ed82):
	MSVCRT.rand
	KERNEL32.InterlockedIncrement
	KERNEL32.Sleep
	KERNEL32.ExitThread

sub_3142204E(eebf):
	KERNEL32.OpenEventA
	KERNEL32.SetEvent

sub_314216A2(f36a):
	KERNEL32.InterlockedExchange
	MSVCRT.rand
	KERNEL32.Sleep